Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:1574-1
Release Date:	2025-05-16T18:36:35Z
Rating:	important
References:	bsc#1207034 bsc#1207878 bsc#1221980 bsc#1234931 bsc#1235433 bsc#1237984 bsc#1238512 bsc#1238747 bsc#1238865 bsc#1240210 bsc#1240308 bsc#1240835 bsc#1241280 bsc#1241371 bsc#1241404 bsc#1241405 bsc#1241407 bsc#1241408
Cross-References:	CVE-2020-36789 CVE-2021-47163 CVE-2021-47668 CVE-2021-47669 CVE-2021-47670 CVE-2022-49111 CVE-2023-0179 CVE-2023-53026 CVE-2023-53033 CVE-2024-56642 CVE-2024-56661 CVE-2025-21726 CVE-2025-21785 CVE-2025-21791 CVE-2025-22004 CVE-2025-22020 CVE-2025-22055
CVSS scores:	CVE-2020-36789 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2020-36789 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36789 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47163 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47163 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47668 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2021-47668 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47668 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-47669 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2021-47669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47669 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-47670 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2021-47670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2022-49111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-53026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53026 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-56642 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56642 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56642 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56642 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56661 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-56661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-56661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21726 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21726 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21785 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21785 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21785 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21791 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22004 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22020 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22055 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves 17 vulnerabilities and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
• CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
• CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
• CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
• CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
• CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro 5.1
  zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1574=1
• SUSE Linux Enterprise Micro 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1574=1
• SUSE Linux Enterprise Micro for Rancher 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1574=1

Package List:

• SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro 5.1 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.208.1
  • kernel-rt-debuginfo-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro 5.1 (noarch)
  • kernel-source-rt-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro 5.2 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.208.1
  • kernel-rt-debuginfo-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro 5.2 (noarch)
  • kernel-source-rt-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.208.1
  • kernel-rt-debuginfo-5.3.18-150300.208.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
  • kernel-source-rt-5.3.18-150300.208.1

References:

• https://www.suse.com/security/cve/CVE-2020-36789.html
• https://www.suse.com/security/cve/CVE-2021-47163.html
• https://www.suse.com/security/cve/CVE-2021-47668.html
• https://www.suse.com/security/cve/CVE-2021-47669.html
• https://www.suse.com/security/cve/CVE-2021-47670.html
• https://www.suse.com/security/cve/CVE-2022-49111.html
• https://www.suse.com/security/cve/CVE-2023-0179.html
• https://www.suse.com/security/cve/CVE-2023-53026.html
• https://www.suse.com/security/cve/CVE-2023-53033.html
• https://www.suse.com/security/cve/CVE-2024-56642.html
• https://www.suse.com/security/cve/CVE-2024-56661.html
• https://www.suse.com/security/cve/CVE-2025-21726.html
• https://www.suse.com/security/cve/CVE-2025-21785.html
• https://www.suse.com/security/cve/CVE-2025-21791.html
• https://www.suse.com/security/cve/CVE-2025-22004.html
• https://www.suse.com/security/cve/CVE-2025-22020.html
• https://www.suse.com/security/cve/CVE-2025-22055.html
• https://bugzilla.suse.com/show_bug.cgi?id=1207034
• https://bugzilla.suse.com/show_bug.cgi?id=1207878
• https://bugzilla.suse.com/show_bug.cgi?id=1221980
• https://bugzilla.suse.com/show_bug.cgi?id=1234931
• https://bugzilla.suse.com/show_bug.cgi?id=1235433
• https://bugzilla.suse.com/show_bug.cgi?id=1237984
• https://bugzilla.suse.com/show_bug.cgi?id=1238512
• https://bugzilla.suse.com/show_bug.cgi?id=1238747
• https://bugzilla.suse.com/show_bug.cgi?id=1238865
• https://bugzilla.suse.com/show_bug.cgi?id=1240210
• https://bugzilla.suse.com/show_bug.cgi?id=1240308
• https://bugzilla.suse.com/show_bug.cgi?id=1240835
• https://bugzilla.suse.com/show_bug.cgi?id=1241280
• https://bugzilla.suse.com/show_bug.cgi?id=1241371
• https://bugzilla.suse.com/show_bug.cgi?id=1241404
• https://bugzilla.suse.com/show_bug.cgi?id=1241405
• https://bugzilla.suse.com/show_bug.cgi?id=1241407
• https://bugzilla.suse.com/show_bug.cgi?id=1241408