SUSE-SU-2025:0853-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250853-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0853-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0853-1
Related
Published
2025-03-13T10:40:02Z
Modified
2025-05-02T04:34:06.515617Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicy_replace (bsc#1238033).
  • CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
  • CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hnsrocemapmrsg() (bsc#1236576)
  • CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
  • CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
  • CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
  • CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
  • CVE-2025-21699: gfs2: Truncate address space when flipping GFS2DIFJDATA flag (bsc#1237139).

The following non-security bugs were fixed:

  • NFSD: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472).
  • cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777).
  • iavf: fix the waiting time for initial reset (bsc#1235111).
  • ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111).
  • ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111).
  • ice: fold iceptpreadtime into iceptp_gettimex64 (bsc#1235111).
  • idpf: call setrealnumqueues in idpfopen (bsc#1236661 bsc#1237316).
  • ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
  • kabi: hide adding RCU head into struct netdevnamenode (bsc#1233749).
  • net: Fix undefined behavior in netdev name allocation (bsc#1233749).
  • net: avoid UAF on deleted altname (bsc#1233749).
  • net: check for altname conflicts when changing netdev's netns (bsc#1233749).
  • net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
  • net: do not send a MOVE event when netdev changes netns (bsc#1233749).
  • net: do not use input buffer of _devalloc_name() as a scratch space (bsc#1233749).
  • net: fix ifname in netlink ntf during netns move (bsc#1233749).
  • net: fix removing a namespace with conflicting altnames (bsc#1233749).
  • net: free altname using an RCU callback (bsc#1233749).
  • net: introduce a function to check if a netdev name is in use (bsc#1233749).
  • net: make devallocname() call devprepvalid_name() (bsc#1233749).
  • net: mana: Add getlink and getlink_ksettings in ethtool (bsc#1236761).
  • net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
  • net: mana: Enable debugfs files for MANA device (bsc#1236758).
  • net: minor _devalloc_name() optimization (bsc#1233749).
  • net: move altnames together with the netdevice (bsc#1233749).
  • net: netvsc: Update default VMBus channels (bsc#1236757).
  • net: reduce indentation of _devalloc_name() (bsc#1233749).
  • net: remove devvalidname() check from _devalloc_name() (bsc#1233749).
  • net: remove else after return in devprepvalid_name() (bsc#1233749).
  • net: trust the bitmap in _devalloc_name() (bsc#1233749).
  • rcu: Remove rcuisidle_cpu() (bsc#1236289).
  • scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
  • x86/aperfmperf: Dont wake idle CPUs in archfreqgetoncpu() (bsc#1236289).
  • x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289).
  • x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289).
  • x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289).
  • x86/aperfmperf: Replace aperfmperfgetkhz() (bsc#1236289).
  • x86/aperfmperf: Replace archfreqgetoncpu() (bsc#1236289).
  • x86/aperfmperf: Restructure archscalefreq_tick() (bsc#1236289).
  • x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289).
  • x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289).
  • x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289).
  • x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289).
  • x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
  • x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289).
  • x86/xen: add FRAMEEND to xenhypercall_hvm() (git-fixes).
  • x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951).
  • x86/xen: fix xenhypercallhvm() to not clobber %rbx (git-fixes).
  • xen/swiotlb: relax alignment requirements (bsc#1236951).
References

Affected packages

SUSE:Linux Enterprise Micro 5.5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.88.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.14.21-150500.13.88.1",
            "kernel-rt": "5.14.21-150500.13.88.1",
            "kernel-source-rt": "5.14.21-150500.13.88.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.88.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.14.21-150500.13.88.1",
            "kernel-rt": "5.14.21-150500.13.88.1",
            "kernel-source-rt": "5.14.21-150500.13.88.1"
        }
    ]
}