Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:20493-1
Release Date:	2025-07-11T13:53:22Z
Rating:	important
References:	bsc#1210025 bsc#1211226 bsc#1215199 bsc#1218184 bsc#1223008 bsc#1235490 bsc#1236208 bsc#1237312 bsc#1237913 bsc#1238859 bsc#1238982 bsc#1240577 bsc#1240610 bsc#1240686 bsc#1240814 bsc#1241166 bsc#1241278 bsc#1241414 bsc#1241544 bsc#1241572 bsc#1241592 bsc#1242504 bsc#1242515 bsc#1242521 bsc#1242556 bsc#1242725 bsc#1242907 bsc#1243051 bsc#1243060 bsc#1243342 bsc#1243467 bsc#1243480 bsc#1243506 bsc#1243523 bsc#1243538 bsc#1243544 bsc#1243551 bsc#1243620 bsc#1243698 bsc#1243774 bsc#1243823 bsc#1243827 bsc#1243832 bsc#1243847 bsc#1244100 bsc#1244145 bsc#1244172 bsc#1244176 bsc#1244229 bsc#1244234 bsc#1244241 bsc#1244274 bsc#1244275 bsc#1244277 bsc#1244309 bsc#1244313 bsc#1244337 bsc#1244626 bsc#1244725 bsc#1244727 bsc#1244729 bsc#1244731 bsc#1244732 bsc#1244736 bsc#1244737 bsc#1244738 bsc#1244739 bsc#1244743 bsc#1244746 bsc#1244759 bsc#1244789 bsc#1244862 bsc#1244906 bsc#1244938 bsc#1244995 bsc#1244996 bsc#1244999 bsc#1245001 bsc#1245003 bsc#1245004 bsc#1245025 bsc#1245042 bsc#1245046 bsc#1245078 bsc#1245081 bsc#1245082 bsc#1245083 bsc#1245155 bsc#1245183 bsc#1245193 bsc#1245210 bsc#1245217 bsc#1245225 bsc#1245226 bsc#1245228 bsc#1245431 bsc#1245455 jsc#PED-12551
Cross-References:	CVE-2024-26831 CVE-2024-56613 CVE-2024-56699 CVE-2024-57982 CVE-2024-58053 CVE-2025-21658 CVE-2025-21720 CVE-2025-21898 CVE-2025-21899 CVE-2025-21920 CVE-2025-21959 CVE-2025-22035 CVE-2025-22083 CVE-2025-22111 CVE-2025-22120 CVE-2025-37756 CVE-2025-37757 CVE-2025-37786 CVE-2025-37811 CVE-2025-37859 CVE-2025-37884 CVE-2025-37909 CVE-2025-37921 CVE-2025-37923 CVE-2025-37927 CVE-2025-37938 CVE-2025-37945 CVE-2025-37946 CVE-2025-37961 CVE-2025-37973 CVE-2025-37992 CVE-2025-37994 CVE-2025-37995 CVE-2025-37997 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38005 CVE-2025-38007 CVE-2025-38009 CVE-2025-38010 CVE-2025-38011 CVE-2025-38013 CVE-2025-38014 CVE-2025-38015 CVE-2025-38018 CVE-2025-38020 CVE-2025-38022 CVE-2025-38023 CVE-2025-38024 CVE-2025-38027 CVE-2025-38031 CVE-2025-38040 CVE-2025-38043 CVE-2025-38044 CVE-2025-38045 CVE-2025-38053 CVE-2025-38057 CVE-2025-38059 CVE-2025-38060 CVE-2025-38065 CVE-2025-38068 CVE-2025-38072 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38080 CVE-2025-38081 CVE-2025-38083
CVSS scores:	CVE-2024-26831 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2024-26831 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-56613 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2024-56613 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2024-56613 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-56699 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2024-56699 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2024-57982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-57982 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-58053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21658 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21658 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21898 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21898 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21898 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21899 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21899 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21920 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21920 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21920 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-21959 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21959 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-21959 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22035 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-22035 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22083 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22111 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37756 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37757 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37811 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-37811 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37859 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-37859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-37884 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-37884 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37909 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-37909 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-37921 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-37921 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N CVE-2025-37923 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-37923 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2025-37927 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-37927 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2025-37938 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37945 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37992 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-37992 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37994 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-37994 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2025-37995 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-37995 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37997 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-37997 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38003 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-38004 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38004 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-38005 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38005 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-38007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38009 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-38009 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-38010 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-38010 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2025-38011 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38013 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38013 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-38014 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38014 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-38015 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38018 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38020 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38022 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38022 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-38023 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38023 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38024 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38024 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38027 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38027 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-38031 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38031 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2025-38040 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38040 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-38043 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-38043 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2025-38044 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-38044 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2025-38045 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-38045 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2025-38053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38057 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38057 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38059 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38059 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-38060 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38060 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38065 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38065 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38068 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38068 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-38072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38077 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38078 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38078 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38080 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38081 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Micro 6.0 SUSE Linux Micro Extras 6.0

An update that solves 70 vulnerabilities, contains one feature and has 27 fixes can now be installed.

Description:

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913).
• CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982).
• CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859).
• CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610).
• CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577).
• CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686).
• CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814).
• CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544).
• CVE-2025-22111: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572).
• CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515).
• CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521).
• CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725).
• CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907).
• CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051).
• CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060).
• CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467).
• CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480).
• CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551).
• CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620).
• CVE-2025-37938: tracing: Verify event formats that have "%*p.." (bsc#1243544).
• CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538).
• CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523).
• CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698).
• CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827).
• CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
• CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
• CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
• CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729).
• CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999).
• CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746).
• CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862).
• CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155).
• CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743).

The following non-security bugs were fixed:

• ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes).
• ACPI: battery: negate current when discharging (stable-fixes).
• ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes).
• ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes).
• ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes).
• ACPICA: fix acpi parse and parseext cache leaks (stable-fixes).
• ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes).
• ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes).
• ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes).
• ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes).
• ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes).
• ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes).
• ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes).
• ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes).
• ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes).
• ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes).
• ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes).
• ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes).
• ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes).
• ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes).
• ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes).
• ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes).
• ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes).
• ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes).
• ALSA: usb-audio: Support multiple control interfaces (stable-fixes).
• ALSA: usb-audio: Support read-only clock selector control (stable-fixes).
• ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes).
• ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes).
• ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes).
• ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes).
• ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes).
• Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes).
• Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes).
• Bluetooth: MGMT: Fix sparse errors (git-fixes).
• Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes).
• Bluetooth: Remove pending ACL connection attempts (stable-fixes).
• Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes).
• Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes).
• Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes).
• Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes).
• Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes).
• Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes).
• Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes).
• HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes).
• HID: wacom: fix kobject reference count leak (git-fixes).
• HID: wacom: fix memory leak on kobject creation failure (git-fixes).
• HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes).
• Input: sparcspkr - avoid unannotated fall-through (stable-fixes).
• KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225).
• NFC: nci: uart: Set tty->disc_data only in success path (git-fixes).
• PCI/DPC: Log Error Source ID only when valid (git-fixes).
• PCI/DPC: Use defines with DPC reason fields (git-fixes).
• PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes).
• PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes).
• PCI: apple: Set only available ports up (git-fixes).
• PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes).
• PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes).
• PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes).
• PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes).
• RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes)
• RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes)
• Revert "ALSA: usb-audio: Skip setting clock selector for single connections" (stable-fixes).
• Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes)
• Revert "ipv6: save dontfrag in cork (git-fixes)."
• Revert "kABI: ipv6: save dontfrag in cork (git-fixes)."
• USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes).
• add bug reference to existing hv_storvsc change (bsc#1245455).
• arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes)
• ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes).
• ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes).
• ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes).
• bnxt: properly flush XDP redirect lists (git-fixes).
• bpf: Force uprobe bpf program to always return 0 (git-fixes).
• btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes).
• btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes).
• btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes).
• btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes).
• btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes).
• btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes).
• bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes).
• calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes).
• can: tcan4x5x: fix power regulator retrieval during probe (git-fixes).
• ceph: Fix incorrect flush end position calculation (git-fixes).
• ceph: allocate sparse_ext map only for sparse reads (git-fixes).
• ceph: fix memory leaks in __ceph_sync_read() (git-fixes).
• cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166).
• clocksource: Fix brown-bag boolean thinko in (git-fixes)
• clocksource: Make watchdog and suspend-timing multiplication (git-fixes)
• devlink: Fix referring to hw_addr attribute during state validation (git-fixes).
• devlink: fix port dump cmd type (git-fixes).
• drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes).
• drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes).
• drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes).
• drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes).
