Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:02099-1
Release Date:	2025-06-25T06:02:40Z
Rating:	important
References:	bsc#1209547 bsc#1210647 bsc#1213167 bsc#1232649 bsc#1234381 bsc#1237159 bsc#1237312 bsc#1240213 bsc#1240218 bsc#1240227 bsc#1240835
Cross-References:	CVE-2017-5753 CVE-2023-2162 CVE-2023-3567 CVE-2023-52973 CVE-2023-52974 CVE-2023-53000 CVE-2024-53141 CVE-2025-21700 CVE-2025-21702 CVE-2025-22004
CVSS scores:	CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3567 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3567 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-52973 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52973 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52974 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52974 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-53000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53141 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-53141 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2024-53141 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21700 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21700 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-21700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22004 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

An update that solves 10 vulnerabilities and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).

The following non-security bugs were fixed:

mtd: phram: Add the kernel lock down check (bsc#1232649).
net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
netfilter: ipset: Check and reject crazy /0 input parameters (git-fixes)
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function (git-fixes)

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-2099=1
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-2099=1

Package List:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
- kernel-ec2-3.0.101-108.183.1
- kernel-default-3.0.101-108.183.1
- kernel-xen-3.0.101-108.183.1
- kernel-trace-3.0.101-108.183.1
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
- kernel-source-3.0.101-108.183.1
- kernel-syms-3.0.101-108.183.1
- kernel-xen-devel-3.0.101-108.183.1
- kernel-ec2-devel-3.0.101-108.183.1
- kernel-trace-base-3.0.101-108.183.1
- kernel-ec2-base-3.0.101-108.183.1
- kernel-xen-base-3.0.101-108.183.1
- kernel-default-base-3.0.101-108.183.1
- kernel-trace-devel-3.0.101-108.183.1
- kernel-default-devel-3.0.101-108.183.1
SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
- kernel-ec2-3.0.101-108.183.1
- kernel-default-3.0.101-108.183.1
- kernel-xen-3.0.101-108.183.1
- kernel-trace-3.0.101-108.183.1
SUSE Linux Enterprise Server 11 SP4 (x86_64)
- kernel-source-3.0.101-108.183.1
- kernel-syms-3.0.101-108.183.1
- kernel-xen-devel-3.0.101-108.183.1
- kernel-ec2-devel-3.0.101-108.183.1
- kernel-trace-base-3.0.101-108.183.1
- kernel-ec2-base-3.0.101-108.183.1
- kernel-xen-base-3.0.101-108.183.1
- kernel-default-base-3.0.101-108.183.1
- kernel-trace-devel-3.0.101-108.183.1
- kernel-default-devel-3.0.101-108.183.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: