SUSE-SU-2025:02846-1

Advisory lineage Upstream: 83 Downstream: 0
Published: 18 Aug 2025, 15:47
Last modified:04 Feb 2026, 03:59

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

18 Aug 2025, 15:47
Published
Vulnerability first disclosed
04 Feb 2026, 03:59
Last Modified
Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631). - CVE-2021-46987: btrfs: fix deadlock when cloning inline extents and using qgroups (bsc#1220704). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference (bsc#1205711). - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2022-49319: iommu/arm-smmu-v3: check return value after calling platform_get_resource() (bsc#1238374). - CVE-2022-49323: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (bsc#1238400). - CVE-2022-49768: 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (bsc#1242446). - CVE-2022-49825: ata: libata-transport: fix error handling in ata_tport_add() (bsc#1242548). - CVE-2022-49934: wifi: mac80211: Fix UAF in ieee80211_scan_rx() (bsc#1245051). - CVE-2022-49948: vt: Clear selection before changing the font (bsc#1245058). - CVE-2022-49969: drm/amd/display: clear optc underflow before turn off odm clock (bsc#1245060). - CVE-2022-49993: loop: Check for overflow while configuring loop (bsc#1245121). - CVE-2022-50025: cxl: Fix a memory leak in an error handling path (bsc#1245132). - CVE-2022-50027: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1245073). - CVE-2022-50030: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1245265). - CVE-2022-50033: usb: host: ohci-ppc-of: Fix refcount leak bug (bsc#1245139). - CVE-2022-50103: sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed (bsc#1244840). - CVE-2022-50149: driver core: fix potential deadlock in __driver_attach (bsc#1244883). - CVE-2022-50226: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (bsc#1244860). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-52878: can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (bsc#1225000). - CVE-2023-53020: l2tp: close all race conditions in l2tp_tunnel_register() (bsc#1240224). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2023-53118: scsi: core: Fix a procfs host directory removal regression (bsc#1242365). - CVE-2024-26974: crypto: qat - resolve race condition during AER recovery (bsc#1223638). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954). - CVE-2025-21731: nbd: do not allow reconnect after disconnect (bsc#1237881). - CVE-2025-21928: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (bsc#1240722). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38040: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (bsc#1245078). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38108: net_sched: red: fix a race in __red_change() (bsc#1245675). - CVE-2025-38112: net: Fix TOCTOU issue in sk_is_readable() (bsc#1245668). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38157: wifi: ath9k_htc: Abort software beacon handling if disabled (bsc#1245747). - CVE-2025-38161: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (bsc#1245777). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38193: net_sched: sch_sfq: reject invalid perturb period (bsc#1245945). - CVE-2025-38198: fbcon: Make sure modelist not set on unregistered console (bsc#1245952). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38211: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (bsc#1246008). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38249: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (bsc#1246171). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38312: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (bsc#1246386). - CVE-2025-38319: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (bsc#1246243). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38391: usb: typec: altmodes/displayport: do not index invalid pin_assignments (bsc#1247181). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38415: Squashfs: check return result of sb_min_blocksize (bsc#1247147). - CVE-2025-38420: wifi: carl9170: do not ping device which has failed to load firmware (bsc#1247279). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). The following non-security bugs were fixed: - RDMA/core: Always release restrack object (git-fixes) - bdi: Fix up kabi for dev_name addition (bsc#1171844). - bdi: add a ->dev_name field to struct backing_dev_info (bsc#1171844). - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - l2tp: fix a sock refcnt leak in l2tp_tunnel_register (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (bsc#1242548) - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (bsc#1242548) - virtgpu: do not reset on shutdown (git-fixes).

Affected Systems

  • susekernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5

    < 4.12.14-122.269.1

  • susekernel-default&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

    < 4.12.14-122.269.1

  • susekernel-default&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

    < 4.12.14-122.269.1

  • susekernel-source&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

    < 4.12.14-122.269.1

  • susekernel-source&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

    < 4.12.14-122.269.1

  • susekernel-syms&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

    < 4.12.14-122.269.1

  • susekernel-syms&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

    < 4.12.14-122.269.1

  • susekgraft-patch-SLE12-SP5_Update_71&distro=SUSE Linux Enterprise Live Patching 12 SP5

    < 1-8.3.1

References (168)