SUSE-SU-2025:03204-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202503204-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:03204-1
Upstream
Related
Published
2025-09-12T13:40:30Z
Modified
2026-03-23T04:50:28.847413Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-49967: bpf: Fix a data-race around bpfjitlimit (bsc#1244964).
  • CVE-2022-49975: bpf: Don't redirect packets with invalid pkt_len (bsc#1245196).
  • CVE-2022-49980: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (bsc#1245110).
  • CVE-2022-49981: HID: hidraw: fix memory leak in hidraw_release() (bsc#1245072).
  • CVE-2022-50007: xfrm: fix refcount leak in __xfrmpolicycheck() (bsc#1245016).
  • CVE-2022-50066: net: atlantic: fix aq_vec index out of range error (bsc#1244985).
  • CVE-2022-50080: tee: add overflow check in registershmhelper() (bsc#1244972).
  • CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
  • CVE-2022-50127: RDMA/rxe: Fix error unwind in rxecreateqp() (bsc#1244815).
  • CVE-2022-50138: RDMA/qedr: Fix potential memory leak in __qedrallocmr() (bsc#1244797).
  • CVE-2022-50141: mmc: sdhci-of-esdhc: Fix refcount leak in esdhcsignalvoltage_switch (bsc#1244794).
  • CVE-2022-50162: wifi: libertas: Fix possible refcount leak in ifusbprobe() (bsc#1244773).
  • CVE-2022-50185: drm/radeon: fix potential buffer overflow in nisetmcspecialregisters() (bsc#1244887).
  • CVE-2022-50191: regulator: of: Fix refcount leak bug in ofgetregulation_constraints() (bsc#1244899).
  • CVE-2022-50228: KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (bsc#1244854).
  • CVE-2022-50229: ALSA: bcd2000: Fix a UAF bug on the error path of probing (bsc#1244856).
  • CVE-2023-52813: crypto: pcrypt - Fix hungtask for PADATA_RESET (bsc#1225527).
  • CVE-2023-53020: l2tp: close all race conditions in l2tptunnelregister() (bsc#1240224).
  • CVE-2024-28956: x86/its: Enable Indirect Target Selection mitigation (bsc#1242006).
  • CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292).
  • CVE-2025-23141: KVM: x86: Acquire SRCU in KVMGETMP_STATE to protect guest memory accesses (bsc#1242782).
  • CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
  • CVE-2025-38102: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify (bsc#1245669).
  • CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
  • CVE-2025-38117: Bluetooth: MGMT: protect mgmt_pending list with its own lock (bsc#1245695).
  • CVE-2025-38122: gve: add missing NULL check for gveallocpending_packet() in TX DQO (bsc#1245746).
  • CVE-2025-38153: net: usb: aqc111: fix error handling of usbnet read calls (bsc#1245744).
  • CVE-2025-38173: crypto: marvell/cesa - Handle zero-length skcipher requests (bsc#1245769).
  • CVE-2025-38174: thunderbolt: Do not double dequeue a configuration request (bsc#1245781).
  • CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
  • CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcpcsend() (bsc#1246012).
  • CVE-2025-38190: atm: Revert atmaccounttx() if copyfromiter_full() fails (bsc#1245973).
  • CVE-2025-38214: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodeto_var (bsc#1246042).
  • CVE-2025-38245: atm: Release atmdevmutex after removing procfs in atmdevderegister() (bsc#1246193).
  • CVE-2025-38263: bcache: fix NULL pointer in cachesetflush() (bsc#1246248).
  • CVE-2025-38313: bus: fsl-mc: fix double-free on mc_dev (bsc#1246342).
  • CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers() and posixcputimerdel() (bsc#1246911).
  • CVE-2025-38386: ACPICA: Refuse to evaluate a method if arguments are missing (bsc#1247138).
  • CVE-2025-38424: perf: Fix sample vs do_exit() (bsc#1246547 bsc#1247293).
  • CVE-2025-38430: nfsd: nfsd4spomust_allow() must check this is a v4 compound request (bsc#1247160).
  • CVE-2025-38449: drm/gem: Acquire references on GEM handles for framebuffers (bsc#1247255).
  • CVE-2025-38457: net/sched: Abort __tcmodifyqdisc if parent class does not exist (bsc#1247098).
  • CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
  • CVE-2025-38464: tipc: Fix use-after-free in tipcconnclose() (bsc#1247112).
  • CVE-2025-38465: netlink: Fix wraparounds of sk->skrmemalloc (bsc#1247118).
  • CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
  • CVE-2025-38473: Bluetooth: Fix null-ptr-deref in l2capsockresume_cb() (bsc#1247289).
  • CVE-2025-38474: usb: net: sierra: check for no status endpoint (bsc#1247311).
  • CVE-2025-38498: dochangetype(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
  • CVE-2025-38499: cloneprivatemnt(): make sure that caller has CAPSYSADMIN in the right userns (bsc#1247976).
  • CVE-2025-38512: wifi: prevent A-MSDU attacks in mesh networks (bsc#1248178).
  • CVE-2025-38513: wifi: zd1211rw: Fix potential NULL pointer dereference in zdmactxtodev() (bsc#1248179).
  • CVE-2025-38515: drm/sched: Increment job count before swapping tail spsc queue (bsc#1248212).
  • CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
  • CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
  • CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
  • CVE-2025-38617: net/packet: fix a race in packetsetring() and packet_notifier() (bsc#1248621).
  • CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY (bsc#1248511).
  • CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).

The following non-security bugs were fixed:

  • Disable N_GSM (jsc#PED-8240).
  • Fix crash caused by backport of 'ext4: fix race when reusing xattr blocks' (bsc#1247929).
  • HID: hidraw: fix a problem of memory leak in hidraw_release() (bsc#1245072).
  • crypto: pcrypt - Call crypto layer directly when padatadoparallel() return -EBUSY (bsc#1225527).
  • drm/framebuffer: Acquire internal references on GEM handles (bsc#1247255).
  • drm/framebuffer: Fix the locking in drmgemfb_destroy() (bsc#1248130).
  • linkage: Introduce new macros for assembler symbols (git-fixes).
  • net: usb: aqc111: debug info before sanitation (bsc#1245744).
  • x86/alternative: Merge include files (git-fixes).
  • x86/alternatives: Add an ALTERNATIVE_3() macro (git-fixes).
  • x86/alternatives: Add macro comments (git-fixes).
  • x86/alternatives: Print containing function (git-fixes).
  • x86/asm: Provide ALTERNATIVE_3 (git-fixes).
  • x86: Simplify retpoline declaration (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Live Patching 12 SP5
kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-kgraft-devel": "4.12.14-122.272.1",
            "kgraft-patch-4_12_14-122_272-default": "1-8.3.1",
            "kernel-default-kgraft": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
kgraft-patch-SLE12-SP5_Update_72

Package

Name
kgraft-patch-SLE12-SP5_Update_72
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_72&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-default-kgraft-devel": "4.12.14-122.272.1",
            "kgraft-patch-4_12_14-122_272-default": "1-8.3.1",
            "kernel-default-kgraft": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
SUSE:Linux Enterprise Server 12 SP5-LTSS
kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.272.1",
            "ocfs2-kmp-default": "4.12.14-122.272.1",
            "cluster-md-kmp-default": "4.12.14-122.272.1",
            "gfs2-kmp-default": "4.12.14-122.272.1",
            "kernel-source": "4.12.14-122.272.1",
            "kernel-default": "4.12.14-122.272.1",
            "kernel-default-devel": "4.12.14-122.272.1",
            "kernel-default-man": "4.12.14-122.272.1",
            "kernel-devel": "4.12.14-122.272.1",
            "kernel-syms": "4.12.14-122.272.1",
            "kernel-default-base": "4.12.14-122.272.1",
            "kernel-macros": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.272.1",
            "ocfs2-kmp-default": "4.12.14-122.272.1",
            "cluster-md-kmp-default": "4.12.14-122.272.1",
            "gfs2-kmp-default": "4.12.14-122.272.1",
            "kernel-source": "4.12.14-122.272.1",
            "kernel-default": "4.12.14-122.272.1",
            "kernel-default-devel": "4.12.14-122.272.1",
            "kernel-default-man": "4.12.14-122.272.1",
            "kernel-devel": "4.12.14-122.272.1",
            "kernel-syms": "4.12.14-122.272.1",
            "kernel-default-base": "4.12.14-122.272.1",
            "kernel-macros": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.272.1",
            "ocfs2-kmp-default": "4.12.14-122.272.1",
            "cluster-md-kmp-default": "4.12.14-122.272.1",
            "gfs2-kmp-default": "4.12.14-122.272.1",
            "kernel-source": "4.12.14-122.272.1",
            "kernel-default": "4.12.14-122.272.1",
            "kernel-default-devel": "4.12.14-122.272.1",
            "kernel-default-man": "4.12.14-122.272.1",
            "kernel-devel": "4.12.14-122.272.1",
            "kernel-syms": "4.12.14-122.272.1",
            "kernel-default-base": "4.12.14-122.272.1",
            "kernel-macros": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5
kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.272.1",
            "ocfs2-kmp-default": "4.12.14-122.272.1",
            "cluster-md-kmp-default": "4.12.14-122.272.1",
            "gfs2-kmp-default": "4.12.14-122.272.1",
            "kernel-source": "4.12.14-122.272.1",
            "kernel-default": "4.12.14-122.272.1",
            "kernel-default-devel": "4.12.14-122.272.1",
            "kernel-devel": "4.12.14-122.272.1",
            "kernel-syms": "4.12.14-122.272.1",
            "kernel-default-base": "4.12.14-122.272.1",
            "kernel-macros": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.272.1",
            "ocfs2-kmp-default": "4.12.14-122.272.1",
            "cluster-md-kmp-default": "4.12.14-122.272.1",
            "gfs2-kmp-default": "4.12.14-122.272.1",
            "kernel-source": "4.12.14-122.272.1",
            "kernel-default": "4.12.14-122.272.1",
            "kernel-default-devel": "4.12.14-122.272.1",
            "kernel-devel": "4.12.14-122.272.1",
            "kernel-syms": "4.12.14-122.272.1",
            "kernel-default-base": "4.12.14-122.272.1",
            "kernel-macros": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"
kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.272.1

Ecosystem specific 

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.272.1",
            "ocfs2-kmp-default": "4.12.14-122.272.1",
            "cluster-md-kmp-default": "4.12.14-122.272.1",
            "gfs2-kmp-default": "4.12.14-122.272.1",
            "kernel-source": "4.12.14-122.272.1",
            "kernel-default": "4.12.14-122.272.1",
            "kernel-default-devel": "4.12.14-122.272.1",
            "kernel-devel": "4.12.14-122.272.1",
            "kernel-syms": "4.12.14-122.272.1",
            "kernel-default-base": "4.12.14-122.272.1",
            "kernel-macros": "4.12.14-122.272.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03204-1.json"