SUSE-SU-2025:03626-1

Advisory lineage Upstream: 84 Downstream: 0

Upstream

CVE-2021-4460 CVE-2022-2602 CVE-2022-2978 CVE-2022-36280 CVE-2022-43945 CVE-2022-49980

Published: 17 Oct 2025, 06:14

Last modified:04 Feb 2026, 03:58

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Oct 2025, 06:14

Published

Vulnerability first disclosed

04 Feb 2026, 03:58

Last Modified

Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947). - CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257). - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301). - CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140). - CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - git_sort: Make tests independent of environment. - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - scripts/python/kss-dashboard: attempt getting smash data - scripts/python/kss-dashboard: fetch into repos if stale - scripts/python/kss-dashboard: implement CVSSv3.1 score consistency check - scripts/python/kss-dashboard: prepare for the alternative CVE branch - scripts/python/kss-dashboard: simplify control flow - scripts/python/kss-dashboard: speed up patch checking a bit - scripts/python/kss-dashboard: use decorator to handle exceptions - scripts/tar-up: Remove mkspec only affter running it. - scripts: Import arch-symbols script from packaging - scripts: Import guards script from packaging - scripts: test_linux_git.py: Do not complain about missing cwd - sequence-patch: Use arch-symbols - suse_git/header: Complain about patch filenames over 100 characters. - tar-up: Also sort generated tar archives - tar-up: Handle multiple levels of symlinks - tar-up: Normalize file modes to ones supported by git - tar-up: Remove mkspec and its inputs as from target directory (bsc#1250522). - tar-up: Remove the $build_dir prefix when in $build_dir - tar-up: Set owner of files in generated tar archives to root rather than nobody - tar_up: Handle symlinks in rpm directory - use uniform permission checks for all mount propagation changes (git-fixes).

Affected Systems

suse•kernel-64kb&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-64kb&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-default-base&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1.150300.18.132.1
suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1.150300.18.132.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.1
< 5.3.18-150300.59.221.1.150300.18.132.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2
< 5.3.18-150300.59.221.1.150300.18.132.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1.150300.18.132.1
suse•kernel-default-base&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1.150300.18.132.1
suse•kernel-default&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.1
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.2
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-docs&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-docs&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-livepatch-SLE15-SP3_Update_62&distro=SUSE Linux Enterprise Live Patching 15 SP3
< 1-150300.7.3.1
suse•kernel-obs-build&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-obs-build&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-preempt&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-preempt&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-preempt&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-preempt&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-source&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-source&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-syms&distro=SUSE Enterprise Storage 7.1
< 5.3.18-150300.59.221.1
suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-syms&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1
suse•kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 5.3.18-150300.59.221.1
suse•kernel-zfcpdump&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 5.3.18-150300.59.221.1

SUSE-SU-2025:03626-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (184)