SUSE-SU-2025:01640-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202501640-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01640-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:01640-1
Upstream
Related
Published
2025-05-21T11:52:08Z
Modified
2026-03-11T07:27:53.283930Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621).
  • CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
  • CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt (bsc#1238032).
  • CVE-2022-49767: 9p/transfd: always use ONONBLOCK read/write (bsc#1242493).
  • CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
  • CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910).
  • CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
  • CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
  • CVE-2025-21791: vrf: use RCU protection in l3mdevl3out() (bsc#1238512).
  • CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
  • CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
  • CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
  • CVE-2025-22020: memstick: rtsxusbms: Fix slab-use-after-free in rtsxusbmsdrvremove (bsc#1241280).
  • CVE-2025-22045: x86/mm: Fix flushtlbrange() when used for zapping normal PMDs (bsc#1241433).
  • CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
  • CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
  • CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
  • CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
  • CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).

The following non-security bugs were fixed:

  • cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777).
  • cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
  • cpufreq: Fix per-policy boost behavior on SoCs using cpufreqboostset_sw() (bsc#1236777).
  • cpufreq: Support per-policy performance boost (bsc#1236777).
  • x86/bhi: Do not set BHIDISS in 32-bit mode (bsc#1242778).
  • x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
  • x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
References

Affected packages

SUSE:Linux Enterprise Micro 5.5 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.94.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150500.13.94.1",
            "kernel-devel-rt": "5.14.21-150500.13.94.1",
            "kernel-source-rt": "5.14.21-150500.13.94.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01640-1.json"

SUSE:Linux Enterprise Micro 5.5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.13.94.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-rt": "5.14.21-150500.13.94.1",
            "kernel-devel-rt": "5.14.21-150500.13.94.1",
            "kernel-source-rt": "5.14.21-150500.13.94.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01640-1.json"