Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:4315-1
Release Date:	2025-12-01T10:12:40Z
Rating:	important
References:	bsc#1078788 bsc#1209291 bsc#1213666 bsc#1244824 bsc#1246911 bsc#1247374 bsc#1248621 bsc#1249200 bsc#1249220 bsc#1249604 bsc#1249808 bsc#1249846 bsc#1249880 bsc#1249988 bsc#1250257 bsc#1250311 bsc#1250323 bsc#1250358 bsc#1250392 bsc#1250522 bsc#1250742 bsc#1252035 bsc#1252499 bsc#1252554 bsc#963449 jsc#PED-8240
Cross-References:	CVE-2022-50116 CVE-2022-50252 CVE-2022-50272 CVE-2022-50381 CVE-2022-50409 CVE-2023-28328 CVE-2023-3772 CVE-2023-53147 CVE-2023-53282 CVE-2023-53322 CVE-2023-53365 CVE-2023-53395 CVE-2023-53705 CVE-2023-53722 CVE-2025-38352 CVE-2025-38498 CVE-2025-38617 CVE-2025-38685 CVE-2025-38713 CVE-2025-39973
CVSS scores:	CVE-2022-50116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50116 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50252 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-50252 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-50252 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-50272 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50381 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-50381 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-50409 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-50409 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53147 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53147 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53282 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2023-53282 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-53322 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2023-53322 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-53365 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53395 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2023-53395 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-53705 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2023-53705 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2023-53722 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2023-53722 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-38498 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38617 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38685 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38685 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38713 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38713 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

An update that solves 20 vulnerabilities, contains one feature and has five security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues

The following security issues were fixed:

CVE-2022-50116: Update config files. Disable N_GSM (bsc#1244824 jsc#PED-8240).
CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
CVE-2022-50381: MD: add rdev reference for super write (bsc#1250257).
CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).
CVE-2023-53322: scsi: qla2xxx: Wait for io return on terminate rport (bsc#1250323).
CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358).
CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
CVE-2023-53722: md: raid1: fix potential OOB in raid1_remove_disk() (bsc#1252499).
CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-4315=1
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-4315=1

Package List:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
- kernel-default-3.0.101-108.192.1
- kernel-xen-3.0.101-108.192.1
- kernel-trace-3.0.101-108.192.1
- kernel-ec2-3.0.101-108.192.1
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
- kernel-default-devel-debuginfo-3.0.101-108.192.1
- kernel-trace-debuginfo-3.0.101-108.192.1
- kernel-ec2-debugsource-3.0.101-108.192.1
- kernel-default-base-3.0.101-108.192.1
- kernel-trace-debugsource-3.0.101-108.192.1
- kernel-xen-base-3.0.101-108.192.1
- kernel-trace-base-3.0.101-108.192.1
- kernel-xen-devel-debuginfo-3.0.101-108.192.1
- kernel-trace-devel-debuginfo-3.0.101-108.192.1
- kernel-source-3.0.101-108.192.1
- kernel-syms-3.0.101-108.192.1
- kernel-xen-devel-3.0.101-108.192.1
- kernel-trace-devel-3.0.101-108.192.1
- kernel-default-debugsource-3.0.101-108.192.1
- kernel-ec2-devel-3.0.101-108.192.1
- kernel-ec2-base-3.0.101-108.192.1
- kernel-xen-debuginfo-3.0.101-108.192.1
- kernel-xen-debugsource-3.0.101-108.192.1
- kernel-default-debuginfo-3.0.101-108.192.1
- kernel-default-devel-3.0.101-108.192.1
- kernel-ec2-debuginfo-3.0.101-108.192.1
- kernel-ec2-devel-debuginfo-3.0.101-108.192.1
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (noarch nosrc)
- kernel-docs-3.0.101-108.192.1
SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
- kernel-default-3.0.101-108.192.1
- kernel-xen-3.0.101-108.192.1
- kernel-trace-3.0.101-108.192.1
- kernel-ec2-3.0.101-108.192.1
SUSE Linux Enterprise Server 11 SP4 (x86_64)
- kernel-default-devel-debuginfo-3.0.101-108.192.1
- kernel-trace-debuginfo-3.0.101-108.192.1
- kernel-ec2-debugsource-3.0.101-108.192.1
- kernel-default-base-3.0.101-108.192.1
- kernel-trace-debugsource-3.0.101-108.192.1
- kernel-xen-base-3.0.101-108.192.1
- kernel-trace-base-3.0.101-108.192.1
- kernel-xen-devel-debuginfo-3.0.101-108.192.1
- kernel-trace-devel-debuginfo-3.0.101-108.192.1
- kernel-source-3.0.101-108.192.1
- kernel-syms-3.0.101-108.192.1
- kernel-xen-devel-3.0.101-108.192.1
- kernel-trace-devel-3.0.101-108.192.1
- kernel-default-debugsource-3.0.101-108.192.1
- kernel-ec2-devel-3.0.101-108.192.1
- kernel-ec2-base-3.0.101-108.192.1
- kernel-xen-debuginfo-3.0.101-108.192.1
- kernel-xen-debugsource-3.0.101-108.192.1
- kernel-default-debuginfo-3.0.101-108.192.1
- kernel-default-devel-3.0.101-108.192.1
- kernel-ec2-debuginfo-3.0.101-108.192.1
- kernel-ec2-devel-debuginfo-3.0.101-108.192.1
SUSE Linux Enterprise Server 11 SP4 (noarch nosrc)
- kernel-docs-3.0.101-108.192.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: