SUSE-SU-2025:02846-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202502846-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02846-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:02846-1
Upstream
Related
Published
2025-08-18T15:47:45Z
Modified
2025-08-19T15:00:57.778682Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2021-46984: Fixed an out of bounds access in kyberbiomerge() in kyber (bsc#1220631).
  • CVE-2021-46987: btrfs: fix deadlock when cloning inline extents and using qgroups (bsc#1220704).
  • CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference (bsc#1205711).
  • CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt (bsc#1238160).
  • CVE-2022-49319: iommu/arm-smmu-v3: check return value after calling platformgetresource() (bsc#1238374).
  • CVE-2022-49323: iommu/arm-smmu: fix possible null-ptr-deref in armsmmudevice_probe() (bsc#1238400).
  • CVE-2022-49768: 9p/fd: fix issue of listdel corruption in p9fd_cancel() (bsc#1242446).
  • CVE-2022-49825: ata: libata-transport: fix error handling in atatportadd() (bsc#1242548).
  • CVE-2022-49934: wifi: mac80211: Fix UAF in ieee80211scanrx() (bsc#1245051).
  • CVE-2022-49948: vt: Clear selection before changing the font (bsc#1245058).
  • CVE-2022-49969: drm/amd/display: clear optc underflow before turn off odm clock (bsc#1245060).
  • CVE-2022-49993: loop: Check for overflow while configuring loop (bsc#1245121).
  • CVE-2022-50025: cxl: Fix a memory leak in an error handling path (bsc#1245132).
  • CVE-2022-50027: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1245073).
  • CVE-2022-50030: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1245265).
  • CVE-2022-50033: usb: host: ohci-ppc-of: Fix refcount leak bug (bsc#1245139).
  • CVE-2022-50103: sched, cpuset: Fix dlcpubusy() panic due to empty cs->cpus_allowed (bsc#1244840).
  • CVE-2022-50149: driver core: fix potential deadlock in _driverattach (bsc#1244883).
  • CVE-2022-50226: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (bsc#1244860).
  • CVE-2023-2176: Fixed an out-of-boundary read in comparenetdevand_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
  • CVE-2023-52878: can: dev: canputechoskb(): do not crash kernel if canpriv::echo_skb is accessed out of bounds (bsc#1225000).
  • CVE-2023-53020: l2tp: close all race conditions in l2tptunnelregister() (bsc#1240224).
  • CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
  • CVE-2023-53118: scsi: core: Fix a procfs host directory removal regression (bsc#1242365).
  • CVE-2024-26974: crypto: qat - resolve race condition during AER recovery (bsc#1223638).
  • CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
  • CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
  • CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
  • CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).
  • CVE-2025-21731: nbd: do not allow reconnect after disconnect (bsc#1237881).
  • CVE-2025-21928: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove() (bsc#1240722).
  • CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
  • CVE-2025-37856: btrfs: harden blockgroup::bglist against list_del() races (bsc#1243068).
  • CVE-2025-37885: KVM: x86: Reset IRTE to host control if new route isn't postable (bsc#1242960).
  • CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
  • CVE-2025-38034: btrfs: correct the order of prelimref arguments in btrfsprelimref (bsc#1244792).
  • CVE-2025-38035: nvmet-tcp: do not restore null skstatechange (bsc#1244801).
  • CVE-2025-38040: serial: mctrlgpio: split disablems into sync and no_sync APIs (bsc#1245078).
  • CVE-2025-38051: smb: client: Fix use-after-free in cifsfilldirent (bsc#1244750).
  • CVE-2025-38058: _legitimizemnt(): check for MNTSYNCUMOUNT should be under mount_lock (bsc#1245151).
  • CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
  • CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
  • CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
  • CVE-2025-38079: crypto: algifhash - fix double free in hashaccept (bsc#1245217).
  • CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macbhalttx (bsc#1245649).
  • CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
  • CVE-2025-38108: netsched: red: fix a race in _red_change() (bsc#1245675).
  • CVE-2025-38112: net: Fix TOCTOU issue in skisreadable() (bsc#1245668).
  • CVE-2025-38115: netsched: schsfq: fix a potential crash on gso_skb handling (bsc#1245689).
  • CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
  • CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
  • CVE-2025-38157: wifi: ath9k_htc: Abort software beacon handling if disabled (bsc#1245747).
  • CVE-2025-38161: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (bsc#1245777).
  • CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
  • CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
  • CVE-2025-38181: calipso: Fix null-ptr-deref in calipsoreq{set,del}attr() (bsc#1246000).
  • CVE-2025-38193: netsched: schsfq: reject invalid perturb period (bsc#1245945).
  • CVE-2025-38198: fbcon: Make sure modelist not set on unregistered console (bsc#1245952).
  • CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40eclearhw (bsc#1246045).
  • CVE-2025-38211: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (bsc#1246008).
  • CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
  • CVE-2025-38213: vgacon: Add check for vcorigin address range in vgaconscroll() (bsc#1246037).
  • CVE-2025-38222: ext4: inline: fix len overflow in ext4prepareinline_data (bsc#1245976).
  • CVE-2025-38249: ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3() (bsc#1246171).
  • CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
  • CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
  • CVE-2025-38312: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod() (bsc#1246386).
  • CVE-2025-38319: drm/amd/pp: Fix potential NULL pointer dereference in atomctrlinitializemcregtable (bsc#1246243).
  • CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
  • CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2journaldirty_metadata() (bsc#1246253).
  • CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
  • CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
  • CVE-2025-38391: usb: typec: altmodes/displayport: do not index invalid pin_assignments (bsc#1247181).
  • CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
  • CVE-2025-38415: Squashfs: check return result of sbminblocksize (bsc#1247147).
  • CVE-2025-38420: wifi: carl9170: do not ping device which has failed to load firmware (bsc#1247279).
  • CVE-2025-38468: net/sched: Return NULL when htblookupleaf encounters an empty rbtree (bsc#1247437).
  • CVE-2025-38477: net/sched: schqfq: Avoid triggering mightsleep in atomic context in qfqdeleteclass (bsc#1247314).
  • CVE-2025-38494: HID: core: do not bypass hidhwraw_request (bsc#1247349).
  • CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).

The following non-security bugs were fixed:

  • RDMA/core: Always release restrack object (git-fixes)
  • bdi: Fix up kabi for dev_name addition (bsc#1171844).
  • bdi: add a ->devname field to struct backingdev_info (bsc#1171844).
  • l2tp: Do not sleep and disable BH under writer-side skcallbacklock (git-fixes).
  • l2tp: fix a sock refcnt leak in l2tptunnelregister (git-fixes).
  • scsi: core: Fix a source code comment (git-fixes).
  • scsi: core: Fix unremoved procfs host directory regression (git-fixes).
  • scsi: drivers: base: Propagate errors through the transport component (bsc#1242548)
  • scsi: drivers: base: Support atomic version of attributecontainerdevice_trigger (bsc#1242548)
  • virtgpu: do not reset on shutdown (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-kgraft-devel": "4.12.14-122.269.1",
            "kernel-default-kgraft": "4.12.14-122.269.1",
            "kgraft-patch-4_12_14-122_269-default": "1-8.3.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_71

Package

Name
kgraft-patch-SLE12-SP5_Update_71
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_71&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-kgraft-devel": "4.12.14-122.269.1",
            "kernel-default-kgraft": "4.12.14-122.269.1",
            "kgraft-patch-4_12_14-122_269-default": "1-8.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-man": "4.12.14-122.269.1",
            "gfs2-kmp-default": "4.12.14-122.269.1",
            "kernel-default-base": "4.12.14-122.269.1",
            "kernel-macros": "4.12.14-122.269.1",
            "kernel-source": "4.12.14-122.269.1",
            "kernel-default": "4.12.14-122.269.1",
            "cluster-md-kmp-default": "4.12.14-122.269.1",
            "dlm-kmp-default": "4.12.14-122.269.1",
            "kernel-devel": "4.12.14-122.269.1",
            "kernel-syms": "4.12.14-122.269.1",
            "kernel-default-devel": "4.12.14-122.269.1",
            "ocfs2-kmp-default": "4.12.14-122.269.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-man": "4.12.14-122.269.1",
            "gfs2-kmp-default": "4.12.14-122.269.1",
            "kernel-default-base": "4.12.14-122.269.1",
            "kernel-macros": "4.12.14-122.269.1",
            "kernel-source": "4.12.14-122.269.1",
            "kernel-default": "4.12.14-122.269.1",
            "cluster-md-kmp-default": "4.12.14-122.269.1",
            "dlm-kmp-default": "4.12.14-122.269.1",
            "kernel-devel": "4.12.14-122.269.1",
            "kernel-syms": "4.12.14-122.269.1",
            "kernel-default-devel": "4.12.14-122.269.1",
            "ocfs2-kmp-default": "4.12.14-122.269.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-man": "4.12.14-122.269.1",
            "gfs2-kmp-default": "4.12.14-122.269.1",
            "kernel-default-base": "4.12.14-122.269.1",
            "kernel-macros": "4.12.14-122.269.1",
            "kernel-source": "4.12.14-122.269.1",
            "kernel-default": "4.12.14-122.269.1",
            "cluster-md-kmp-default": "4.12.14-122.269.1",
            "dlm-kmp-default": "4.12.14-122.269.1",
            "kernel-devel": "4.12.14-122.269.1",
            "kernel-syms": "4.12.14-122.269.1",
            "kernel-default-devel": "4.12.14-122.269.1",
            "ocfs2-kmp-default": "4.12.14-122.269.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "gfs2-kmp-default": "4.12.14-122.269.1",
            "kernel-default-base": "4.12.14-122.269.1",
            "kernel-macros": "4.12.14-122.269.1",
            "kernel-source": "4.12.14-122.269.1",
            "kernel-default": "4.12.14-122.269.1",
            "cluster-md-kmp-default": "4.12.14-122.269.1",
            "dlm-kmp-default": "4.12.14-122.269.1",
            "kernel-devel": "4.12.14-122.269.1",
            "kernel-syms": "4.12.14-122.269.1",
            "kernel-default-devel": "4.12.14-122.269.1",
            "ocfs2-kmp-default": "4.12.14-122.269.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "gfs2-kmp-default": "4.12.14-122.269.1",
            "kernel-default-base": "4.12.14-122.269.1",
            "kernel-macros": "4.12.14-122.269.1",
            "kernel-source": "4.12.14-122.269.1",
            "kernel-default": "4.12.14-122.269.1",
            "cluster-md-kmp-default": "4.12.14-122.269.1",
            "dlm-kmp-default": "4.12.14-122.269.1",
            "kernel-devel": "4.12.14-122.269.1",
            "kernel-syms": "4.12.14-122.269.1",
            "kernel-default-devel": "4.12.14-122.269.1",
            "ocfs2-kmp-default": "4.12.14-122.269.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.269.1

Ecosystem specific 

{
    "binaries": [
        {
            "gfs2-kmp-default": "4.12.14-122.269.1",
            "kernel-default-base": "4.12.14-122.269.1",
            "kernel-macros": "4.12.14-122.269.1",
            "kernel-source": "4.12.14-122.269.1",
            "kernel-default": "4.12.14-122.269.1",
            "cluster-md-kmp-default": "4.12.14-122.269.1",
            "dlm-kmp-default": "4.12.14-122.269.1",
            "kernel-devel": "4.12.14-122.269.1",
            "kernel-syms": "4.12.14-122.269.1",
            "kernel-default-devel": "4.12.14-122.269.1",
            "ocfs2-kmp-default": "4.12.14-122.269.1"
        }
    ]
}