Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

Announcement ID:	SUSE-SU-2025:03108-1
Release Date:	2025-09-09T07:33:52Z
Rating:	important
References:	bsc#1231676 bsc#1231943 bsc#1232271 bsc#1236207 bsc#1242579 bsc#1244235 bsc#1245505 bsc#1245775 bsc#1245791 bsc#1245805 bsc#1246030 bsc#1248108
Cross-References:	CVE-2024-47674 CVE-2024-47706 CVE-2024-49867 CVE-2025-21659 CVE-2025-21701 CVE-2025-21999 CVE-2025-37890 CVE-2025-38000 CVE-2025-38001 CVE-2025-38087 CVE-2025-38212
CVSS scores:	CVE-2024-47674 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-47674 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-47674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-47706 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-47706 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-47706 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-49867 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-49867 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-49867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21659 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-21659 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21999 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-37890 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38001 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38087 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38212 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38212 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Live Patching 15-SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 11 vulnerabilities and has one security fix can now be installed.

Description:

This update for the Linux Kernel 6.4.0-150600_8 fixes several issues.

The following security issues were fixed:

• CVE-2025-38087: net/sched: fix use-after-free in taprio_dev_notifier (bsc#1245504) .
• CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1242579).
• CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244235).
• CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232271).
• CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236207).
• CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1245775).
• CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1245791).
• CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676).
• CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805).
• CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943).
• CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP6
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3108=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
  • kernel-livepatch-6_4_0-150600_8-rt-debuginfo-21-150600.3.1
  • kernel-livepatch-SLE15-SP6-RT_Update_0-debugsource-21-150600.3.1
  • kernel-livepatch-6_4_0-150600_8-rt-21-150600.3.1

References:

• https://www.suse.com/security/cve/CVE-2024-47674.html
• https://www.suse.com/security/cve/CVE-2024-47706.html
• https://www.suse.com/security/cve/CVE-2024-49867.html
• https://www.suse.com/security/cve/CVE-2025-21659.html
• https://www.suse.com/security/cve/CVE-2025-21701.html
• https://www.suse.com/security/cve/CVE-2025-21999.html
• https://www.suse.com/security/cve/CVE-2025-37890.html
• https://www.suse.com/security/cve/CVE-2025-38000.html
• https://www.suse.com/security/cve/CVE-2025-38001.html
• https://www.suse.com/security/cve/CVE-2025-38087.html
• https://www.suse.com/security/cve/CVE-2025-38212.html
• https://bugzilla.suse.com/show_bug.cgi?id=1231676
• https://bugzilla.suse.com/show_bug.cgi?id=1231943
• https://bugzilla.suse.com/show_bug.cgi?id=1232271
• https://bugzilla.suse.com/show_bug.cgi?id=1236207
• https://bugzilla.suse.com/show_bug.cgi?id=1242579
• https://bugzilla.suse.com/show_bug.cgi?id=1244235
• https://bugzilla.suse.com/show_bug.cgi?id=1245505
• https://bugzilla.suse.com/show_bug.cgi?id=1245775
• https://bugzilla.suse.com/show_bug.cgi?id=1245791
• https://bugzilla.suse.com/show_bug.cgi?id=1245805
• https://bugzilla.suse.com/show_bug.cgi?id=1246030
• https://bugzilla.suse.com/show_bug.cgi?id=1248108