• drm/i915: fix build error some more (git-fixes).
• drm/msm/disp: Correct porch timing for SDM845 (git-fixes).
• drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes).
• drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes).
• drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes).
• e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes).
• fbcon: Make sure modelist not set on unregistered console (stable-fixes).
• fgraph: Still initialize idle shadow stacks when starting (git-fixes).
• firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes).
• gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes).
• gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes).
• gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes).
• hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes).
• hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes).
• hwmon: (occ) Rework attribute registration for stack usage (git-fixes).
• hwmon: (occ) fix unaligned accesses (git-fixes).
• hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes).
• hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes).
• i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes).
• i2c: npcm: Add clock toggle recovery (stable-fixes).
• i2c: robotfuzz-osif: disable zero-length read messages (git-fixes).
• i2c: tiny-usb: disable zero-length read messages (git-fixes).
• i40e: retry VFLR handling if there is ongoing VF reset (git-fixes).
• i40e: return false from i40e_reset_vf if reset is in progress (git-fixes).
• ice: Fix LACP bonds without SRIOV environment (git-fixes).
• ice: create new Tx scheduler nodes for new queues only (git-fixes).
• ice: fix Tx scheduler error handling in XDP callback (git-fixes).
• ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes).
• ice: fix vf->num_mac count with port representors (git-fixes).
• ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650).
• iommu: Skip PASID validation for devices without PASID capability (bsc#1244100)
• iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100)
• isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774).
• kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes).
• kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes).
• kabi: restore layout of struct cgroup_subsys (bsc#1241166).
• kabi: restore layout of struct mem_control (jsc#PED-12551).
• kabi: restore layout of struct page_counter (jsc#PED-12551).
• loop: add file_start_write() and file_end_write() (git-fixes).
• md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes).
• mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
• mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551).
• mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
• mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
• mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551).
• mmc: Add quirk to disable DDR50 tuning (stable-fixes).
• net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes).
• net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes).
• net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes).
• net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes).
• net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes).
• net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes).
• net/mlx5: Fix return value when searching for existing flow group (git-fixes).
• net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes).
• net/mlx5e: Fix leak of Geneve TLV option object (git-fixes).
• net/sched: fix use-after-free in taprio_dev_notifier (git-fixes).
• net: Fix TOCTOU issue in sk_is_readable() (git-fixes).
• net: ice: Perform accurate aRFS flow match (git-fixes).
• net: mana: Add support for Multi Vports on Bare metal (bsc#1244229).
• net: mana: Record doorbell physical address in PF mode (bsc#1244229).
• net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538)
• net_sched: ets: fix a race in ets_qdisc_change() (git-fixes).
• net_sched: prio: fix a race in prio_tune() (git-fixes).
• net_sched: red: fix a race in __red_change() (git-fixes).
• net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
• net_sched: sch_sfq: reject invalid perturb period (git-fixes).
• net_sched: tbf: fix a race in tbf_change() (git-fixes).
• netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes).
• netlink: specs: dpll: replace underscores with dashes in names (git-fixes).
• nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes).
• ntp: Clamp maxerror and esterror to operating range (git-fixes)
• ntp: Remove invalid cast in time offset math (git-fixes)
• ntp: Safeguard against time_constant overflow (git-fixes)
• nvme-fc: do not reference lsrsp after failure (bsc#1245193).
• nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes).
• nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes).
• nvme-pci: add quirks for device 126f:1001 (git-fixes).
• nvme: always punt polled uring_cmd end_io work to task_work (git-fixes).
• nvme: fix command limits status code (git-fixes).
• nvme: fix implicit bool to flags conversion (git-fixes).
• nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193).
• nvmet-fc: take tgtport refs for portentry (bsc#1245193).
• nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193).
• nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193).
• nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193).
• nvmet-fcloop: do not wait for lport cleanup (bsc#1245193).
• nvmet-fcloop: drop response if targetport is gone (bsc#1245193).
• nvmet-fcloop: prevent double port deletion (bsc#1245193).
• nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193).
• nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193).
• nvmet-fcloop: remove nport from list on last user (bsc#1245193).
• nvmet-fcloop: track ref counts for nports (bsc#1245193).
• nvmet-fcloop: update refs on tfcp_req (bsc#1245193).
• pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes).
• pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes).
• pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes).
• pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes).
• pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes).
• pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes).
