Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:1573-1
Release Date:	2025-05-16T16:32:08Z
Rating:	important
References:	bsc#1201855 bsc#1230771 bsc#1238471 bsc#1238512 bsc#1238747 bsc#1238865 bsc#1239968 bsc#1240188 bsc#1240195 bsc#1240553 bsc#1240747 bsc#1240835 bsc#1241280 bsc#1241371 bsc#1241378 bsc#1241421 bsc#1241433 bsc#1241541
Cross-References:	CVE-2021-47671 CVE-2022-49741 CVE-2024-46784 CVE-2025-21726 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21886 CVE-2025-22004 CVE-2025-22020 CVE-2025-22029 CVE-2025-22045 CVE-2025-22055 CVE-2025-22097
CVSS scores:	CVE-2021-47671 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2021-47671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47671 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-49741 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2022-49741 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49741 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21726 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21726 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21785 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21785 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21785 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21791 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21812 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22004 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22020 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22029 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22029 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22045 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22055 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-22097 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22097 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2025-22097 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves 14 vulnerabilities and has four security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).

The following non-security bugs were fixed:

scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1573=1
SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1573=1
SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1573=1
SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1573=1

Package List:

SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.118.1
- kernel-rt-debuginfo-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.118.1
- kernel-rt-debuginfo-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.118.1
- kernel-rt-debuginfo-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.118.1
- kernel-rt-debuginfo-5.14.21-150400.15.118.1
SUSE Linux Enterprise Micro 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.118.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: