SUSE-SU-2025:03650-1

CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
CVE-2025-38499: cloneprivatemnt(): make sure that caller has CAPSYSADMIN in the right userns (bsc#1248673).
CVE-2025-38396: fs: export anoninodemakesecureinode() and fix secretmem LSM bypass (bsc#1247158).
CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).

References

Affected packages

Name: kernel-livepatch-SLE15-SP6-RT_Update_10
Purl: pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8-150600.2.1

{
    "binaries": [
        {
            "kernel-livepatch-6_4_0-150600_10_34-rt": "8-150600.2.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03650-1.json"

Name: kernel-livepatch-SLE15-SP7-RT_Update_0
Purl: pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6-150700.3.1

{
    "binaries": [
        {
            "kernel-livepatch-6_4_0-150700_5-rt": "6-150700.3.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03650-1.json"