Explore top 10 tips to secure your open-source projects now. Read More
×
This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.176 fixes
various security issues
The following security issues were fixed:
* CVE-2022-50233: bluetooth: device name can cause reading kernel memory by
not supplying terminal \0 (bsc#1249242).
* CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return
value (bsc#1254451).
* CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in
sk_stream_wait_memory (bsc#1250665).
* CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace
(bsc#1251165).
* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251787).
* CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline()
(bsc#1251203).
* CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment()
(bsc#1248400).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-176=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-176=1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-6-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-6-150400.2.1
* bsc#1248400
* bsc#1249242
* bsc#1250665
* bsc#1251165
* bsc#1251203
* bsc#1251787
* bsc#1253437
* bsc#1254451
## References:
* https://www.suse.com/security/cve/CVE-2022-50233.html
* https://www.suse.com/security/cve/CVE-2022-50327.html
* https://www.suse.com/security/cve/CVE-2022-50409.html
* https://www.suse.com/security/cve/CVE-2022-50490.html
* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2025-38476.html
* https://www.suse.com/security/cve/CVE-2025-38572.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248400
* https://bugzilla.suse.com/show_bug.cgi?id=1249242
* https://bugzilla.suse.com/show_bug.cgi?id=1250665
* https://bugzilla.suse.com/show_bug.cgi?id=1251165
* https://bugzilla.suse.com/show_bug.cgi?id=1251203
* https://bugzilla.suse.com/show_bug.cgi?id=1251787
* https://bugzilla.suse.com/show_bug.cgi?id=1253437
* https://bugzilla.suse.com/show_bug.cgi?id=1254451
Get the latest Linux and open source security news straight to your inbox.