SUSE-SU-2025:2264-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20252264-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:2264-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:2264-1
Upstream
Related
Withdrawn
2026-04-03T13:01:26.608054Z
Published
2025-07-10T08:25:37Z
Modified
2026-04-03T13:01:26.608054Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
  • CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
  • CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
  • CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
  • CVE-2024-26808: netfilter: nftchainfilter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
  • CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfcworkerwake_up() (bsc#1225820).
  • CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
  • CVE-2024-36978: net: sched: schmultiq: fix possible OOB write in multiqtune() (bsc#1226514).
  • CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
  • CVE-2024-53125: bpf: synclinkedregs() must preserve subreg_def (bsc#1234156).
  • CVE-2024-53141: netfilter: ipset: add missing range check in bitmapipuadt (bsc#1234381).
  • CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464).
  • CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
  • CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
  • CVE-2025-21702: pfifotailenqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
  • CVE-2025-21703: netem: Update sch->q.qlen before qdisctreereduce_backlog() (bsc#1237313).
  • CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
  • CVE-2025-23141: KVM: x86: Acquire SRCU in KVMGETMP_STATE to protect guest memory accesses (bsc#1242782).
  • CVE-2025-37752: netsched: schsfq: move the limit validation (bsc#1242504).
  • CVE-2025-37823: netsched: hfsc: Fix a potential UAF in hfscdequeue() too (bsc#1242924).
  • CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
  • CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
  • CVE-2025-38000: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue() (bsc#1244277).
  • CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
  • CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
  • CVE-2025-38060: bpf: abort verification if env->curstate->loopentry != NULL (bsc#1245155).
  • CVE-2025-38083: netsched: prio: fix a race in priotune() (bsc#1245183).

The following non-security bugs were fixed:

  • ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
  • Fix reference in 'netsched: schsfq: use a temporary work area for validating configuration' (bsc#1242504)
  • MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
  • MyBS: Do not build kernel-obs-qa with limitpackages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limitpackages also on multibuild')
  • MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
  • bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
  • hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
  • kernel-source: Do not use multiple -r in sed parameters
  • kernel-source: Remove log.sh from sources
  • mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
  • mm/hugetlb: fix hugepmdunshare() vs GUP-fast race (bsc#1245431).
  • mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
  • netsched: schfifo: implement lockless _fifodump() (bsc#1237312)
  • netsched: schsfq: use a temporary work area for validating configuration (bsc#1232504)
  • ovl: fix use inode directly in rcu-walk mode (bsc#1241900).
  • powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
  • powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
  • scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
  • scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
References

Affected packages