Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

Announcement ID:	SUSE-SU-2025:03123-1
Release Date:	2025-09-09T17:04:00Z
Rating:	important
References:	bsc#1236207 bsc#1242579 bsc#1244235 bsc#1245505 bsc#1245775 bsc#1245791 bsc#1245805 bsc#1246030 bsc#1248108
Cross-References:	CVE-2025-21659 CVE-2025-21701 CVE-2025-21999 CVE-2025-37890 CVE-2025-38000 CVE-2025-38001 CVE-2025-38087 CVE-2025-38212
CVSS scores:	CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Live Patching 15-SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities and has one security fix can now be installed.

Description:

This update for the Linux Kernel 6.4.0-150600_10_17 fixes several issues.

The following security issues were fixed:

CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504).
CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235).
CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207).
CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775).
CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791).
CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805).
CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3123=1

Package List:

SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
- kernel-livepatch-6_4_0-150600_10_17-rt-14-150600.2.1
- kernel-livepatch-6_4_0-150600_10_17-rt-debuginfo-14-150600.2.1
- kernel-livepatch-SLE15-SP6-RT_Update_5-debugsource-14-150600.2.1

Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

Description:

Patch Instructions:

Package List:

References: