Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:03383-1
Release Date:	2025-09-26T17:27:32Z
Rating:	important
References:	bsc#1234896 bsc#1244824 bsc#1245970 bsc#1246473 bsc#1246911 bsc#1247143 bsc#1247374 bsc#1247518 bsc#1247976 bsc#1248223 bsc#1248297 bsc#1248306 bsc#1248312 bsc#1248338 bsc#1248511 bsc#1248614 bsc#1248621 bsc#1248748 jsc#PED-8240
Cross-References:	CVE-2022-50116 CVE-2024-53177 CVE-2024-58239 CVE-2025-38180 CVE-2025-38323 CVE-2025-38352 CVE-2025-38460 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644
CVSS scores:	CVE-2022-50116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53177 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53177 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-58239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38180 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38180 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38323 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-38460 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38460 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38498 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38499 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H CVE-2025-38546 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38546 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38555 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38560 ( SUSE ): 5.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H CVE-2025-38560 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2025-38608 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-38617 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38618 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38644 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves 17 vulnerabilities, contains one feature and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
• CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
• CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
• CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
• CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
• CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
• CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
• CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
• CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
• CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
• CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
• CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
• CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
• CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
• CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
• CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
• CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).

The following non-security bugs were fixed:

• NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
• Disable N_GSM (bsc#1244824 jsc#PED-8240).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2025-3383=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2025-3383=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2025-3383=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2025-3383=1

Package List:

• SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.130.1
  • kernel-rt-debugsource-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
  • kernel-source-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro 5.3 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.130.1
  • kernel-rt-debugsource-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro 5.3 (noarch)
  • kernel-source-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.130.1
  • kernel-rt-debugsource-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
  • kernel-source-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro 5.4 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.130.1
  • kernel-rt-debugsource-5.14.21-150400.15.130.1
• SUSE Linux Enterprise Micro 5.4 (noarch)
  • kernel-source-rt-5.14.21-150400.15.130.1

References:

• https://www.suse.com/security/cve/CVE-2022-50116.html
• https://www.suse.com/security/cve/CVE-2024-53177.html
• https://www.suse.com/security/cve/CVE-2024-58239.html
• https://www.suse.com/security/cve/CVE-2025-38180.html
• https://www.suse.com/security/cve/CVE-2025-38323.html
• https://www.suse.com/security/cve/CVE-2025-38352.html
• https://www.suse.com/security/cve/CVE-2025-38460.html
• https://www.suse.com/security/cve/CVE-2025-38498.html
• https://www.suse.com/security/cve/CVE-2025-38499.html
• https://www.suse.com/security/cve/CVE-2025-38546.html
• https://www.suse.com/security/cve/CVE-2025-38555.html
• https://www.suse.com/security/cve/CVE-2025-38560.html
• https://www.suse.com/security/cve/CVE-2025-38563.html
• https://www.suse.com/security/cve/CVE-2025-38608.html
• https://www.suse.com/security/cve/CVE-2025-38617.html
• https://www.suse.com/security/cve/CVE-2025-38618.html
• https://www.suse.com/security/cve/CVE-2025-38644.html
• https://bugzilla.suse.com/show_bug.cgi?id=1234896
• https://bugzilla.suse.com/show_bug.cgi?id=1244824
• https://bugzilla.suse.com/show_bug.cgi?id=1245970
• https://bugzilla.suse.com/show_bug.cgi?id=1246473
• https://bugzilla.suse.com/show_bug.cgi?id=1246911
• https://bugzilla.suse.com/show_bug.cgi?id=1247143
• https://bugzilla.suse.com/show_bug.cgi?id=1247374
• https://bugzilla.suse.com/show_bug.cgi?id=1247518
• https://bugzilla.suse.com/show_bug.cgi?id=1247976
• https://bugzilla.suse.com/show_bug.cgi?id=1248223
• https://bugzilla.suse.com/show_bug.cgi?id=1248297
• https://bugzilla.suse.com/show_bug.cgi?id=1248306
• https://bugzilla.suse.com/show_bug.cgi?id=1248312
• https://bugzilla.suse.com/show_bug.cgi?id=1248338
• https://bugzilla.suse.com/show_bug.cgi?id=1248511
• https://bugzilla.suse.com/show_bug.cgi?id=1248614
• https://bugzilla.suse.com/show_bug.cgi?id=1248621
• https://bugzilla.suse.com/show_bug.cgi?id=1248748
• https://jira.suse.com/browse/PED-8240