SUSE-SU-2025:0833-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951).
Affected Systems
- suse•kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1
- suse•kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-64kb&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1.150500.6.45.1
- suse•kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1.150500.6.45.1
- suse•kernel-default-base&distro=SUSE Linux Enterprise Micro 5.5
< 5.14.21-150500.55.97.1.150500.6.45.1
- suse•kernel-default-base&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1.150500.6.45.1
- suse•kernel-default-base&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 5.14.21-150500.55.97.1.150500.6.45.1
- suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1
- suse•kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP5
< 5.14.21-150500.55.97.1
- suse•kernel-default&distro=SUSE Linux Enterprise Micro 5.5
< 5.14.21-150500.55.97.1
- suse•kernel-default&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 5.14.21-150500.55.97.1
- suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1
- suse•kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-docs&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 5.14.21-150500.55.97.1
- suse•kernel-livepatch-SLE15-SP5_Update_24&distro=SUSE Linux Enterprise Live Patching 15 SP5
< 1-150500.11.3.1
- suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1
- suse•kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-obs-build&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-obs-build&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 5.14.21-150500.55.97.1
- suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1
- suse•kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-source&distro=SUSE Linux Enterprise Micro 5.5
< 5.14.21-150500.55.97.1
- suse•kernel-source&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 5.14.21-150500.55.97.1
- suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
< 5.14.21-150500.55.97.1
- suse•kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-syms&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
- suse•kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
< 5.14.21-150500.55.97.1
- suse•kernel-zfcpdump&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
< 5.14.21-150500.55.97.1
References (50)
- https://www.suse.com/support/update/announcement/2025/suse-su-20250833-1/
- https://bugzilla.suse.com/1208995
- https://bugzilla.suse.com/1220946
- https://bugzilla.suse.com/1225742
- https://bugzilla.suse.com/1232472
- https://bugzilla.suse.com/1232919
- https://bugzilla.suse.com/1233701
- https://bugzilla.suse.com/1233749
- https://bugzilla.suse.com/1234154
- https://bugzilla.suse.com/1234650
- https://bugzilla.suse.com/1234853
- https://bugzilla.suse.com/1234891
- https://bugzilla.suse.com/1234963
- https://bugzilla.suse.com/1235054
- https://bugzilla.suse.com/1235061
- https://bugzilla.suse.com/1235073
- https://bugzilla.suse.com/1235111
- https://bugzilla.suse.com/1236133
- https://bugzilla.suse.com/1236289
- https://bugzilla.suse.com/1236576
- https://bugzilla.suse.com/1236661
- https://bugzilla.suse.com/1236677
- https://bugzilla.suse.com/1236757
- https://bugzilla.suse.com/1236758
- https://bugzilla.suse.com/1236760
- https://bugzilla.suse.com/1236761
- https://bugzilla.suse.com/1236777
- https://bugzilla.suse.com/1236951
- https://bugzilla.suse.com/1237025
- https://bugzilla.suse.com/1237028
- https://bugzilla.suse.com/1237139
- https://bugzilla.suse.com/1237316
- https://bugzilla.suse.com/1237693
- https://bugzilla.suse.com/1238033
- https://www.suse.com/security/cve/CVE-2022-49080
- https://www.suse.com/security/cve/CVE-2023-1192
- https://www.suse.com/security/cve/CVE-2023-52572
- https://www.suse.com/security/cve/CVE-2024-50115
- https://www.suse.com/security/cve/CVE-2024-53135
- https://www.suse.com/security/cve/CVE-2024-53173
- https://www.suse.com/security/cve/CVE-2024-53226
- https://www.suse.com/security/cve/CVE-2024-53239
- https://www.suse.com/security/cve/CVE-2024-56539
- https://www.suse.com/security/cve/CVE-2024-56548
- https://www.suse.com/security/cve/CVE-2024-56605
- https://www.suse.com/security/cve/CVE-2024-57948
- https://www.suse.com/security/cve/CVE-2025-21647
- https://www.suse.com/security/cve/CVE-2025-21690
- https://www.suse.com/security/cve/CVE-2025-21692
- https://www.suse.com/security/cve/CVE-2025-21699