Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:01965-1
Release Date: 2025-06-16T14:54:38Z
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-53146 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2023-53146 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-28956 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2024-28956 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2024-28956 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2024-28956 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2024-43869 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-46713 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-50106 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-50106 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-50106 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-50223 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-50223 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-53135 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-53135 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2024-54458 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-54458 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-58098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-58099 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2024-58099 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-58099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-58100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-58237 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21629 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-21629 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21648 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-21648 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21787 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21814 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21919 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-21919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-21919 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2025-22005 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22005 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22021 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-22021 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-22030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22056 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22056 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2025-22057 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22057 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22063 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22063 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22066 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22066 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22066 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22070 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22089 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22089 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2025-22095 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22103 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22103 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22119 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22119 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2025-22124 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22124 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-22126 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-22126 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23141 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-23141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23142 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23146 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-23146 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23147 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-23147 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23148 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23149 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23150 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23158 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23159 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23160 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-23161 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-23161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37740 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37741 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37742 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
  • CVE-2025-37747 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37749 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2025-37750 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37758 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37765 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37766 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37766 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37768 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37770 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37771 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37780 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37782 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2025-37787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37788 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37789 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37790 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37792 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37793 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37794 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37796 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37803 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37803 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37803 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2025-37804 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37804 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37805 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-37805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37809 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37810 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37810 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2025-37812 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37812 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37815 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37820 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37823 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37823 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37824 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37829 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37831 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37833 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37836 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37839 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37839 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-37840 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37841 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37842 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37849 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
  • CVE-2025-37850 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37851 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37851 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2025-37852 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37852 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37853 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37854 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37854 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37858 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37858 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2025-37867 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37870 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37871 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37873 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37875 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37879 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37879 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37881 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37887 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37890 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-37891 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2025-37892 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37897 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37897 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-37900 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37900 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37901 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37903 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37903 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2025-37905 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37905 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-37911 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37911 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N
  • CVE-2025-37912 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37913 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • CVE-2025-37914 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • CVE-2025-37915 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • CVE-2025-37918 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37918 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37925 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
  • CVE-2025-37925 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37928 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37928 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37929 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37929 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2025-37930 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37930 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
  • CVE-2025-37931 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37931 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • CVE-2025-37932 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-37932 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
  • CVE-2025-37937 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37943 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37948 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2025-37949 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37951 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37954 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37954 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2025-37957 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37959 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37963 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-37963 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-37969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37974 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37978 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37979 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37980 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37983 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-37983 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37989 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-37990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-38104 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-38152 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-38152 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-38152 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-38240 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-38240 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-38637 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-38637 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-39735 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-39735 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2025-39735 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2025-40014 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-40014 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2025-40014 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2025-40325 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-40325 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • openSUSE Leap 15.6
  • Public Cloud Module 15-SP6
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 171 vulnerabilities and has 28 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
  • CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
  • CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).
  • CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
  • CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).
  • CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
  • CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
  • CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
  • CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
  • CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).
  • CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
  • CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).
  • CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
  • CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).
  • CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
  • CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).
  • CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).
  • CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).
  • CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
  • CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).
  • CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).
  • CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
  • CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).
  • CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).
  • CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).
  • CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
  • CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).
  • CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
  • CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).
  • CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
  • CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).
  • CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).
  • CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).
  • CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).
  • CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
  • CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).
  • CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).
  • CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).
  • CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).
  • CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
  • CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).
  • CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).
  • CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
  • CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).
  • CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).
  • CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
  • CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664).
  • CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).
  • CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
  • CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).
  • CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).
  • CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).
  • CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).

The following non-security bugs were fixed:

  • ACPI: PPTT: Fix processor subtable walk (git-fixes).
  • ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).
  • ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).
  • ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).
  • ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).
  • ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).
  • ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).
  • ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).
  • ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).
  • ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).
  • Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).
  • Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).
  • Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).
  • Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).
  • Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).
  • HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).
  • HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).
  • IB/cm: use rwlock for MAD agent lock (git-fixes)
  • Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).
  • Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).
  • Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).
  • Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).
  • Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).
  • Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).
  • Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).
  • Input: xpad - fix Share button on Xbox One controllers (stable-fixes).
  • KVM: SVM: Allocate IR data using atomic allocation (git-fixes).
  • KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes).
  • KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).
  • KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).
  • KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).
  • KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).
  • KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).
  • KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).
  • KVM: arm64: Mark some header functions as inline (git-fixes).
  • KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).
  • KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).
  • KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).
  • KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).
  • KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).
  • KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).
  • KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).
  • KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).
  • KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).
  • KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).
  • KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).
  • KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).
  • KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes).
  • KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).
  • KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes).
  • KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).
  • KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes).
  • KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).
  • KVM: x86: Make x2APIC ID 100% readonly (git-fixes).
  • KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).
  • KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).
  • KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).
  • NFS: O_DIRECT writes must check and adjust the file length (git-fixes).
  • NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes).
  • NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).
  • NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).
  • RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)
  • RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (git-fixes)
  • RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)
  • RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)
  • RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)
  • RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug (git-fixes)
  • RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)
  • cBPF: Refresh fixes for cBPF issue (bsc#1242778)
  • Squashfs: check return result of sb_min_blocksize (git-fixes).
  • Update patches.suse/nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).
  • Update patches.suse/nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).
  • Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).
  • add bug reference for an existing hv_netvsc change (bsc#1243737).
  • afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).
  • afs: Make it possible to find the volumes that are using a server (git-fixes).
  • arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)
  • arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)
  • arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
  • arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)
  • arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)
  • arm64: insn: Add support for encoding DSB (git-fixes)
  • arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes)
  • arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)
  • arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)
  • arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).
  • bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).
  • bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).
  • bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).
  • bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).
  • bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).
  • bpf: Scrub packet on bpf_redirect_peer (git-fixes).
  • btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).
  • btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).
  • btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).
  • btrfs: avoid monopolizing a core when activating a swap file (git-fixes).
  • btrfs: do not loop for nowait writes when checking for cross references (git-fixes).
  • btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).
  • btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).
  • btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).
  • can: bcm: add locking for bcm_op runtime updates (git-fixes).
  • can: bcm: add missing rcu read protection for procfs content (git-fixes).
  • can: slcan: allow reception of short error messages (git-fixes).
  • cifs: change tcon status when need_reconnect is set on it (git-fixes).
  • cifs: reduce warning log level for server not advertising interfaces (git-fixes).
  • crypto: algif_hash - fix double free in hash_accept (git-fixes).
  • devlink: fix port new reply cmd type (git-fixes).
  • dm-integrity: fix a warning on invalid table line (git-fixes).
  • dma-buf: insert memory barrier before updating num_fences (git-fixes).
  • dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" (git-fixes).
  • dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).
  • dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).
  • dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).
  • dmaengine: idxd: Fix ->poll() return value (git-fixes).
  • dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).
  • dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).
  • dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).
  • dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).
  • dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).
  • dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).
  • dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).
  • dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).
  • dmaengine: mediatek: drop unused variable (git-fixes).
  • dmaengine: ti: k3-udma: Add missing locking (git-fixes).
  • dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).
  • drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).
  • drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).
  • drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).
  • drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).
  • drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).
  • drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).
  • drm/amdgpu: fix pm notifier handling (git-fixes).
  • drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).
  • drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).
  • drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).
  • exfat: fix potential wrong error return from get_block (git-fixes).
  • hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).
  • hv_netvsc: Remove rmsg_pgcnt (git-fixes).
  • hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).
  • i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).
  • ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).
  • idpf: fix offloads support for encapsulated packets (git-fixes).
  • idpf: fix potential memory leak on kcalloc() failure (git-fixes).
  • idpf: protect shutdown from reset (git-fixes).
  • igc: fix lock order in igc_ptp_reset (git-fixes).
  • inetpeer: remove create argument of inet_getpeer_v() (git-fixes).
  • inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).
  • ipv4/route: avoid unused-but-set-variable warning (git-fixes).
  • ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).
  • ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).
  • ipv4: Fix incorrect source address in Record Route option (git-fixes).
  • ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).
  • ipv4: fix source address selection with route leak (git-fixes).
  • ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).
  • ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).
  • ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).
  • ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).
  • ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).
  • ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).
  • ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).
  • ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).
  • ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).
  • ipv6: Align behavior across nexthops during path selection (git-fixes).
  • ipv6: Do not consider link down nexthops in path selection (git-fixes).
  • ipv6: Start path selection from the first nexthop (git-fixes).
  • ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).
  • jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).
  • jiffies: Define secs_to_jiffies() (bsc#1242993).
  • kernel-obs-qa: Use srchash for dependency as well
  • loop: Add sanity check for read/write_iter (git-fixes).
  • loop: aio inherit the ioprio of original request (git-fixes).
  • loop: do not require ->write_iter for writable files in loop_configure (git-fixes).
  • md/raid1,raid10: do not ignore IO flags (git-fixes).
  • md/raid10: fix missing discard IO accounting (git-fixes).
  • md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).
  • md/raid1: Add check for missing source disk in process_checks() (git-fixes).
  • md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).
  • md/raid5: implement pers->bitmap_sector() (git-fixes).
  • md: add a new callback pers->bitmap_sector() (git-fixes).
  • md: ensure resync is prioritized over recovery (git-fixes).
  • md: fix mddev uaf while iterating all_mddevs list (git-fixes).
  • md: preserve KABI in struct md_personality v2 (git-fixes).
  • media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).
  • mtd: phram: Add the kernel lock down check (bsc#1232649).
  • neighbour: delete redundant judgment statements (git-fixes).
  • net/handshake: Fix handshake_req_destroy_test1 (git-fixes).
  • net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).
  • net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).
  • net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).
  • net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).
  • net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).
  • net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).
  • net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).
  • net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).
  • net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).
  • net: Handle napi_schedule() calls from non-interrupt (git-fixes).
  • net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).
  • net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).
  • net: do not dump stack on queue timeout (git-fixes).
  • net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).
  • net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).
  • net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).
  • net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).
  • net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).
  • net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).
  • net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).
  • netdev-genl: avoid empty messages in queue dump (git-fixes).
  • netdev: fix repeated netlink messages in queue dump (git-fixes).
  • netlink: annotate data-races around sk->sk_err (git-fixes).
  • netpoll: Ensure clean state on setup failures (git-fixes).
  • nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).
  • nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).
  • nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).
  • nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).
  • nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).
  • nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).
  • nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
  • nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).
  • nvme-tcp: fix premature queue removal and I/O failover (git-fixes).
  • nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).
  • nvme: Add 'partial_nid' quirk (bsc#1241148).
  • nvme: Add warning when a partiually unique NID is detected (bsc#1241148).
  • nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).
  • nvme: multipath: fix return value of nvme_available_path (git-fixes).
  • nvme: re-read ANA log page after ns scan completes (git-fixes).
  • nvme: requeue namespace scan on missed AENs (git-fixes).
  • nvme: unblock ctrl state transition for firmware update (git-fixes).
  • nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).
  • nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).
  • nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes).
  • nvmet-fc: take tgtport reference only once (git-fixes).
  • nvmet-fc: update tgtport ref per assoc (git-fixes).
  • nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).
  • nvmet-fcloop: add ref counting to lport (git-fixes).
  • nvmet-fcloop: replace kref with refcount (git-fixes).
  • nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).
  • objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).
  • ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
  • octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).
  • padata: do not leak refcount in reorder_work (git-fixes).
  • phy: Fix error handling in tegra_xusb_port_init (git-fixes).
  • phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).
  • phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).
  • phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).
  • phy: tegra: xusb: remove a stray unlock (git-fixes).
  • platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).
  • powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).
  • powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).
  • qibfs: fix another leak (git-fixes)
  • rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)
  • rcu/tasks: Handle new PF_IDLE semantics (git-fixes)
  • rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes)
  • rcu: Introduce rcu_cpu_online() (git-fixes)
  • regulator: max20086: fix invalid memory access (git-fixes).
  • s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).
  • scsi: Improve CDL control (git-fixes).
  • scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).
  • scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).
  • scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).
  • scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).
  • scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).
  • scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).
  • scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).
  • scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993).
  • scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).
  • scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).
  • scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).
  • scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).
  • scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).
  • scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).
  • scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).
  • scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).
  • scsi: qla2xxx: Fix typos in a comment (bsc#1243090).
  • scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).
  • scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).
  • scsi: qla2xxx: Remove unused module parameters (bsc#1243090).
  • scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).
  • scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).
  • scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).
  • scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).
  • scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).
  • scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).
  • scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).
  • selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203).
  • smb3: fix Open files on server counter going negative (git-fixes).
  • smb: client: Use str_yes_no() helper function (git-fixes).
  • smb: client: allow more DFS referrals to be cached (git-fixes).
  • smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes).
  • smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes).
  • smb: client: do not retry DFS targets on server shutdown (git-fixes).
  • smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes).
  • smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes).
  • smb: client: fix DFS interlink failover (git-fixes).
  • smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes).
  • smb: client: fix hang in wait_for_response() for negproto (bsc#1242709).
  • smb: client: fix potential race in cifs_put_tcon() (git-fixes).
  • smb: client: fix return value of parse_dfs_referrals() (git-fixes).
  • smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes).
  • smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes).
  • smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes).
  • smb: client: improve purging of cached referrals (git-fixes).
  • smb: client: introduce av_for_each_entry() helper (git-fixes).
  • smb: client: optimize referral walk on failed link targets (git-fixes).
  • smb: client: parse DNS domain name from domain= option (git-fixes).
  • smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes).
  • smb: client: provide dns_resolve_{unc,name} helpers (git-fixes).
  • smb: client: refresh referral without acquiring refpath_lock (git-fixes).
  • smb: client: remove unnecessary checks in open_cached_dir() (git-fixes).
  • spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).
  • spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).
  • spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).
  • spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).
  • spi: tegra114: Use value to check for invalid delays (git-fixes).
  • tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).
  • tcp_cubic: fix incorrect HyStart round start detection (git-fixes).
  • thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).
  • usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).
  • vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).
  • virtio_console: fix missing byte order handling for cols and rows (git-fixes).
  • wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).
  • wifi: mt76: disable napi on driver removal (git-fixes).
  • x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).
  • x86/xen: move xen_reserve_extra_memory() (git-fixes).
  • xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).
  • xen: Change xen-acpi-processor dom0 dependency (git-fixes).
  • xenfs/xensyms: respect hypervisor's "next" indication (git-fixes).
  • xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).
  • xhci: split free interrupter into separate remove and free parts (git-fixes).
  • xsk: Add truesize to skb_add_rx_frag() (git-fixes).
  • xsk: Do not assume metadata is always requested in TX completion (git-fixes).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.6
    zypper in -t patch openSUSE-SLE-15.6-2025-1965=1 SUSE-2025-1965=1
  • Public Cloud Module 15-SP6
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-1965=1

Package List:

  • openSUSE Leap 15.6 (aarch64 x86_64)
    • dlm-kmp-azure-6.4.0-150600.8.40.1
    • kselftests-kmp-azure-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-extra-debuginfo-6.4.0-150600.8.40.1
    • reiserfs-kmp-azure-debuginfo-6.4.0-150600.8.40.1
    • kselftests-kmp-azure-6.4.0-150600.8.40.1
    • gfs2-kmp-azure-debuginfo-6.4.0-150600.8.40.1
    • ocfs2-kmp-azure-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-debuginfo-6.4.0-150600.8.40.1
    • reiserfs-kmp-azure-6.4.0-150600.8.40.1
    • cluster-md-kmp-azure-debuginfo-6.4.0-150600.8.40.1
    • cluster-md-kmp-azure-6.4.0-150600.8.40.1
    • kernel-syms-azure-6.4.0-150600.8.40.1
    • kernel-azure-extra-6.4.0-150600.8.40.1
    • kernel-azure-debugsource-6.4.0-150600.8.40.1
    • kernel-azure-optional-6.4.0-150600.8.40.1
    • kernel-azure-devel-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-optional-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-devel-6.4.0-150600.8.40.1
    • gfs2-kmp-azure-6.4.0-150600.8.40.1
    • dlm-kmp-azure-debuginfo-6.4.0-150600.8.40.1
    • ocfs2-kmp-azure-6.4.0-150600.8.40.1
  • openSUSE Leap 15.6 (aarch64 nosrc x86_64)
    • kernel-azure-6.4.0-150600.8.40.1
  • openSUSE Leap 15.6 (x86_64)
    • kernel-azure-vdso-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-vdso-6.4.0-150600.8.40.1
  • openSUSE Leap 15.6 (noarch)
    • kernel-source-azure-6.4.0-150600.8.40.1
    • kernel-devel-azure-6.4.0-150600.8.40.1
  • Public Cloud Module 15-SP6 (aarch64 nosrc x86_64)
    • kernel-azure-6.4.0-150600.8.40.1
  • Public Cloud Module 15-SP6 (aarch64 x86_64)
    • kernel-azure-devel-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-debuginfo-6.4.0-150600.8.40.1
    • kernel-azure-devel-6.4.0-150600.8.40.1
    • kernel-syms-azure-6.4.0-150600.8.40.1
    • kernel-azure-debugsource-6.4.0-150600.8.40.1
  • Public Cloud Module 15-SP6 (noarch)
    • kernel-source-azure-6.4.0-150600.8.40.1
    • kernel-devel-azure-6.4.0-150600.8.40.1

References: