Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:4393-1
Release Date:	2025-12-15T11:09:12Z
Rating:	important
References:	bsc#1235463 bsc#1236743 bsc#1237888 bsc#1241166 bsc#1243474 bsc#1245193 bsc#1247076 bsc#1247500 bsc#1247509 bsc#1247683 bsc#1249547 bsc#1249912 bsc#1249982 bsc#1250034 bsc#1250176 bsc#1250237 bsc#1250252 bsc#1250705 bsc#1251120 bsc#1251786 bsc#1252063 bsc#1252267 bsc#1252269 bsc#1252303 bsc#1252352 bsc#1252353 bsc#1252365 bsc#1252366 bsc#1252368 bsc#1252370 bsc#1252681 bsc#1252763 bsc#1252773 bsc#1252774 bsc#1252780 bsc#1252790 bsc#1252794 bsc#1252795 bsc#1252809 bsc#1252817 bsc#1252821 bsc#1252836 bsc#1252845 bsc#1252862 bsc#1252912 bsc#1252917 bsc#1252923 bsc#1252928 bsc#1253018 bsc#1253176 bsc#1253275 bsc#1253318 bsc#1253324 bsc#1253349 bsc#1253352 bsc#1253355 bsc#1253360 bsc#1253362 bsc#1253363 bsc#1253367 bsc#1253369 bsc#1253393 bsc#1253394 bsc#1253395 bsc#1253403 bsc#1253407 bsc#1253409 bsc#1253412 bsc#1253416 bsc#1253421 bsc#1253423 bsc#1253424 bsc#1253425 bsc#1253427 bsc#1253428 bsc#1253431 bsc#1253436 bsc#1253438 bsc#1253440 bsc#1253441 bsc#1253445 bsc#1253448 bsc#1253449 bsc#1253453 bsc#1253456 bsc#1253472 bsc#1253648 bsc#1253779 bsc#1254181 bsc#1254221 bsc#1254235
Cross-References:	CVE-2022-50253 CVE-2023-53676 CVE-2025-21710 CVE-2025-37916 CVE-2025-38359 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39822 CVE-2025-39859 CVE-2025-39944 CVE-2025-39980 CVE-2025-40001 CVE-2025-40021 CVE-2025-40027 CVE-2025-40030 CVE-2025-40038 CVE-2025-40040 CVE-2025-40047 CVE-2025-40048 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40080 CVE-2025-40083 CVE-2025-40086 CVE-2025-40098 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40159 CVE-2025-40164 CVE-2025-40168 CVE-2025-40169 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40180 CVE-2025-40183 CVE-2025-40185 CVE-2025-40186 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207
CVSS scores:	CVE-2022-50253 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37916 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38359 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38359 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38359 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39788 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-39788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39819 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39980 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-40001 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-40021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2025-40027 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40030 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40047 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40059 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40083 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40086 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40098 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40105 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-40107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40109 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40110 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H CVE-2025-40115 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40118 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40120 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-40127 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-40139 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40140 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-40141 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2025-40149 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-40156 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40157 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40164 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40168 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2025-40169 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-40171 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40173 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40176 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40180 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2025-40183 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-40185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40198 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-40205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-40207 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP7 Development Tools Module 15-SP7 Legacy Module 15-SP7 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Availability Extension 15 SP7 SUSE Linux Enterprise Live Patching 15-SP7 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7

An update that solves 69 vulnerabilities and has 22 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
• CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
• CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888).
• CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
• CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
• CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547).
• CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
• CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
• CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034).
• CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
• CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
• CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
• CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
• CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
• CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
• CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773).
• CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
• CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
• CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790).
• CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
• CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
• CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
• CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
• CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
• CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794).
• CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
• CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
• CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
• CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923).
• CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
• CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
• CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
• CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
• CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
• CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
• CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
• CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
• CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
• CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394).
• CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non security issues were fixed:

• ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
• ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
• ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
• ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes).
• ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
• ACPI: property: Return present device nodes only on fwnode interface (stable-fixes).
• ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes).
• ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
• ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes).
• ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes).
• ALSA: serial-generic: remove shared static buffer (stable-fixes).
• ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
• ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes).
• ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes).
• ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
• ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
• ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes).
• ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
• ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
• ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes).
• ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
• ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes).
• ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
• ASoC: tas2781: fix getting the wrong device number (git-fixes).
• ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes).
• Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes).
• Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
• Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes).
• Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
• Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes).
• Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (git-fixes).
• Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
• Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
• Bluetooth: bcsp: receive data only if registered (stable-fixes).
• Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes).
• Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes).
• Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes).
• Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
• Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
• HID: amd_sfh: Stop sensor before starting (git-fixes).
• HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes).
• HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
• HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
• HID: uclogic: Fix potential memory leak in error path (git-fixes).
• Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
• Input: imx_sc_key - fix memory corruption on unload (git-fixes).
• Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
• KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
• KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests (git-fixes).
• KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
• KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
• KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes).
• KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
• KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes).
• KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes).
• KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes).
• KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes).
• KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
• KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
• KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes).
• KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes).
• KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes).
• KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
• KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
• KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
• KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes).
• KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
• KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes).
• KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes).
• KVM: x86: Have all vendor neutral sub-configs depend on KVM_X86, not just KVM (git-fixes).
• NFS4: Fix state renewals missing after boot (git-fixes).
• NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
• NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
• NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
• NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes).
• NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
• NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
• PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
• PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
• PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
• PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes).
• PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes).
• PCI: j721e: Fix incorrect error message in probe() (git-fixes).
• PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
• PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
• RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes).
• RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes).
• RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes).
• RDMA/hns: Fix the modification of max_send_sge (git-fixes).
• RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes).
• RDMA/irdma: Fix SD index calculation (git-fixes).
• RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes).
• accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
• accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes).
• accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes).
• accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes).
• acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes).
• acpi/hmat: Fix lockdep warning for hmem_register_resource() (git-fixes).
• amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes).
• ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() (git-fixes).
• block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes).
• block: fix kobject double initialization in add_disk (git-fixes).
• bpf: Fix test verif_scale_strobemeta_subprogs failure due to llvm19 (bsc#1252368).
• bpf: improve error message for unsupported helper (bsc#1252370).
• btrfs: abort transaction on failure to add link to inode (git-fixes).
• btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix).
• btrfs: avoid using fixed char array size for tree names (git-fix).
• btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
• btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
• btrfs: fix inode leak on failure to add link to inode (git-fixes).
• btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix).
• btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes).
• btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
• btrfs: rename err to ret in btrfs_link() (git-fixes).
• btrfs: run btrfs_error_commit_super() early (git-fix).
• btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix).
• btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes).
• btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
• btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes).
• btrfs: simplify error handling logic for btrfs_link() (git-fixes).
• btrfs: tree-checker: add dev extent item checks (git-fix).
• btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix).
• btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix).
• btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
• btrfs: tree-checker: validate dref root and objectid (git-fix).
• btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes).
• cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166).
• char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes).
• char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes).
• char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes).
• cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
• cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
• cramfs: Verify inode mode when loading from disk (git-fixes).
• crypto: aspeed - fix double free caused by devm (git-fixes).
• crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes).
• crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes).
• crypto: iaa - Do not clobber req->base.data (git-fixes).
• crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes).
• dmaengine: dw-edma: Set status for callback_result (stable-fixes).
• dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
• drm/amd/amdgpu: Release xcp drm memory after unplug (stable-fixes).
• drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START (stable-fixes).
• drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
• drm/amd/display: Add fallback path for YCBCR422 (stable-fixes).
• drm/amd/display: Allow VRR params change if unsynced with the stream (git-fixes).
• drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
• drm/amd/display: Enable mst when it's detected but yet to be initialized (git-fixes).
• drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
• drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes).
• drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
• drm/amd/display: Fix for test crash due to power gating (stable-fixes).
• drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (stable-fixes).
• drm/amd/display: Fix pbn_div Calculation Error (stable-fixes).
• drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes).
• drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting (stable-fixes).
• drm/amd/display: Init dispclk from bootup clock for DCN314 (stable-fixes).
• drm/amd/display: Move setup_stream_attribute (stable-fixes).
• drm/amd/display: Reject modes with too high pixel clock on DCE6-10 (git-fixes).
• drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off (stable-fixes).
• drm/amd/display: Set up pixel encoding for YCBCR422 (stable-fixes).
• drm/amd/display: Support HW cursor 180 rot for any number of pipe splits (stable-fixes).
• drm/amd/display: Wait until OTG enable state is cleared (stable-fixes).
• drm/amd/display: add more cyan skillfish devices (stable-fixes).
• drm/amd/display: change dc stream color settings only in atomic commit (stable-fixes).
• drm/amd/display: ensure committing streams is seamless (stable-fixes).
• drm/amd/display: fix condition for setting timing_adjust_pending (stable-fixes).
• drm/amd/display: fix dml ms order of operations (stable-fixes).