• pinctrl: st: Drop unused st_gpio_bank() function (git-fixes).
• platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes).
• platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes).
• platform/x86: dell_rbu: Fix list usage (git-fixes).
• platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes).
• platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes).
• power: supply: bq27xxx: Retrieve again when busy (stable-fixes).
• power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes).
• powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199).
• powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
• powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
• ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes).
• r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes).
• regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes).
• rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725)
• rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes).
• rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes).
• s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226).
• s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228).
• scsi: dc395x: Remove DEBUG conditional compilation (git-fixes).
• scsi: dc395x: Remove leftover if statement in reselect() (git-fixes).
• scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes).
• scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes).
• scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes).
• scsi: mpi3mr: Add level check to control event logging (git-fixes).
• scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes).
• scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes).
• scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes).
• scsi: st: ERASE does not change tape location (git-fixes).
• scsi: st: Restore some drive settings after reset (git-fixes).
• scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes).
• scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
• scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes).
• serial: imx: Restore original RXTL for console to fix data loss (git-fixes).
• serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes).
• serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes).
• software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes).
• staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes).
• struct usci: hide additional member (git-fixes).
• sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes).
• thunderbolt: Do not double dequeue a configuration request (stable-fixes).
• timekeeping: Fix bogus clock_was_set() invocation in (git-fixes)
• timekeeping: Fix cross-timestamp interpolation corner case (git-fixes)
• timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes)
• timekeeping: Fix cross-timestamp interpolation on counter (git-fixes)
• trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes).
• tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes).
• tracing: Add __print_dynamic_array() helper (bsc#1243544).
• tracing: Add __string_len() example (bsc#1243544).
• tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes).
• tracing: Fix compilation warning on arm32 (bsc#1243551).
• tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes).
• truct dwc3 hide new member wakeup_pending_funcs (git-fixes).
• ucsi_debugfs_entry: hide signedness change (git-fixes).
• uprobes: Use kzalloc to allocate xol area (git-fixes).
• usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes).
• usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes).
• usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes).
• usb: typec: ucsi: Only enable supported notifications (git-fixes).
• usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes).
• usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes).
• usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes).
• usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes).
• usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes).
• vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626).
• vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626).
• vmxnet3: update MTU after device quiesce (bsc#1244626).
• watchdog: da9052_wdt: respect TWDMIN (stable-fixes).
• watchdog: fix watchdog may detect false positive of softlockup (stable-fixes).
• watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes).
• watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes).
• wifi: ath11k: Fix QMI memory reuse logic (stable-fixes).
• wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes).
• wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes).
• wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes).
• wifi: ath11k: do not wait when there is no vdev started (git-fixes).
• wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes).
• wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes).
• wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847).
• wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes).
• wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes).
• wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes).
• wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes).
• wifi: ath12k: fix incorrect CE addresses (stable-fixes).
• wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes).
• wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes).
• wifi: carl9170: do not ping device which has failed to load firmware (git-fixes).
• wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes).
• wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes).
• wifi: mac80211: VLAN traffic in multicast path (stable-fixes).
• wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes).
• wifi: mac80211: fix beacon interval calculation overflow (git-fixes).
• wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes).
• wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes).
• wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes).
• wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes).
• wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes).
• x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes).
• x86/microcode/AMD: Add get_patch_level() (git-fixes).
• x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes).
• x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes).
• x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes).
• x86/microcode: Consolidate the loader enablement checking (git-fixes).
• x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes).
• x86/xen: fix balloon target initialization for PVH dom0 (git-fixes).
• xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes)
• xen/x86: fix initial memory balloon target (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Micro 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-kernel-50=1
• SUSE Linux Micro Extras 6.0
  zypper in -t patch SUSE-SLE-Micro-6.0-kernel-50=1

Package List:

• SUSE Linux Micro 6.0 (noarch)
  • kernel-source-6.4.0-31.1
  • kernel-devel-6.4.0-31.1
  • kernel-macros-6.4.0-31.1
• SUSE Linux Micro 6.0 (aarch64 nosrc s390x x86_64)
  • kernel-default-6.4.0-31.1
• SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
  • kernel-default-debugsource-6.4.0-31.1
  • kernel-default-debuginfo-6.4.0-31.1
• SUSE Linux Micro 6.0 (s390x x86_64)
  • kernel-default-livepatch-6.4.0-31.1
• SUSE Linux Micro 6.0 (nosrc x86_64)
  • kernel-kvmsmall-6.4.0-31.1
• SUSE Linux Micro 6.0 (x86_64)
  • kernel-kvmsmall-debugsource-6.4.0-31.1
  • kernel-kvmsmall-debuginfo-6.4.0-31.1
• SUSE Linux Micro 6.0 (aarch64 x86_64)
  • kernel-default-base-6.4.0-31.1.21.9
• SUSE Linux Micro Extras 6.0 (nosrc)
  • kernel-default-6.4.0-31.1
  • kernel-64kb-6.4.0-31.1
• SUSE Linux Micro Extras 6.0 (aarch64)
  • kernel-64kb-devel-6.4.0-31.1
  • kernel-64kb-debugsource-6.4.0-31.1
• SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64)
  • kernel-syms-6.4.0-31.1
  • kernel-obs-build-debugsource-6.4.0-31.1
  • kernel-default-debugsource-6.4.0-31.1
  • kernel-default-devel-6.4.0-31.1
  • kernel-obs-build-6.4.0-31.1
• SUSE Linux Micro Extras 6.0 (x86_64)
  • kernel-default-devel-debuginfo-6.4.0-31.1

References:

• https://www.suse.com/security/cve/CVE-2024-26831.html
• https://www.suse.com/security/cve/CVE-2024-56613.html
• https://www.suse.com/security/cve/CVE-2024-56699.html
• https://www.suse.com/security/cve/CVE-2024-57982.html
• https://www.suse.com/security/cve/CVE-2024-58053.html
• https://www.suse.com/security/cve/CVE-2025-21658.html
• https://www.suse.com/security/cve/CVE-2025-21720.html
• https://www.suse.com/security/cve/CVE-2025-21898.html
• https://www.suse.com/security/cve/CVE-2025-21899.html
• https://www.suse.com/security/cve/CVE-2025-21920.html
• https://www.suse.com/security/cve/CVE-2025-21959.html
• https://www.suse.com/security/cve/CVE-2025-22035.html
• https://www.suse.com/security/cve/CVE-2025-22083.html
• https://www.suse.com/security/cve/CVE-2025-22111.html
• https://www.suse.com/security/cve/CVE-2025-22120.html
• https://www.suse.com/security/cve/CVE-2025-37756.html
• https://www.suse.com/security/cve/CVE-2025-37757.html
• https://www.suse.com/security/cve/CVE-2025-37786.html
• https://www.suse.com/security/cve/CVE-2025-37811.html
• https://www.suse.com/security/cve/CVE-2025-37859.html
• https://www.suse.com/security/cve/CVE-2025-37884.html
• https://www.suse.com/security/cve/CVE-2025-37909.html
• https://www.suse.com/security/cve/CVE-2025-37921.html
• https://www.suse.com/security/cve/CVE-2025-37923.html
• https://www.suse.com/security/cve/CVE-2025-37927.html
• https://www.suse.com/security/cve/CVE-2025-37938.html
• https://www.suse.com/security/cve/CVE-2025-37945.html
• https://www.suse.com/security/cve/CVE-2025-37946.html
• https://www.suse.com/security/cve/CVE-2025-37961.html
• https://www.suse.com/security/cve/CVE-2025-37973.html
• https://www.suse.com/security/cve/CVE-2025-37992.html
• https://www.suse.com/security/cve/CVE-2025-37994.html
• https://www.suse.com/security/cve/CVE-2025-37995.html
• https://www.suse.com/security/cve/CVE-2025-37997.html
• https://www.suse.com/security/cve/CVE-2025-38000.html
• https://www.suse.com/security/cve/CVE-2025-38001.html
• https://www.suse.com/security/cve/CVE-2025-38003.html
• https://www.suse.com/security/cve/CVE-2025-38004.html
• https://www.suse.com/security/cve/CVE-2025-38005.html
• https://www.suse.com/security/cve/CVE-2025-38007.html
• https://www.suse.com/security/cve/CVE-2025-38009.html
• https://www.suse.com/security/cve/CVE-2025-38010.html
• https://www.suse.com/security/cve/CVE-2025-38011.html
• https://www.suse.com/security/cve/CVE-2025-38013.html
• https://www.suse.com/security/cve/CVE-2025-38014.html
• https://www.suse.com/security/cve/CVE-2025-38015.html
• https://www.suse.com/security/cve/CVE-2025-38018.html
• https://www.suse.com/security/cve/CVE-2025-38020.html
• https://www.suse.com/security/cve/CVE-2025-38022.html
• https://www.suse.com/security/cve/CVE-2025-38023.html
• https://www.suse.com/security/cve/CVE-2025-38024.html
• https://www.suse.com/security/cve/CVE-2025-38027.html
• https://www.suse.com/security/cve/CVE-2025-38031.html
• https://www.suse.com/security/cve/CVE-2025-38040.html
• https://www.suse.com/security/cve/CVE-2025-38043.html
• https://www.suse.com/security/cve/CVE-2025-38044.html
• https://www.suse.com/security/cve/CVE-2025-38045.html
• https://www.suse.com/security/cve/CVE-2025-38053.html
• https://www.suse.com/security/cve/CVE-2025-38057.html
• https://www.suse.com/security/cve/CVE-2025-38059.html
• https://www.suse.com/security/cve/CVE-2025-38060.html
• https://www.suse.com/security/cve/CVE-2025-38065.html
• https://www.suse.com/security/cve/CVE-2025-38068.html
• https://www.suse.com/security/cve/CVE-2025-38072.html
• https://www.suse.com/security/cve/CVE-2025-38077.html
• https://www.suse.com/security/cve/CVE-2025-38078.html
• https://www.suse.com/security/cve/CVE-2025-38079.html
• https://www.suse.com/security/cve/CVE-2025-38080.html
• https://www.suse.com/security/cve/CVE-2025-38081.html
• https://www.suse.com/security/cve/CVE-2025-38083.html
• https://bugzilla.suse.com/show_bug.cgi?id=1210025
• https://bugzilla.suse.com/show_bug.cgi?id=1211226
• https://bugzilla.suse.com/show_bug.cgi?id=1215199
• https://bugzilla.suse.com/show_bug.cgi?id=1218184
• https://bugzilla.suse.com/show_bug.cgi?id=1223008
• https://bugzilla.suse.com/show_bug.cgi?id=1235490
• https://bugzilla.suse.com/show_bug.cgi?id=1236208
• https://bugzilla.suse.com/show_bug.cgi?id=1237312
• https://bugzilla.suse.com/show_bug.cgi?id=1237913
• https://bugzilla.suse.com/show_bug.cgi?id=1238859
• https://bugzilla.suse.com/show_bug.cgi?id=1238982
• https://bugzilla.suse.com/show_bug.cgi?id=1240577
• https://bugzilla.suse.com/show_bug.cgi?id=1240610
• https://bugzilla.suse.com/show_bug.cgi?id=1240686
• https://bugzilla.suse.com/show_bug.cgi?id=1240814
• https://bugzilla.suse.com/show_bug.cgi?id=1241166
• https://bugzilla.suse.com/show_bug.cgi?id=1241278
• https://bugzilla.suse.com/show_bug.cgi?id=1241414
• https://bugzilla.suse.com/show_bug.cgi?id=1241544
• https://bugzilla.suse.com/show_bug.cgi?id=1241572
• https://bugzilla.suse.com/show_bug.cgi?id=1241592
• https://bugzilla.suse.com/show_bug.cgi?id=1242504
• https://bugzilla.suse.com/show_bug.cgi?id=1242515
• https://bugzilla.suse.com/show_bug.cgi?id=1242521
• https://bugzilla.suse.com/show_bug.cgi?id=1242556
• https://bugzilla.suse.com/show_bug.cgi?id=1242725
• https://bugzilla.suse.com/show_bug.cgi?id=1242907
• https://bugzilla.suse.com/show_bug.cgi?id=1243051
• https://bugzilla.suse.com/show_bug.cgi?id=1243060
• https://bugzilla.suse.com/show_bug.cgi?id=1243342
