Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:03384-1
Release Date:	2025-09-26T17:28:20Z
Rating:	important
References:	bsc#1229334 bsc#1238954 bsc#1240799 bsc#1241433 bsc#1242780 bsc#1243278 bsc#1244824 bsc#1245970 bsc#1246073 bsc#1246473 bsc#1246781 bsc#1246911 bsc#1247143 bsc#1247314 bsc#1247374 bsc#1247437 bsc#1247518 bsc#1247976 bsc#1248223 bsc#1248306 bsc#1248338 bsc#1248511 bsc#1248614 bsc#1248621 bsc#1248748 jsc#PED-8240
Cross-References:	CVE-2022-49492 CVE-2022-50116 CVE-2023-53117 CVE-2024-42265 CVE-2024-58239 CVE-2025-21971 CVE-2025-22045 CVE-2025-38180 CVE-2025-38206 CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38460 CVE-2025-38468 CVE-2025-38477 CVE-2025-38498 CVE-2025-38499 CVE-2025-38546 CVE-2025-38563 CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644
CVSS scores:	CVE-2022-49492 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2022-49492 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53117 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2023-53117 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-42265 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2024-58239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-58239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21971 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21971 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22045 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38180 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38180 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38206 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38206 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38323 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38350 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38350 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-38460 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38460 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38468 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38468 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38477 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38498 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38499 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H CVE-2025-38499 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H CVE-2025-38546 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38546 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2025-38608 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-38608 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-38617 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38618 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38644 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-38644 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves 23 vulnerabilities, contains one feature and has two security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954).
• CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
• CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
• CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
• CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
• CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
• CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
• CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
• CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
• CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
• CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
• CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
• CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
• CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
• CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
• CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
• CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
• CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
• CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
• CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
• CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
• CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
• CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).

The following non-security bugs were fixed:

• Disable N_GSM (bsc#1244824 jsc#PED-8240).
• NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
• scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278).
• scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro 5.1
  zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-3384=1
• SUSE Linux Enterprise Micro 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3384=1
• SUSE Linux Enterprise Micro for Rancher 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-3384=1

Package List:

• SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro 5.1 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.220.1
  • kernel-rt-debuginfo-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro 5.1 (noarch)
  • kernel-source-rt-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro 5.2 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.220.1
  • kernel-rt-debuginfo-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro 5.2 (noarch)
  • kernel-source-rt-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.220.1
  • kernel-rt-debuginfo-5.3.18-150300.220.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
  • kernel-source-rt-5.3.18-150300.220.1

References:

• https://www.suse.com/security/cve/CVE-2022-49492.html
• https://www.suse.com/security/cve/CVE-2022-50116.html
• https://www.suse.com/security/cve/CVE-2023-53117.html
• https://www.suse.com/security/cve/CVE-2024-42265.html
• https://www.suse.com/security/cve/CVE-2024-58239.html
• https://www.suse.com/security/cve/CVE-2025-21971.html
• https://www.suse.com/security/cve/CVE-2025-22045.html
• https://www.suse.com/security/cve/CVE-2025-38180.html
• https://www.suse.com/security/cve/CVE-2025-38206.html
• https://www.suse.com/security/cve/CVE-2025-38323.html
• https://www.suse.com/security/cve/CVE-2025-38350.html
• https://www.suse.com/security/cve/CVE-2025-38352.html
• https://www.suse.com/security/cve/CVE-2025-38460.html
• https://www.suse.com/security/cve/CVE-2025-38468.html
• https://www.suse.com/security/cve/CVE-2025-38477.html
• https://www.suse.com/security/cve/CVE-2025-38498.html
• https://www.suse.com/security/cve/CVE-2025-38499.html
• https://www.suse.com/security/cve/CVE-2025-38546.html
• https://www.suse.com/security/cve/CVE-2025-38563.html
• https://www.suse.com/security/cve/CVE-2025-38608.html
• https://www.suse.com/security/cve/CVE-2025-38617.html
• https://www.suse.com/security/cve/CVE-2025-38618.html
• https://www.suse.com/security/cve/CVE-2025-38644.html
• https://bugzilla.suse.com/show_bug.cgi?id=1229334
• https://bugzilla.suse.com/show_bug.cgi?id=1238954
• https://bugzilla.suse.com/show_bug.cgi?id=1240799
• https://bugzilla.suse.com/show_bug.cgi?id=1241433
• https://bugzilla.suse.com/show_bug.cgi?id=1242780
• https://bugzilla.suse.com/show_bug.cgi?id=1243278
• https://bugzilla.suse.com/show_bug.cgi?id=1244824
• https://bugzilla.suse.com/show_bug.cgi?id=1245970
• https://bugzilla.suse.com/show_bug.cgi?id=1246073
• https://bugzilla.suse.com/show_bug.cgi?id=1246473
• https://bugzilla.suse.com/show_bug.cgi?id=1246781
• https://bugzilla.suse.com/show_bug.cgi?id=1246911
• https://bugzilla.suse.com/show_bug.cgi?id=1247143
• https://bugzilla.suse.com/show_bug.cgi?id=1247314
• https://bugzilla.suse.com/show_bug.cgi?id=1247374
• https://bugzilla.suse.com/show_bug.cgi?id=1247437
• https://bugzilla.suse.com/show_bug.cgi?id=1247518
• https://bugzilla.suse.com/show_bug.cgi?id=1247976
• https://bugzilla.suse.com/show_bug.cgi?id=1248223
• https://bugzilla.suse.com/show_bug.cgi?id=1248306
• https://bugzilla.suse.com/show_bug.cgi?id=1248338
• https://bugzilla.suse.com/show_bug.cgi?id=1248511
• https://bugzilla.suse.com/show_bug.cgi?id=1248614
• https://bugzilla.suse.com/show_bug.cgi?id=1248621
• https://bugzilla.suse.com/show_bug.cgi?id=1248748
• https://jira.suse.com/browse/PED-8240