• drm/amd/display: incorrect conditions for failing dto calculations (stable-fixes).
• drm/amd/display: update color on atomic commit time (stable-fixes).
• drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
• drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes).
• drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
• drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
• drm/amd: Avoid evicting resources at S5 (stable-fixes).
• drm/amd: Check that VPE has reached DPM0 in idle handler (stable-fixes).
• drm/amd: Fix suspend failure with secure display TA (git-fixes).
• drm/amd: add more cyan skillfish PCI ids (stable-fixes).
• drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (stable-fixes).
• drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
• drm/amdgpu/smu: Handle S0ix for vangogh (stable-fixes).
• drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
• drm/amdgpu: Check vcn sram load return value (stable-fixes).
• drm/amdgpu: Correct the counts of nr_banks and nr_errors (stable-fixes).
• drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes).
• drm/amdgpu: Fix function header names in amdgpu_connectors.c (git-fixes).
• drm/amdgpu: Fix unintended error log in VCN5_0_0 (git-fixes).
• drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) (stable-fixes).
• drm/amdgpu: Skip poison aca bank from UE channel (stable-fixes).
• drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes).
• drm/amdgpu: add range check for RAS bad page address (stable-fixes).
• drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
• drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces (stable-fixes).
• drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
• drm/amdgpu: fix nullptr err of vm_handle_moved (stable-fixes).
• drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (stable-fixes).
• drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
• drm/amdgpu: remove two invalid BUG_ON()s (stable-fixes).
• drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
• drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes).
• drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
• drm/amdkfd: relax checks for over allocation of save area (stable-fixes).
• drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
• drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off (git-fixes).
• drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes).
• drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
• drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes).
• drm/exynos: exynos7_drm_decon: remove ctx->suspended (git-fixes).
• drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).
• drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes).
• drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
• drm/mediatek: Add pm_runtime support for GCE power control (git-fixes).
• drm/mediatek: Disable AFBC support on Mediatek DRM driver (git-fixes).
• drm/msm/a6xx: Fix PDC sleep sequence (git-fixes).
• drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes).
• drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
• drm/msm/registers: Generate _HI/LO builders for reg64 (stable-fixes).
• drm/msm: make sure to not queue up recovery more than once (stable-fixes).
• drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes).
• drm/panthor: Serialize GPU cache flush operations (stable-fixes).
• drm/panthor: check bo offset alignment in vm bind (stable-fixes).
• drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes).
• drm/sched: Optimise drm_sched_entity_push_job (stable-fixes).
• drm/sched: avoid killing parent entity on child SIGKILL (stable-fixes).
• drm/tegra: Add call to put_pid() (git-fixes).
• drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes).
• drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes).
• drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
• drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes).
• drm/xe/guc: Add more GuC load error status codes (stable-fixes).
• drm/xe/guc: Increase GuC crash dump buffer size (stable-fixes).
• drm/xe/guc: Return an error code if the GuC load fails (stable-fixes).
• drm/xe/guc: Set upper limit of H2G retries over CTB (stable-fixes).
• drm/xe/guc: Synchronize Dead CT worker with unbind (git-fixes).
• drm/xe: Do clean shutdown also when using flr (git-fixes).
• drm/xe: Do not wake device during a GT reset (git-fixes).
• drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test (stable-fixes).
• drm/xe: Move declarations under conditional branch (stable-fixes).
• drm/xe: Remove duplicate DRM_EXEC selection from Kconfig (git-fixes).
• drm: panel-backlight-quirks: Make EDID match optional (stable-fixes).
• exfat: limit log print for IO error (git-fixes).
• extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
• extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
• fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes).
• fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes).
• fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
• fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes).
• hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes).
• hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
• hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
• hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes).
• hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes).
• hwmon: sy7636a: add alias (stable-fixes).
• hyperv: Remove the spurious null directive line (git-fixes).
• iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes).
• iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes).
• ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes).
• iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes).
• isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
• ixgbe: fix memory leak and use-after-free in ixgbe_recovery_probe() (git-fixes).
• jfs: Verify inode mode when loading from disk (git-fixes).
• jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
• lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes).
• md/raid1: fix data lost for writemostly rdev (git-fixes).
• md: fix mssing blktrace bio split events (git-fixes).
• media: adv7180: Add missing lock in suspend callback (stable-fixes).
• media: adv7180: Do not write format to device in set_fmt (stable-fixes).
• media: adv7180: Only validate format in querystd (stable-fixes).
• media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
• media: fix uninitialized symbol warnings (stable-fixes).
• media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes).
• media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes).
• media: imon: make send_packet() more robust (stable-fixes).
• media: ov08x40: Fix the horizontal flip control (stable-fixes).
• media: redrat3: use int type to store negative error codes (stable-fixes).
• media: uvcvideo: Use heuristic to find stream entity (git-fixes).
• media: videobuf2: forbid remove_bufs when legacy fileio is active (git-fixes).
• memstick: Add timeout to prevent indefinite waiting (stable-fixes).
• mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes).
• mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes).
• mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
• mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
• minixfs: Verify inode mode when loading from disk (git-fixes).
• mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes).
• mm/secretmem: fix use-after-free race in fault handler (git-fixes).
• mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
• mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
• mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes).
• mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
• mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
• mtdchar: fix integer overflow in read/write ioctls (git-fixes).
• net/mana: fix warning in the writer of client oob (git-fixes).
• net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779).
• net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes).
• net: phy: clear link parameters on admin link down (stable-fixes).
• net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes).
• net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
• net: tcp: send zero-window ACK when no memory (bsc#1253779).
• net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes).
• nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes).
• nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes).
• nvme-auth: add hkdf_expand_label() (bsc#1247683).
• nvme-auth: use hkdf_expand_label() (bsc#1247683).
• phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
• phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes).
• phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes).
• pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes).
• pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes).
• pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes).
• platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes).
• power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
• power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes).
• power: supply: sbs-charger: Support multiple devices (stable-fixes).
• powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
• powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
• regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
• rtc: rx8025: fix incorrect register reference (git-fixes).
• s390/mm,fault: simplify kfence fault handling (bsc#1247076).
• scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes).
• scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
• scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
• scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes).
• scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes).
• scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
• scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
• scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
• scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes).
• scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
• scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
• selftests/bpf: Check for timeout in perf_link test (bsc#1253648).
• selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes).
• selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes).
• selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
• selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes).
• selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
• selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
• selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes).
• selftests/bpf: Remove sockmap_ktls disconnect_after_delete test (bsc#1252365).
• selftests/bpf: Remove tests for zeroed-array kptr (bsc#1252366).
• selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes).
• selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
• selftests/net/forwarding: add slowwait functions (bsc#1254235).
• selftests/net/lib: no need to record ns name if it already exist (bsc#1254235).
• selftests/net/lib: update busywait timeout value (bsc#1254235).
• selftests/net: add lib.sh (bsc#1254235).
• selftests/net: add variable NS_LIST for lib.sh (bsc#1254235).
• selftests/net: use tc rule to filter the na packet (bsc#1254235).
• selftests/run_kselftest.sh: Add --skip argument option (bsc#1254221).
• selftests: forwarding.config.sample: Move overrides to lib.sh (bsc#1254235).
• selftests: forwarding: Add a test for testing lib.sh functionality (bsc#1254235).
• selftests: forwarding: Avoid failures to source net/lib.sh (bsc#1254235).
• selftests: forwarding: Change inappropriate log_test_skip() calls (bsc#1254235).
• selftests: forwarding: Convert log_test() to recognize RET values (bsc#1254235).
• selftests: forwarding: Have RET track kselftest framework constants (bsc#1254235).
• selftests: forwarding: Parametrize mausezahn delay (bsc#1254235).
• selftests: forwarding: Redefine relative_path variable (bsc#1254235).
• selftests: forwarding: Remove duplicated lib.sh content (bsc#1254235).
• selftests: forwarding: Support for performance sensitive tests (bsc#1254235).
• selftests: lib: Define more kselftest exit codes (bsc#1254235).
• selftests: lib: tc_rule_stats_get(): Move default to argument definition (bsc#1254235).
• selftests: net: List helper scripts in TEST_FILES Makefile variable (bsc#1254235).
• selftests: net: Unify code of busywait() and slowwait() (bsc#1254235).
• selftests: net: add helper for checking if nettest is available (bsc#1254235).
• selftests: net: lib: Do not overwrite error messages (bsc#1254235).
• selftests: net: lib: Move logging from forwarding/lib.sh here (bsc#1254235).
• selftests: net: lib: avoid error removing empty netns name (bsc#1254235).
• selftests: net: lib: do not set ns var as readonly (bsc#1254235).
• selftests: net: lib: fix shift count out of range (bsc#1254235).
• selftests: net: lib: ignore possible errors (bsc#1254235).
• selftests: net: lib: kill PIDs before del netns (bsc#1254235).
• selftests: net: lib: remove 'ns' var in setup_ns (bsc#1254235).
• selftests: net: lib: remove ns from list after clean-up (bsc#1254235).
• selftests: net: lib: set 'i' as local (bsc#1254235).
• selftests: net: lib: support errexit with busywait (bsc#1254235).
• selftests: net: libs: Change variable fallback syntax (bsc#1254235).
• serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes).
• serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
• soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
• soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
• soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
• spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
• spi: loopback-test: Don't use %pK through printk (stable-fixes).
• spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
• strparser: Fix signed/unsigned mismatch bug (git-fixes).
• tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
• thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes).
• tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes).
• tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes).
• tools/hv: fcopy: Fix incorrect file path conversion (git-fixes).
• tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes).
• tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes).
• tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes).
• tools: lib: thermal: don't preserve owner in install (stable-fixes).
• tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
• uio_hv_generic: Query the ringbuffer size for device (git-fixes).
• usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
• usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes).
• usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes).
• usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
• usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
• usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes).
• usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes).
• video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes).
• watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes).
• wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
• wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181).
• wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes).
• wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes).
• wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list (stable-fixes).
• wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands (stable-fixes).
• wifi: mac80211: Fix HE capabilities element check (stable-fixes).
• wifi: mac80211: Track NAN interface start/stop (stable-fixes).
• wifi: mac80211: don't mark keys for inactive links as uploaded (stable-fixes).
• wifi: mac80211: fix key tailroom accounting leak (git-fixes).
• wifi: mac80211: reject address change while connecting (git-fixes).
• wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
• wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes).
• wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes).
• wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
• wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error (stable-fixes).
• wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes).
• wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes).
• wifi: rtw89: print just once for unknown C2H events (stable-fixes).
• wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes).
• x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
• x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
• x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
• x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
• x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
• x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
• x86/bugs: Report correct retbleed mitigation status (git-fixes).
• x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
• xe/oa: Fix query mode of operation for OAR/OAC (git-fixes).
• xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
• xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes).
• xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes).
• xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes).
• xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4393=1
• Development Tools Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4393=1
• Legacy Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-4393=1
• SUSE Linux Enterprise High Availability Extension 15 SP7
  zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2025-4393=1
• SUSE Linux Enterprise Workstation Extension 15 SP7
  zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-4393=1
• SUSE Linux Enterprise Live Patching 15-SP7
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-4393=1
  Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates.

Package List:

• Basesystem Module 15-SP7 (aarch64 nosrc)
  • kernel-64kb-6.4.0-150700.53.25.1
• Basesystem Module 15-SP7 (aarch64)
  • kernel-64kb-devel-debuginfo-6.4.0-150700.53.25.1
  • kernel-64kb-devel-6.4.0-150700.53.25.1
  • kernel-64kb-debugsource-6.4.0-150700.53.25.1
  • kernel-64kb-debuginfo-6.4.0-150700.53.25.1
• Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-6.4.0-150700.53.25.1
• Basesystem Module 15-SP7 (aarch64 ppc64le x86_64)
  • kernel-default-base-6.4.0-150700.53.25.1.150700.17.17.1
• Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • kernel-default-devel-debuginfo-6.4.0-150700.53.25.1
  • kernel-default-debuginfo-6.4.0-150700.53.25.1
  • kernel-default-devel-6.4.0-150700.53.25.1
  • kernel-default-debugsource-6.4.0-150700.53.25.1
• Basesystem Module 15-SP7 (noarch)
  • kernel-devel-6.4.0-150700.53.25.1
  • kernel-macros-6.4.0-150700.53.25.1
• Basesystem Module 15-SP7 (nosrc s390x)
  • kernel-zfcpdump-6.4.0-150700.53.25.1
• Basesystem Module 15-SP7 (s390x)
  • kernel-zfcpdump-debugsource-6.4.0-150700.53.25.1
  • kernel-zfcpdump-debuginfo-6.4.0-150700.53.25.1
• Development Tools Module 15-SP7 (noarch nosrc)
  • kernel-docs-6.4.0-150700.53.25.2
• Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • kernel-obs-build-6.4.0-150700.53.25.1
  • kernel-syms-6.4.0-150700.53.25.1
  • kernel-obs-build-debugsource-6.4.0-150700.53.25.1
• Development Tools Module 15-SP7 (noarch)
  • kernel-source-6.4.0-150700.53.25.1
• Legacy Module 15-SP7 (nosrc)
  • kernel-default-6.4.0-150700.53.25.1
• Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debuginfo-6.4.0-150700.53.25.1
  • reiserfs-kmp-default-6.4.0-150700.53.25.1
  • reiserfs-kmp-default-debuginfo-6.4.0-150700.53.25.1
  • kernel-default-debugsource-6.4.0-150700.53.25.1
• SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64)
  • gfs2-kmp-default-debuginfo-6.4.0-150700.53.25.1
  • dlm-kmp-default-debuginfo-6.4.0-150700.53.25.1
  • gfs2-kmp-default-6.4.0-150700.53.25.1
  • ocfs2-kmp-default-6.4.0-150700.53.25.1
  • cluster-md-kmp-default-6.4.0-150700.53.25.1
  • dlm-kmp-default-6.4.0-150700.53.25.1
  • kernel-default-debuginfo-6.4.0-150700.53.25.1
  • kernel-default-debugsource-6.4.0-150700.53.25.1
  • cluster-md-kmp-default-debuginfo-6.4.0-150700.53.25.1
  • ocfs2-kmp-default-debuginfo-6.4.0-150700.53.25.1
• SUSE Linux Enterprise High Availability Extension 15 SP7 (nosrc)
  • kernel-default-6.4.0-150700.53.25.1
• SUSE Linux Enterprise Workstation Extension 15 SP7 (nosrc)
  • kernel-default-6.4.0-150700.53.25.1
• SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
  • kernel-default-debuginfo-6.4.0-150700.53.25.1
  • kernel-default-extra-debuginfo-6.4.0-150700.53.25.1
  • kernel-default-extra-6.4.0-150700.53.25.1
  • kernel-default-debugsource-6.4.0-150700.53.25.1
• SUSE Linux Enterprise Live Patching 15-SP7 (nosrc)
  • kernel-default-6.4.0-150700.53.25.1
• SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
  • kernel-livepatch-SLE15-SP7_Update_7-debugsource-1-150700.15.3.1
  • kernel-default-debuginfo-6.4.0-150700.53.25.1
  • kernel-livepatch-6_4_0-150700_53_25-default-1-150700.15.3.1
  • kernel-default-debugsource-6.4.0-150700.53.25.1
  • kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-1-150700.15.3.1
  • kernel-default-livepatch-6.4.0-150700.53.25.1
  • kernel-default-livepatch-devel-6.4.0-150700.53.25.1

References:

• https://www.suse.com/security/cve/CVE-2022-50253.html
• https://www.suse.com/security/cve/CVE-2023-53676.html
• https://www.suse.com/security/cve/CVE-2025-21710.html
• https://www.suse.com/security/cve/CVE-2025-37916.html
