SUSE-SU-2025:01918-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-202501918-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01918-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:01918-1
Upstream
Related
Published
2025-06-12T06:29:00Z
Modified
2025-06-12T15:31:54.412213Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
  • CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt (bsc#1238032).
  • CVE-2022-49767: 9p/transfd: always use ONONBLOCK read/write (bsc#1242493).
  • CVE-2022-49775: tcp: cdg: allow tcpcdgrelease() to be called multiple times (bsc#1242245).
  • CVE-2024-53168: net: make sockinuseadd() available (bsc#1234887).
  • CVE-2024-56558: nfsd: make sure exp active before svcexportshow (bsc#1235100).
  • CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
  • CVE-2025-21999: proc: fix UAF in procgetinode() (bsc#1240802).
  • CVE-2025-22056: netfilter: nfttunnel: fix geneveopt type confusion addition (bsc#1241525).
  • CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
  • CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
  • CVE-2025-23145: mptcp: fix NULL pointer in canacceptnew_subflow (bsc#1242596).
  • CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
  • CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).

The following non-security bugs were fixed:

  • Drivers: hv: Allow vmbussendpacketmpb_desc() to create multiple ranges (bsc#1243737).
  • Refresh fixes for cBPF issue (bsc#1242778)
  • Remove debug flavor (bsc#1243919)
  • arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
  • arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
  • arm64: insn: Add support for encoding DSB (bsc#1242778).
  • arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
  • arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
  • arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
  • hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
  • hvnetvsc: Remove rmsgpgcnt (bsc#1243737).
  • hvnetvsc: Use vmbussendpacketmpbdesc() to send VMBus messages (bsc#1243737).
  • mtd: phram: Add the kernel lock down check (bsc#1232649).
  • ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
  • powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
  • scsi: core: Fix unremoved procfs host directory regression (git-fixes).
  • scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
  • x86/bhi: Do not set BHIDISS in 32-bit mode (bsc#1242778).
  • x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
  • x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.121.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.121.1",
            "kernel-rt": "5.14.21-150400.15.121.1"
        }
    ]
}