Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE Linux Micro 6.0 Kernel Important Threat 20500-1 CVE-2025-38111

suse
Calendar Grey February 27, 2026
Dist Suse Esm H88
An important security update for SUSE Linux Enterprise Micro 6.0 fixes critical issues in the kernel affecting various components.
An update that solves five vulnerabilities can now be installed.

Summary

## This update for the SUSE Linux Enterprise kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1249455). * CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205). * CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480). * CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473). * CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1249205

* bsc#1249455

* bsc#1249480

* bsc#1253439

* bsc#1253473

Cross-

* CVE-2025-38111

* CVE-2025-38352

* CVE-2025-39742

* CVE-2025-40129

* CVE-2025-40186

CVSS scores:

* CVE-2025-38111 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-38111 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-38111 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

* CVE-2025-38352 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-39742 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20500-1
Release Date: 2026-02-19T09:17:44Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.