• https://www.suse.com/security/cve/CVE-2025-38359.html
• https://www.suse.com/security/cve/CVE-2025-39788.html
• https://www.suse.com/security/cve/CVE-2025-39805.html
• https://www.suse.com/security/cve/CVE-2025-39819.html
• https://www.suse.com/security/cve/CVE-2025-39822.html
• https://www.suse.com/security/cve/CVE-2025-39859.html
• https://www.suse.com/security/cve/CVE-2025-39944.html
• https://www.suse.com/security/cve/CVE-2025-39980.html
• https://www.suse.com/security/cve/CVE-2025-40001.html
• https://www.suse.com/security/cve/CVE-2025-40021.html
• https://www.suse.com/security/cve/CVE-2025-40027.html
• https://www.suse.com/security/cve/CVE-2025-40030.html
• https://www.suse.com/security/cve/CVE-2025-40038.html
• https://www.suse.com/security/cve/CVE-2025-40040.html
• https://www.suse.com/security/cve/CVE-2025-40047.html
• https://www.suse.com/security/cve/CVE-2025-40048.html
• https://www.suse.com/security/cve/CVE-2025-40055.html
• https://www.suse.com/security/cve/CVE-2025-40059.html
• https://www.suse.com/security/cve/CVE-2025-40064.html
• https://www.suse.com/security/cve/CVE-2025-40070.html
• https://www.suse.com/security/cve/CVE-2025-40074.html
• https://www.suse.com/security/cve/CVE-2025-40075.html
• https://www.suse.com/security/cve/CVE-2025-40080.html
• https://www.suse.com/security/cve/CVE-2025-40083.html
• https://www.suse.com/security/cve/CVE-2025-40086.html
• https://www.suse.com/security/cve/CVE-2025-40098.html
• https://www.suse.com/security/cve/CVE-2025-40105.html
• https://www.suse.com/security/cve/CVE-2025-40107.html
• https://www.suse.com/security/cve/CVE-2025-40109.html
• https://www.suse.com/security/cve/CVE-2025-40110.html
• https://www.suse.com/security/cve/CVE-2025-40111.html
• https://www.suse.com/security/cve/CVE-2025-40115.html
• https://www.suse.com/security/cve/CVE-2025-40116.html
• https://www.suse.com/security/cve/CVE-2025-40118.html
• https://www.suse.com/security/cve/CVE-2025-40120.html
• https://www.suse.com/security/cve/CVE-2025-40121.html
• https://www.suse.com/security/cve/CVE-2025-40127.html
• https://www.suse.com/security/cve/CVE-2025-40129.html
• https://www.suse.com/security/cve/CVE-2025-40139.html
• https://www.suse.com/security/cve/CVE-2025-40140.html
• https://www.suse.com/security/cve/CVE-2025-40141.html
• https://www.suse.com/security/cve/CVE-2025-40149.html
• https://www.suse.com/security/cve/CVE-2025-40154.html
• https://www.suse.com/security/cve/CVE-2025-40156.html
• https://www.suse.com/security/cve/CVE-2025-40157.html
• https://www.suse.com/security/cve/CVE-2025-40159.html
• https://www.suse.com/security/cve/CVE-2025-40164.html
• https://www.suse.com/security/cve/CVE-2025-40168.html
• https://www.suse.com/security/cve/CVE-2025-40169.html
• https://www.suse.com/security/cve/CVE-2025-40171.html
• https://www.suse.com/security/cve/CVE-2025-40172.html
• https://www.suse.com/security/cve/CVE-2025-40173.html
• https://www.suse.com/security/cve/CVE-2025-40176.html
• https://www.suse.com/security/cve/CVE-2025-40180.html
• https://www.suse.com/security/cve/CVE-2025-40183.html
• https://www.suse.com/security/cve/CVE-2025-40185.html
• https://www.suse.com/security/cve/CVE-2025-40186.html
• https://www.suse.com/security/cve/CVE-2025-40188.html
• https://www.suse.com/security/cve/CVE-2025-40194.html
• https://www.suse.com/security/cve/CVE-2025-40198.html
• https://www.suse.com/security/cve/CVE-2025-40200.html
• https://www.suse.com/security/cve/CVE-2025-40204.html
• https://www.suse.com/security/cve/CVE-2025-40205.html
• https://www.suse.com/security/cve/CVE-2025-40206.html
• https://www.suse.com/security/cve/CVE-2025-40207.html
• https://bugzilla.suse.com/show_bug.cgi?id=1235463
• https://bugzilla.suse.com/show_bug.cgi?id=1236743
• https://bugzilla.suse.com/show_bug.cgi?id=1237888
• https://bugzilla.suse.com/show_bug.cgi?id=1241166
• https://bugzilla.suse.com/show_bug.cgi?id=1243474
• https://bugzilla.suse.com/show_bug.cgi?id=1245193
• https://bugzilla.suse.com/show_bug.cgi?id=1247076
• https://bugzilla.suse.com/show_bug.cgi?id=1247500
• https://bugzilla.suse.com/show_bug.cgi?id=1247509
• https://bugzilla.suse.com/show_bug.cgi?id=1247683
