SUSE-SU-2025:0945-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250945-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0945-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0945-1
Related
Published
2025-03-19T12:13:45Z
Modified
2025-05-02T04:34:06.575979Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicy_replace (bsc#1238033).
  • CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
  • CVE-2024-50128: net: wwan: fix global oob in wwanrtnlpolicy (bsc#1232905).
  • CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
  • CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
  • CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
  • CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
  • CVE-2025-21699: gfs2: Truncate address space when flipping GFS2DIFJDATA flag (bsc#1237139).

The following non-security bugs were fixed:

  • idpf: call setrealnumqueues in idpfopen (bsc#1236661 bsc#1237316).
  • ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
  • net: mana: Add getlink and getlink_ksettings in ethtool (bsc#1236761).
  • net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
  • net: mana: Enable debugfs files for MANA device (bsc#1236758).
  • net: netvsc: Update default VMBus channels (bsc#1236757).
  • scsi: storvsc: Use scsicmdtorq() instead of scsicmnd.request (git-fixes).
  • x86/kvm: fix isstalepage_fault() (bsc#1236675).
  • x86/xen: add FRAMEEND to xenhypercall_hvm() (git-fixes).
  • x86/xen: fix xenhypercallhvm() to not clobber %rbx (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.112.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.112.1",
            "kernel-rt": "5.14.21-150400.15.112.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.112.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.112.1",
            "kernel-rt": "5.14.21-150400.15.112.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.112.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.112.1",
            "kernel-rt": "5.14.21-150400.15.112.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.112.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.112.1",
            "kernel-rt": "5.14.21-150400.15.112.1"
        }
    ]
}