SUSE-SU-2025:01918-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01918-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:01918-1
Related
Published
2025-06-12T06:29:00Z
Modified
2025-06-12T15:31:54.412213Z
Upstream
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
  • CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt (bsc#1238032).
  • CVE-2022-49767: 9p/transfd: always use ONONBLOCK read/write (bsc#1242493).
  • CVE-2022-49775: tcp: cdg: allow tcpcdgrelease() to be called multiple times (bsc#1242245).
  • CVE-2024-53168: net: make sockinuseadd() available (bsc#1234887).
  • CVE-2024-56558: nfsd: make sure exp active before svcexportshow (bsc#1235100).
  • CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
  • CVE-2025-21999: proc: fix UAF in procgetinode() (bsc#1240802).
  • CVE-2025-22056: netfilter: nfttunnel: fix geneveopt type confusion addition (bsc#1241525).
  • CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
  • CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
  • CVE-2025-23145: mptcp: fix NULL pointer in canacceptnew_subflow (bsc#1242596).
  • CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
  • CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).

The following non-security bugs were fixed:

  • Drivers: hv: Allow vmbussendpacketmpb_desc() to create multiple ranges (bsc#1243737).
  • Refresh fixes for cBPF issue (bsc#1242778)
  • Remove debug flavor (bsc#1243919)
  • arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
  • arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
  • arm64: insn: Add support for encoding DSB (bsc#1242778).
  • arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
  • arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
  • arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
  • hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
  • hvnetvsc: Remove rmsgpgcnt (bsc#1243737).
  • hvnetvsc: Use vmbussendpacketmpbdesc() to send VMBus messages (bsc#1243737).
  • mtd: phram: Add the kernel lock down check (bsc#1232649).
  • ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
  • powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
  • scsi: core: Fix unremoved procfs host directory regression (git-fixes).
  • scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
  • x86/bhi: Do not set BHIDISS in 32-bit mode (bsc#1242778).
  • x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
  • x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}