• https://bugzilla.suse.com/show_bug.cgi?id=1249547
• https://bugzilla.suse.com/show_bug.cgi?id=1249912
• https://bugzilla.suse.com/show_bug.cgi?id=1249982
• https://bugzilla.suse.com/show_bug.cgi?id=1250034
• https://bugzilla.suse.com/show_bug.cgi?id=1250176
• https://bugzilla.suse.com/show_bug.cgi?id=1250237
• https://bugzilla.suse.com/show_bug.cgi?id=1250252
• https://bugzilla.suse.com/show_bug.cgi?id=1250705
• https://bugzilla.suse.com/show_bug.cgi?id=1251120
• https://bugzilla.suse.com/show_bug.cgi?id=1251786
• https://bugzilla.suse.com/show_bug.cgi?id=1252063
• https://bugzilla.suse.com/show_bug.cgi?id=1252267
• https://bugzilla.suse.com/show_bug.cgi?id=1252269
• https://bugzilla.suse.com/show_bug.cgi?id=1252303
• https://bugzilla.suse.com/show_bug.cgi?id=1252352
• https://bugzilla.suse.com/show_bug.cgi?id=1252353
• https://bugzilla.suse.com/show_bug.cgi?id=1252365
• https://bugzilla.suse.com/show_bug.cgi?id=1252366
• https://bugzilla.suse.com/show_bug.cgi?id=1252368
• https://bugzilla.suse.com/show_bug.cgi?id=1252370
• https://bugzilla.suse.com/show_bug.cgi?id=1252681
• https://bugzilla.suse.com/show_bug.cgi?id=1252763
• https://bugzilla.suse.com/show_bug.cgi?id=1252773
• https://bugzilla.suse.com/show_bug.cgi?id=1252774
• https://bugzilla.suse.com/show_bug.cgi?id=1252780
• https://bugzilla.suse.com/show_bug.cgi?id=1252790
• https://bugzilla.suse.com/show_bug.cgi?id=1252794
• https://bugzilla.suse.com/show_bug.cgi?id=1252795
• https://bugzilla.suse.com/show_bug.cgi?id=1252809
• https://bugzilla.suse.com/show_bug.cgi?id=1252817
• https://bugzilla.suse.com/show_bug.cgi?id=1252821
• https://bugzilla.suse.com/show_bug.cgi?id=1252836
• https://bugzilla.suse.com/show_bug.cgi?id=1252845
• https://bugzilla.suse.com/show_bug.cgi?id=1252862
• https://bugzilla.suse.com/show_bug.cgi?id=1252912
• https://bugzilla.suse.com/show_bug.cgi?id=1252917
• https://bugzilla.suse.com/show_bug.cgi?id=1252923
• https://bugzilla.suse.com/show_bug.cgi?id=1252928
• https://bugzilla.suse.com/show_bug.cgi?id=1253018
• https://bugzilla.suse.com/show_bug.cgi?id=1253176
• https://bugzilla.suse.com/show_bug.cgi?id=1253275
• https://bugzilla.suse.com/show_bug.cgi?id=1253318
• https://bugzilla.suse.com/show_bug.cgi?id=1253324
• https://bugzilla.suse.com/show_bug.cgi?id=1253349
• https://bugzilla.suse.com/show_bug.cgi?id=1253352
• https://bugzilla.suse.com/show_bug.cgi?id=1253355
• https://bugzilla.suse.com/show_bug.cgi?id=1253360
• https://bugzilla.suse.com/show_bug.cgi?id=1253362
• https://bugzilla.suse.com/show_bug.cgi?id=1253363
• https://bugzilla.suse.com/show_bug.cgi?id=1253367
• https://bugzilla.suse.com/show_bug.cgi?id=1253369
• https://bugzilla.suse.com/show_bug.cgi?id=1253393
• https://bugzilla.suse.com/show_bug.cgi?id=1253394
• https://bugzilla.suse.com/show_bug.cgi?id=1253395
• https://bugzilla.suse.com/show_bug.cgi?id=1253403
• https://bugzilla.suse.com/show_bug.cgi?id=1253407
• https://bugzilla.suse.com/show_bug.cgi?id=1253409
• https://bugzilla.suse.com/show_bug.cgi?id=1253412
• https://bugzilla.suse.com/show_bug.cgi?id=1253416
• https://bugzilla.suse.com/show_bug.cgi?id=1253421
• https://bugzilla.suse.com/show_bug.cgi?id=1253423
• https://bugzilla.suse.com/show_bug.cgi?id=1253424
• https://bugzilla.suse.com/show_bug.cgi?id=1253425
• https://bugzilla.suse.com/show_bug.cgi?id=1253427
• https://bugzilla.suse.com/show_bug.cgi?id=1253428
• https://bugzilla.suse.com/show_bug.cgi?id=1253431
• https://bugzilla.suse.com/show_bug.cgi?id=1253436
• https://bugzilla.suse.com/show_bug.cgi?id=1253438
• https://bugzilla.suse.com/show_bug.cgi?id=1253440
• https://bugzilla.suse.com/show_bug.cgi?id=1253441
• https://bugzilla.suse.com/show_bug.cgi?id=1253445
• https://bugzilla.suse.com/show_bug.cgi?id=1253448
• https://bugzilla.suse.com/show_bug.cgi?id=1253449
• https://bugzilla.suse.com/show_bug.cgi?id=1253453
• https://bugzilla.suse.com/show_bug.cgi?id=1253456
• https://bugzilla.suse.com/show_bug.cgi?id=1253472
• https://bugzilla.suse.com/show_bug.cgi?id=1253648
• https://bugzilla.suse.com/show_bug.cgi?id=1253779
• https://bugzilla.suse.com/show_bug.cgi?id=1254181
• https://bugzilla.suse.com/show_bug.cgi?id=1254221
• https://bugzilla.suse.com/show_bug.cgi?id=1254235