• https://bugzilla.suse.com/show_bug.cgi?id=1243467
• https://bugzilla.suse.com/show_bug.cgi?id=1243480
• https://bugzilla.suse.com/show_bug.cgi?id=1243506
• https://bugzilla.suse.com/show_bug.cgi?id=1243523
• https://bugzilla.suse.com/show_bug.cgi?id=1243538
• https://bugzilla.suse.com/show_bug.cgi?id=1243544
• https://bugzilla.suse.com/show_bug.cgi?id=1243551
• https://bugzilla.suse.com/show_bug.cgi?id=1243620
• https://bugzilla.suse.com/show_bug.cgi?id=1243698
• https://bugzilla.suse.com/show_bug.cgi?id=1243774
• https://bugzilla.suse.com/show_bug.cgi?id=1243823
• https://bugzilla.suse.com/show_bug.cgi?id=1243827
• https://bugzilla.suse.com/show_bug.cgi?id=1243832
• https://bugzilla.suse.com/show_bug.cgi?id=1243847
• https://bugzilla.suse.com/show_bug.cgi?id=1244100
• https://bugzilla.suse.com/show_bug.cgi?id=1244145
• https://bugzilla.suse.com/show_bug.cgi?id=1244172
• https://bugzilla.suse.com/show_bug.cgi?id=1244176
• https://bugzilla.suse.com/show_bug.cgi?id=1244229
• https://bugzilla.suse.com/show_bug.cgi?id=1244234
• https://bugzilla.suse.com/show_bug.cgi?id=1244241
• https://bugzilla.suse.com/show_bug.cgi?id=1244274
• https://bugzilla.suse.com/show_bug.cgi?id=1244275
• https://bugzilla.suse.com/show_bug.cgi?id=1244277
• https://bugzilla.suse.com/show_bug.cgi?id=1244309
• https://bugzilla.suse.com/show_bug.cgi?id=1244313
• https://bugzilla.suse.com/show_bug.cgi?id=1244337
• https://bugzilla.suse.com/show_bug.cgi?id=1244626
• https://bugzilla.suse.com/show_bug.cgi?id=1244725
• https://bugzilla.suse.com/show_bug.cgi?id=1244727
• https://bugzilla.suse.com/show_bug.cgi?id=1244729
• https://bugzilla.suse.com/show_bug.cgi?id=1244731
• https://bugzilla.suse.com/show_bug.cgi?id=1244732
• https://bugzilla.suse.com/show_bug.cgi?id=1244736
• https://bugzilla.suse.com/show_bug.cgi?id=1244737
• https://bugzilla.suse.com/show_bug.cgi?id=1244738
• https://bugzilla.suse.com/show_bug.cgi?id=1244739
• https://bugzilla.suse.com/show_bug.cgi?id=1244743
• https://bugzilla.suse.com/show_bug.cgi?id=1244746
• https://bugzilla.suse.com/show_bug.cgi?id=1244759
• https://bugzilla.suse.com/show_bug.cgi?id=1244789
• https://bugzilla.suse.com/show_bug.cgi?id=1244862
• https://bugzilla.suse.com/show_bug.cgi?id=1244906
• https://bugzilla.suse.com/show_bug.cgi?id=1244938
• https://bugzilla.suse.com/show_bug.cgi?id=1244995
• https://bugzilla.suse.com/show_bug.cgi?id=1244996
• https://bugzilla.suse.com/show_bug.cgi?id=1244999
• https://bugzilla.suse.com/show_bug.cgi?id=1245001
• https://bugzilla.suse.com/show_bug.cgi?id=1245003
• https://bugzilla.suse.com/show_bug.cgi?id=1245004
• https://bugzilla.suse.com/show_bug.cgi?id=1245025
• https://bugzilla.suse.com/show_bug.cgi?id=1245042
• https://bugzilla.suse.com/show_bug.cgi?id=1245046
• https://bugzilla.suse.com/show_bug.cgi?id=1245078
• https://bugzilla.suse.com/show_bug.cgi?id=1245081
• https://bugzilla.suse.com/show_bug.cgi?id=1245082
• https://bugzilla.suse.com/show_bug.cgi?id=1245083
• https://bugzilla.suse.com/show_bug.cgi?id=1245155
• https://bugzilla.suse.com/show_bug.cgi?id=1245183
• https://bugzilla.suse.com/show_bug.cgi?id=1245193
• https://bugzilla.suse.com/show_bug.cgi?id=1245210
• https://bugzilla.suse.com/show_bug.cgi?id=1245217
• https://bugzilla.suse.com/show_bug.cgi?id=1245225
• https://bugzilla.suse.com/show_bug.cgi?id=1245226
• https://bugzilla.suse.com/show_bug.cgi?id=1245228
• https://bugzilla.suse.com/show_bug.cgi?id=1245431
• https://bugzilla.suse.com/show_bug.cgi?id=1245455
• https://jira.suse.com/browse/PED-12551