Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2025:02099-1 |
---|---|
Release Date: | 2025-06-25T06:02:40Z |
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 10 vulnerabilities and has one security fix can now be installed.
Description:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
The following non-security bugs were fixed:
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- netfilter: ipset: Check and reject crazy /0 input parameters (git-fixes)
- netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function (git-fixes)
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-2099=1
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-2099=1
Package List:
-
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
- kernel-ec2-3.0.101-108.183.1
- kernel-default-3.0.101-108.183.1
- kernel-xen-3.0.101-108.183.1
- kernel-trace-3.0.101-108.183.1
-
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
- kernel-source-3.0.101-108.183.1
- kernel-syms-3.0.101-108.183.1
- kernel-xen-devel-3.0.101-108.183.1
- kernel-ec2-devel-3.0.101-108.183.1
- kernel-trace-base-3.0.101-108.183.1
- kernel-ec2-base-3.0.101-108.183.1
- kernel-xen-base-3.0.101-108.183.1
- kernel-default-base-3.0.101-108.183.1
- kernel-trace-devel-3.0.101-108.183.1
- kernel-default-devel-3.0.101-108.183.1
-
SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
- kernel-ec2-3.0.101-108.183.1
- kernel-default-3.0.101-108.183.1
- kernel-xen-3.0.101-108.183.1
- kernel-trace-3.0.101-108.183.1
-
SUSE Linux Enterprise Server 11 SP4 (x86_64)
- kernel-source-3.0.101-108.183.1
- kernel-syms-3.0.101-108.183.1
- kernel-xen-devel-3.0.101-108.183.1
- kernel-ec2-devel-3.0.101-108.183.1
- kernel-trace-base-3.0.101-108.183.1
- kernel-ec2-base-3.0.101-108.183.1
- kernel-xen-base-3.0.101-108.183.1
- kernel-default-base-3.0.101-108.183.1
- kernel-trace-devel-3.0.101-108.183.1
- kernel-default-devel-3.0.101-108.183.1
References:
- https://www.suse.com/security/cve/CVE-2017-5753.html
- https://www.suse.com/security/cve/CVE-2023-2162.html
- https://www.suse.com/security/cve/CVE-2023-3567.html
- https://www.suse.com/security/cve/CVE-2023-52973.html
- https://www.suse.com/security/cve/CVE-2023-52974.html
- https://www.suse.com/security/cve/CVE-2023-53000.html
- https://www.suse.com/security/cve/CVE-2024-53141.html
- https://www.suse.com/security/cve/CVE-2025-21700.html
- https://www.suse.com/security/cve/CVE-2025-21702.html
- https://www.suse.com/security/cve/CVE-2025-22004.html
- https://bugzilla.suse.com/show_bug.cgi?id=1209547
- https://bugzilla.suse.com/show_bug.cgi?id=1210647
- https://bugzilla.suse.com/show_bug.cgi?id=1213167
- https://bugzilla.suse.com/show_bug.cgi?id=1232649
- https://bugzilla.suse.com/show_bug.cgi?id=1234381
- https://bugzilla.suse.com/show_bug.cgi?id=1237159
- https://bugzilla.suse.com/show_bug.cgi?id=1237312
- https://bugzilla.suse.com/show_bug.cgi?id=1240213
- https://bugzilla.suse.com/show_bug.cgi?id=1240218
- https://bugzilla.suse.com/show_bug.cgi?id=1240227
- https://bugzilla.suse.com/show_bug.cgi?id=1240835