SUSE-SU-2025:0834-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250834-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0834-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0834-1
Related
Published
2025-03-11T10:55:11Z
Modified
2025-05-02T04:31:07.214889Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2021-22543: Fixed improper handling of VMIO|VMPFNMAP vmas in KVM (bsc#1186482).
  • CVE-2021-47634: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl (bsc#1237758).
  • CVE-2021-47644: media: staging: media: zoran: move videodev alloc (bsc#1237766).
  • CVE-2022-48953: rtc: cmos: fix build on non-ACPI platforms (bsc#1231941).
  • CVE-2022-48975: gpiolib: fix memory leak in gpiochipsetupdev() (bsc#1231885).
  • CVE-2022-49006: tracing: Free buffers when a used dynamic event is removed (bsc#1232163).
  • CVE-2022-49076: RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1237738).
  • CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicy_replace (bsc#1238033).
  • CVE-2022-49089: IB/rdmavt: add lock to call to rvterrorqp to prevent a race condition (bsc#1238041).
  • CVE-2022-49124: x86/mce: Work around an erratum on fast string copy instructions (bsc#1238148).
  • CVE-2022-49134: mlxsw: spectrum: Guard against invalid local ports (bsc#1237982).
  • CVE-2022-49135: drm/amd/display: Fix memory leak (bsc#1238006).
  • CVE-2022-49151: can: mcba_usb: properly check endpoint type (bsc#1237778).
  • CVE-2022-49178: memstick/mspro_block: fix handling of read-only devices (bsc#1238107).
  • CVE-2022-49182: net: hns3: add vlan list lock to protect vlan list (bsc#1238260).
  • CVE-2022-49201: ibmvnic: fix race between xmit and reset (bsc#1238256).
  • CVE-2022-49247: media: stk1160: If start stream fails, return buffers with VB2BUFSTATE_QUEUED (bsc#1237783).
  • CVE-2022-49490: drm/msm/mdp5: Return error code in mdp5piperelease when deadlock is (bsc#1238275).
  • CVE-2022-49626: sfc: fix use after free when disabling sriov (bsc#1238270).
  • CVE-2022-49661: can: gsusb: gsusb_open/close(): fix memory leak (bsc#1237788).
  • CVE-2023-52572: Fixed UAF in cifsdemultiplexthread() in cifs (bsc#1220946).
  • CVE-2023-52853: hid: cp2112: Fix duplicate workqueue initialization (bsc#1224988).
  • CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
  • CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
  • CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
  • CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
  • CVE-2024-49963: mailbox: bcm2835: Fix timeout during suspend mode (bsc#1232147).
  • CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
  • CVE-2024-50036: net: do not delay dstentriesadd() in dst_release() (bsc#1231912).
  • CVE-2024-50067: uprobe: avoid out-of-bounds memory access of fetching args (bsc#1232416).
  • CVE-2024-50251: netfilter: nftpayload: sanitize offset and length before calling skbchecksum() (bsc#1233248).
  • CVE-2024-50304: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnel_find() (bsc#1233522).
  • CVE-2024-53217: nfsd: restore callback functionality for NFSv4.0 (bsc#1234999).
  • CVE-2024-56633: bpf, sockmap: Fix repeated calls to sockput() when msg has moredata (bsc#1235485).
  • CVE-2024-56647: net: Fix icmp host relookup triggering iprtbug (bsc#1235435).
  • CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
  • CVE-2024-56688: sunrpc: clear XPRTSOCKUPD_TIMEOUT when reset transport (bsc#1235538).
  • CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
  • CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
  • CVE-2025-21640: sctp: sysctl: cookiehmacalg: avoid using current->nsproxy (bsc#1236123).
  • CVE-2025-21673: smb: client: fix double free of TCPServerInfo::hostname (bsc#1236689).
  • CVE-2025-21689: USB: serial: quatech2: fix null-ptr-deref in qt2processread_urb() (bsc#1237017).
  • CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
  • CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
  • CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).

The following non-security bugs were fixed:

  • bpf: fix mixed signed/unsigned derived min/max value bounds (bsc#1050081).
  • btrfs: add a flag to iterateinodesfrom_logical to find all
  • btrfs: add a flag to iterateinodesfrom_logical to find all extent refs for uncompressed extents (bsc#1174206).
  • cifs: Fix use after free of a midqentry (bsc#1112903).
  • cifs: check for STATUSUSERSESSION_DELETED (bsc#1112902).
  • cifs: fix memory leak in SMB2_open() (bsc#1112894).
  • crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510).
  • drm/amd/powerplay: Fix missing break in switch (bsc#1120902)
  • drm/i915: Remove stale asserts from i915gemfindactiverequest() (bsc#1051510).
  • drm/i915: Restore planes after load detection (bsc#1051510).
  • drm/i915: always return something on DDI clock selection (bsc#1120902)
  • drm/msm/mdp5: Fix global state lock backoff (bsc#1238275)
  • fix SCTP regression (bsc#1158082)
  • fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358).
  • iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510).
  • kABI: Add cleartrace to tracearray (bsc#1232163).
  • kABI: Preserve TRACEEVENTFL values (bsc#1232163).
  • mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669).
  • mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669).
  • net: mana: Add getlink and getlink_ksettings in ethtool (bsc#1236761).
  • net: netvsc: Update default VMBus channels (bsc#1236757).
  • powerpc/64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
  • powerpc/papr_scm: Fix DIMM device registration race (FATE#326628, bsc#1113295, git-fixes).
  • powerpc/papr_scm: Fix DIMM device registration race (bsc#1113295, git-fixes).
  • powerpc/papr_scm: Fix resource end address (FATE#326628, bsc#1113295, git-fixes).
  • powerpc/papr_scm: Fix resource end address (bsc#1113295, git-fixes).
  • powerpc/papr_scm: Remove endian conversions (FATE#326628, bsc#1113295, git-fixes).
  • powerpc/papr_scm: Remove endian conversions (bsc#1113295, git-fixes).
  • powerpc/papr_scm: Update DT properties (FATE#326628, bsc#1113295, git-fixes).
  • powerpc/papr_scm: Update DT properties (bsc#1113295, git-fixes).
  • powerpc/papr_scm: Use depend instead of select (FATE#326628, bsc#1113295, git-fixes).
  • powerpc/papr_scm: Use depend instead of select (bsc#1113295, git-fixes).
  • powerpc/papr_scm: Use ibm,unit-guid as the iset cookie (FATE#326628, bsc#1113295, git-fixes).
  • powerpc/papr_scm: Use ibm,unit-guid as the iset cookie (bsc#1113295, git-fixes).
  • powerpc/pseries: Fix use after free in removephbdynamic() (bsc#1065729).
  • powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
  • rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
  • rpm/kernel-source.spec.in: Add subpackage-names.conf as source.
  • s390/cpum_cf: rename IBM z13/z14 counter names (FATE#326341, LTC#169491, bsc#1100823).
  • s390/cpum_cf: rename IBM z13/z14 counter names (LTC#169491, bsc#1100823).
  • s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165).
  • sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669).
  • sched/numa: Pass destination CPU as a parameter to migratetaskrq (bnc#1101669).
  • sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669).
  • sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669).
  • scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
  • scsi: libfc: check fcframepayload_get() return value for null (bsc#1104731).
  • scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
  • scsi: storvsc: Add validation for untrusted Hyper-V values (git-fixes).
  • scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
  • scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
  • scsi: storvsc: Fix spelling mistake (git-fixes).
  • scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
  • scsi: storvsc: Log TESTUNITREADY errors as warnings (git-fixes).
  • scsi: storvsc: Miscellaneous code cleanups (git-fixes).
  • scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
  • scsi: storvsc: Update error logging (git-fixes).
  • scsi: storvsc: Use scsicmdtorq() instead of scsicmnd.request (git-fixes).
  • smb2: fix missing files in root share directory listing (bsc#1112907).
  • smb3: fill in statfs fsid and correct namelen (bsc#1112905).
  • smb3: fix reset of bytes read and written stats (bsc#1112906).
  • smb3: on reconnect set PreviousSessionId field (bsc#1112899).
  • tracing: Only have rmmod clear buffers that its events were active in (bsc#1232163).
  • ubi: fastmap: Cancel work upon detach (bsc#1051510).
References

Affected packages

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.250.1",
            "kernel-default-kgraft-devel": "4.12.14-122.250.1",
            "kgraft-patch-4_12_14-122_250-default": "1-8.3.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_66

Package

Name
kgraft-patch-SLE12-SP5_Update_66
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_66&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-8.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.250.1",
            "kernel-default-kgraft-devel": "4.12.14-122.250.1",
            "kgraft-patch-4_12_14-122_250-default": "1-8.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.250.1",
            "kernel-devel": "4.12.14-122.250.1",
            "kernel-default-base": "4.12.14-122.250.1",
            "kernel-macros": "4.12.14-122.250.1",
            "kernel-default-man": "4.12.14-122.250.1",
            "kernel-source": "4.12.14-122.250.1",
            "cluster-md-kmp-default": "4.12.14-122.250.1",
            "kernel-default": "4.12.14-122.250.1",
            "gfs2-kmp-default": "4.12.14-122.250.1",
            "kernel-syms": "4.12.14-122.250.1",
            "kernel-default-devel": "4.12.14-122.250.1",
            "ocfs2-kmp-default": "4.12.14-122.250.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.250.1",
            "kernel-devel": "4.12.14-122.250.1",
            "kernel-default-base": "4.12.14-122.250.1",
            "kernel-macros": "4.12.14-122.250.1",
            "kernel-default-man": "4.12.14-122.250.1",
            "kernel-source": "4.12.14-122.250.1",
            "cluster-md-kmp-default": "4.12.14-122.250.1",
            "kernel-default": "4.12.14-122.250.1",
            "gfs2-kmp-default": "4.12.14-122.250.1",
            "kernel-syms": "4.12.14-122.250.1",
            "kernel-default-devel": "4.12.14-122.250.1",
            "ocfs2-kmp-default": "4.12.14-122.250.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.250.1",
            "kernel-devel": "4.12.14-122.250.1",
            "kernel-default-base": "4.12.14-122.250.1",
            "kernel-macros": "4.12.14-122.250.1",
            "kernel-default-man": "4.12.14-122.250.1",
            "kernel-source": "4.12.14-122.250.1",
            "cluster-md-kmp-default": "4.12.14-122.250.1",
            "kernel-default": "4.12.14-122.250.1",
            "gfs2-kmp-default": "4.12.14-122.250.1",
            "kernel-syms": "4.12.14-122.250.1",
            "kernel-default-devel": "4.12.14-122.250.1",
            "ocfs2-kmp-default": "4.12.14-122.250.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.250.1",
            "kernel-devel": "4.12.14-122.250.1",
            "kernel-default-base": "4.12.14-122.250.1",
            "kernel-macros": "4.12.14-122.250.1",
            "kernel-source": "4.12.14-122.250.1",
            "cluster-md-kmp-default": "4.12.14-122.250.1",
            "kernel-default": "4.12.14-122.250.1",
            "gfs2-kmp-default": "4.12.14-122.250.1",
            "kernel-syms": "4.12.14-122.250.1",
            "kernel-default-devel": "4.12.14-122.250.1",
            "ocfs2-kmp-default": "4.12.14-122.250.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.250.1",
            "kernel-devel": "4.12.14-122.250.1",
            "kernel-default-base": "4.12.14-122.250.1",
            "kernel-macros": "4.12.14-122.250.1",
            "kernel-source": "4.12.14-122.250.1",
            "cluster-md-kmp-default": "4.12.14-122.250.1",
            "kernel-default": "4.12.14-122.250.1",
            "gfs2-kmp-default": "4.12.14-122.250.1",
            "kernel-syms": "4.12.14-122.250.1",
            "kernel-default-devel": "4.12.14-122.250.1",
            "ocfs2-kmp-default": "4.12.14-122.250.1"
        }
    ]
}

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-122.250.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.250.1",
            "kernel-devel": "4.12.14-122.250.1",
            "kernel-default-base": "4.12.14-122.250.1",
            "kernel-macros": "4.12.14-122.250.1",
            "kernel-source": "4.12.14-122.250.1",
            "cluster-md-kmp-default": "4.12.14-122.250.1",
            "kernel-default": "4.12.14-122.250.1",
            "gfs2-kmp-default": "4.12.14-122.250.1",
            "kernel-syms": "4.12.14-122.250.1",
            "kernel-default-devel": "4.12.14-122.250.1",
            "ocfs2-kmp-default": "4.12.14-122.250.1"
        }
    ]
}