An update that solves 69 vulnerabilities and has 22 security fixes can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:4393-1 Release Date: 2025-12-15T11:09:12Z Rating: important References: * bsc#1235463 * bsc#1236743 * bsc#1237888 * bsc#1241166 * bsc#1243474 * bsc#1245193 * bsc#1247076 * bsc#1247500 * bsc#1247509 * bsc#1247683 * bsc#1249547 * bsc#1249912 * bsc#1249982 * bsc#1250034 * bsc#1250176 * bsc#1250237 * bsc#1250252 * bsc#1250705 * bsc#1251120 * bsc#1251786 * bsc#1252063 * bsc#1252267 * bsc#1252269 * bsc#1252303 * bsc#1252352 * bsc#1252353 * bsc#1252365 * bsc#1252366 * bsc#1252368 * bsc#1252370 * bsc#1252681 * bsc#1252763 * bsc#1252773 * bsc#1252774 * bsc#1252780 * bsc#1252790 * bsc#1252794 * bsc#1252795 * bsc#1252809 * bsc#1252817 * bsc#1252821 * bsc#1252836 * bsc#1252845 * bsc#1252862 * bsc#1252912 * bsc#1252917 * bsc#1252923 * bsc#1252928 * bsc#1253018 * bsc#1253176 * bsc#1253275 * bsc#1253318 * bsc#1253324 * bsc#1253349 * bsc#1253352 * bsc#1253355 * bsc#1253360 * bsc#1253362 * bsc#1253363 * bsc#1253367 * bsc#1253369 * bsc#1253393 * bsc#1253394 * bsc#1253395 * bsc#1253403 * bsc#1253407 * bsc#1253409 * bsc#1253412 * bsc#1253416 * bsc#1253421 * bsc#1253423 * bsc#1253424 * bsc#1253425 * bsc#1253427 * bsc#1253428 * bsc#1253431 * bsc#1253436 * bsc#1253438 * bsc#1253440 * bsc#1253441 * bsc#1253445 * bsc#1253448 * bsc#1253449 * bsc#1253453 * bsc#1253456 * bsc#1253472 * bsc#1253648 * bsc#1253779 * bsc#1254181 * bsc#1254221 * bsc#1254235 Cross-References: * CVE-2022-50253 * CVE-2023-53676 * CVE-2025-21710 * CVE-2025-37916 * CVE-2025-38359 * CVE-2025-39788 * CVE-2025-39805 * CVE-2025-39819 * CVE-2025-39822 * CVE-2025-39859 * CVE-2025-39944 * CVE-2025-39980 * CVE-2025-40001 * CVE-2025-40021 * CVE-2025-40027 * CVE-2025-40030 * CVE-2025-40038 * CVE-2025-40040 * CVE-2025-40047 * CVE-2025-40048 * CVE-2025-40055 * CVE-2025-40059 * CVE-2025-40064 * CVE-2025-40070 * CVE-2025-40074 * CVE-2025-40075 * CVE-2025-40080 * CVE-2025-40083 * CVE-2025-40086 * CVE-2025-40098 * CVE-2025-40105 * CVE-2025-40107 * CVE-2025-40109 * CVE-2025-40110 * CVE-2025-40111 * CVE-2025-40115 * CVE-2025-40116 * CVE-2025-40118 * CVE-2025-40120 * CVE-2025-40121 * CVE-2025-40127 * CVE-2025-40129 * CVE-2025-40139 * CVE-2025-40140 * CVE-2025-40141 * CVE-2025-40149 * CVE-2025-40154 * CVE-2025-40156 * CVE-2025-40157 * CVE-2025-40159 * CVE-2025-40164 * CVE-2025-40168 * CVE-2025-40169 * CVE-2025-40171 * CVE-2025-40172 * CVE-2025-40173 * CVE-2025-40176 * CVE-2025-40180 * CVE-2025-40183 * CVE-2025-40185 * CVE-2025-40186 * CVE-2025-40188 * CVE-2025-40194 * CVE-2025-40198 * CVE-2025-40200 * CVE-2025-40204 * CVE-2025-40205 * CVE-2025-40206 * CVE-2025-40207 CVSS scores: * CVE-2022-50253 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-37916 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38359 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38359 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38359 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H *CVE-2025-39788 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-39788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39819 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39980 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40001 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2025-40027 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40030 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40047 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40059 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40083 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40086 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40098 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40105 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40107 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40109 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40110 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40115 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40118 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40120 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40127 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40129 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40139 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40140 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N *CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40141 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40149 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40156 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40157 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40164 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40168 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40169 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-40171 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40172 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40173 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40176 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40180 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-40183 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40186 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40198 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N *CVE-2025-40205 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40206 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40207 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves 69 vulnerabilities and has 22 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2022-50253: bpf: make sure skb-> len != 0 when redirecting to a tunneling device (bsc#1249912). * CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). * CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). * CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). * CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). * CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). * CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). * CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). * CVE-2025-39822: io_uring/kbuf: fixsignedness in this_len calculation (bsc#1250034). * CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). * CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). * CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). * CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). * CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). * CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). * CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). * CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). * CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). * CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). * CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). * CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). * CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). * CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). * CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). * CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). * CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). * CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). * CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). * CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). * CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state()(bsc#1252917). * CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). * CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). * CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). * CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). * CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). * CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). * CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). * CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: * ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). * ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). * ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). * ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable- fixes). * ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). * ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). * ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). * ACPICA: Update dsmethod.c to get rid of unused variable warning (stable- fixes). * ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). * ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). * ALSA: serial-generic: remove shared static buffer (stable-fixes). * ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). * ALSA: usb-audio: Fix NULL pointerdereference in snd_usb_mixer_controls_badd (git-fixes). * ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable- fixes). * ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). * ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). * ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). * ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). * ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). * ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable- fixes). * ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). * ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). * ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). * ASoC: tas2781: fix getting the wrong device number (git-fixes). * ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable- fixes). * Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git- fixes). * Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). * Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). * Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). * Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). * Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (git-fixes). * Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). * Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). * Bluetooth: bcsp: receive data only if registered (stable-fixes). * Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). * Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). * Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git- fixes). * Bluetooth: hci_event: validate skb length for unknownCC opcode (git-fixes). * Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). * HID: amd_sfh: Stop sensor before starting (git-fixes). * HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). * HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). * HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). * HID: uclogic: Fix potential memory leak in error path (git-fixes). * Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). * Input: imx_sc_key - fix memory corruption on unload (git-fixes). * Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). * KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). * KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests (git- fixes). * KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git- fixes). * KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). * KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). * KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git- fixes). * KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). * KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). * KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git- fixes). * KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git- fixes). * KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). * KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). * KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). * KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git- fixes). * KVM: nVMX: Check vmcs12-> guest_ia32_debugctl on nested VM-Enter (git-fixes). * KVM: s390: improve interrupt cpu for wakeup(bsc#1235463). * KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). * KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). * KVM: x86: Add helper to retrieve current value of user return MSR (git- fixes). * KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). * KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git- fixes). * KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git- fixes). * KVM: x86: Have all vendor neutral sub-configs depend on KVM_X86, not just KVM (git-fixes). * NFS4: Fix state renewals missing after boot (git-fixes). * NFS: check if suid/sgid was cleared after a write as needed (git-fixes). * NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). * NFSD: Skip close replay processing if XDR encoding fails (git-fixes). * NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). * NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). * NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). * PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). * PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). * PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). * PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). * PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable- fixes). * PCI: j721e: Fix incorrect error message in probe() (git-fixes). * PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git- fixes). * PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). * RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). * RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). * RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). * RDMA/hns: Fix the modification ofmax_send_sge (git-fixes). * RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). * RDMA/irdma: Fix SD index calculation (git-fixes). * RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). * accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). * accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). * accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). * accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). * acpi,srat: Fix incorrect device handle check for Generic Initiator (git- fixes). * acpi/hmat: Fix lockdep warning for hmem_register_resource() (git-fixes). * amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). * ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() (git-fixes). * block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). * block: fix kobject double initialization in add_disk (git-fixes). * bpf: Fix test verif_scale_strobemeta_subprogs failure due to llvm19 (bsc#1252368). * bpf: improve error message for unsupported helper (bsc#1252370). * btrfs: abort transaction on failure to add link to inode (git-fixes). * btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git- fix). * btrfs: avoid using fixed char array size for tree names (git-fix). * btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). * btrfs: fix COW handling in run_delalloc_nocow() (git-fix). * btrfs: fix inode leak on failure to add link to inode (git-fixes). * btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). * btrfs: mark dirty extent range for out of bound prealloc extents (git- fixes). * btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). * btrfs: rename err to ret in btrfs_link() (git-fixes). * btrfs: runbtrfs_error_commit_super() early (git-fix). * btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git- fix). * btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git- fixes). * btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). * btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). * btrfs: simplify error handling logic for btrfs_link() (git-fixes). * btrfs: tree-checker: add dev extent item checks (git-fix). * btrfs: tree-checker: add type and sequence check for inline backrefs (git- fix). * btrfs: tree-checker: fix the wrong output of data backref objectid (git- fix). * btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). * btrfs: tree-checker: validate dref root and objectid (git-fix). * btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). * cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166). * char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). * char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). * char: misc: restrict the dynamic range to exclude reserved minors (stable- fixes). * cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166). * cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166). * cramfs: Verify inode mode when loading from disk (git-fixes). * crypto: aspeed - fix double free caused by devm (git-fixes). * crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). * crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git- fixes). * crypto: iaa - Do not clobber req-> base.data (git-fixes). * crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). * dmaengine: dw-edma: Set statusfor callback_result (stable-fixes). * dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). * drm/amd/amdgpu: Release xcp drm memory after unplug (stable-fixes). * drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START (stable-fixes). * drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). * drm/amd/display: Add fallback path for YCBCR422 (stable-fixes). * drm/amd/display: Allow VRR params change if unsynced with the stream (git- fixes). * drm/amd/display: Disable VRR on DCE 6 (stable-fixes). * drm/amd/display: Enable mst when it's detected but yet to be initialized (git-fixes). * drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). * drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). * drm/amd/display: Fix black screen with HDMI outputs (git-fixes). * drm/amd/display: Fix for test crash due to power gating (stable-fixes). * drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (stable-fixes). * drm/amd/display: Fix pbn_div Calculation Error (stable-fixes). * drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable- fixes). * drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting (stable-fixes). * drm/amd/display: Init dispclk from bootup clock for DCN314 (stable-fixes). * drm/amd/display: Move setup_stream_attribute (stable-fixes). * drm/amd/display: Reject modes with too high pixel clock on DCE6-10 (git- fixes). * drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off (stable-fixes). * drm/amd/display: Set up pixel encoding for YCBCR422 (stable-fixes). * drm/amd/display: Support HW cursor 180 rot for any number of pipe splits (stable-fixes). * drm/amd/display: Wait until OTG enable state is cleared (stable-fixes). * drm/amd/display: add more cyan skillfish devices (stable-fixes). * drm/amd/display: change dc stream color settings only in atomic commit (stable-fixes). * drm/amd/display: ensure committing streams is seamless (stable-fixes). * drm/amd/display: fix condition for setting timing_adjust_pending (stable- fixes). * drm/amd/display: fix dml ms order of operations (stable-fixes). * drm/amd/display: incorrect conditions for failing dto calculations (stable- fixes). * drm/amd/display: update color on atomic commit time (stable-fixes). * drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). * drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable- fixes). * drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). * drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). * drm/amd: Avoid evicting resources at S5 (stable-fixes). * drm/amd: Check that VPE has reached DPM0 in idle handler (stable-fixes). * drm/amd: Fix suspend failure with secure display TA (git-fixes). * drm/amd: add more cyan skillfish PCI ids (stable-fixes). * drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (stable-fixes). * drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). * drm/amdgpu/smu: Handle S0ix for vangogh (stable-fixes). * drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). * drm/amdgpu: Check vcn sram load return value (stable-fixes). * drm/amdgpu: Correct the counts of nr_banks and nr_errors (stable-fixes). * drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). * drm/amdgpu: Fix function header names in amdgpu_connectors.c (git-fixes). * drm/amdgpu: Fix unintended error log in VCN5_0_0 (git-fixes). * drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) (stable-fixes). * drm/amdgpu: Skip poison aca bank from UE channel (stable-fixes). * drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable- fixes). * drm/amdgpu: add range check for RAS bad page address (stable-fixes). * drm/amdgpu: add support for cyan skillfish gpu_info(stable-fixes). * drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces (stable-fixes). * drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). * drm/amdgpu: fix nullptr err of vm_handle_moved (stable-fixes). * drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (stable-fixes). * drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). * drm/amdgpu: remove two invalid BUG_ON()s (stable-fixes). * drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). * drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). * drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). * drm/amdkfd: relax checks for over allocation of save area (stable-fixes). * drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). * drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off (git- fixes). * drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable- fixes). * drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). * drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable- fixes). * drm/exynos: exynos7_drm_decon: remove ctx-> suspended (git-fixes). * drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). * drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git- fixes). * drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). * drm/mediatek: Add pm_runtime support for GCE power control (git-fixes). * drm/mediatek: Disable AFBC support on Mediatek DRM driver (git-fixes). * drm/msm/a6xx: Fix PDC sleep sequence (git-fixes). * drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable- fixes). * drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). * drm/msm/registers: Generate _HI/LO builders for reg64 (stable-fixes). * drm/msm: make sure to not queue up recovery more than once (stable-fixes). *drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). * drm/panthor: Serialize GPU cache flush operations (stable-fixes). * drm/panthor: check bo offset alignment in vm bind (stable-fixes). * drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). * drm/sched: Optimise drm_sched_entity_push_job (stable-fixes). * drm/sched: avoid killing parent entity on child SIGKILL (stable-fixes). * drm/tegra: Add call to put_pid() (git-fixes). * drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). * drm/tidss: Set crtc modesetting parameters with adjusted mode (stable- fixes). * drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). * drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git- fixes). * drm/xe/guc: Add more GuC load error status codes (stable-fixes). * drm/xe/guc: Increase GuC crash dump buffer size (stable-fixes). * drm/xe/guc: Return an error code if the GuC load fails (stable-fixes). * drm/xe/guc: Set upper limit of H2G retries over CTB (stable-fixes). * drm/xe/guc: Synchronize Dead CT worker with unbind (git-fixes). * drm/xe: Do clean shutdown also when using flr (git-fixes). * drm/xe: Do not wake device during a GT reset (git-fixes). * drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test (stable- fixes). * drm/xe: Move declarations under conditional branch (stable-fixes). * drm/xe: Remove duplicate DRM_EXEC selection from Kconfig (git-fixes). * drm: panel-backlight-quirks: Make EDID match optional (stable-fixes). * exfat: limit log print for IO error (git-fixes). * extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). * extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). * fbcon: Set fb_display[i]-> mode to NULL when the mode is released (stable- fixes). * fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). * fbdev: bitblit: bound-check glyphindex in bit_putcs* (stable-fixes). * fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable- fixes). * hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable- fixes). * hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). * hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). * hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). * hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable- fixes). * hwmon: sy7636a: add alias (stable-fixes). * hyperv: Remove the spurious null directive line (git-fixes). * iio: adc: imx93_adc: load calibrated values even calibration failed (stable- fixes). * iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). * ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). * iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git- fixes). * isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). * ixgbe: fix memory leak and use-after-free in ixgbe_recovery_probe() (git- fixes). * jfs: Verify inode mode when loading from disk (git-fixes). * jfs: fix uninitialized waitqueue in transaction manager (git-fixes). * lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). * md/raid1: fix data lost for writemostly rdev (git-fixes). * md: fix mssing blktrace bio split events (git-fixes). * media: adv7180: Add missing lock in suspend callback (stable-fixes). * media: adv7180: Do not write format to device in set_fmt (stable-fixes). * media: adv7180: Only validate format in querystd (stable-fixes). * media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). * media: fix uninitialized symbol warnings (stable-fixes). * media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). * media: i2c: og01a1b: Specifymonochrome media bus format instead of Bayer (stable-fixes). * media: imon: make send_packet() more robust (stable-fixes). * media: ov08x40: Fix the horizontal flip control (stable-fixes). * media: redrat3: use int type to store negative error codes (stable-fixes). * media: uvcvideo: Use heuristic to find stream entity (git-fixes). * media: videobuf2: forbid remove_bufs when legacy fileio is active (git- fixes). * memstick: Add timeout to prevent indefinite waiting (stable-fixes). * mfd: da9063: Split chip variant reading in two bus transactions (stable- fixes). * mfd: madera: Work around false-positive -Wininitialized warning (stable- fixes). * mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). * mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). * minixfs: Verify inode mode when loading from disk (git-fixes). * mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git- fixes). * mm/secretmem: fix use-after-free race in fault handler (git-fixes). * mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). * mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). * mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). * mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). * mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). * mtdchar: fix integer overflow in read/write ioctls (git-fixes). * net/mana: fix warning in the writer of client oob (git-fixes). * net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). * net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). * net: phy: clear link parameters on admin link down (stable-fixes). * net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable- fixes). * net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). * net: tcp: send zero-window ACK when no memory (bsc#1253779). * net: usb: qmi_wwan: initializeMAC header offset in qmimux_rx_fixup (git- fixes). * nfs4_setup_readdir(): insufficient locking for -> d_parent-> d_inode dereferencing (git-fixes). * nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). * nvme-auth: add hkdf_expand_label() (bsc#1247683). * nvme-auth: use hkdf_expand_label() (bsc#1247683). * phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). * phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). * phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). * pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). * pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git- fixes). * pinctrl: single: fix bias pull up/down handling in pin_config_set (stable- fixes). * platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). * power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). * power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). * power: supply: sbs-charger: Support multiple devices (stable-fixes). * powerpc: export MIN RMA size (bsc#1236743 ltc#211409). * powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). * regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). * rtc: rx8025: fix incorrect register reference (git-fixes). * s390/mm,fault: simplify kfence fault handling (bsc#1247076). * scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git- fixes). * scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). * scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). * scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git- fixes). * scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). * scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). *scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). * scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). * scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git- fixes). * scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). * scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). * selftests/bpf: Check for timeout in perf_link test (bsc#1253648). * selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). * selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). * selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). * selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). * selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). * selftests/bpf: Fix string read in strncmp benchmark (git-fixes). * selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git- fixes). * selftests/bpf: Remove sockmap_ktls disconnect_after_delete test (bsc#1252365). * selftests/bpf: Remove tests for zeroed-array kptr (bsc#1252366). * selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). * selftests/bpf: fix signedness bug in redir_partial() (git-fixes). * selftests/net/forwarding: add slowwait functions (bsc#1254235). * selftests/net/lib: no need to record ns name if it already exist (bsc#1254235). * selftests/net/lib: update busywait timeout value (bsc#1254235). * selftests/net: add lib.sh (bsc#1254235). * selftests/net: add variable NS_LIST for lib.sh (bsc#1254235). * selftests/net: use tc rule to filter the na packet (bsc#1254235). * selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). * selftests: forwarding.config.sample: Move overrides to lib.sh (bsc#1254235). * selftests: forwarding: Add a test for testing lib.sh functionality (bsc#1254235). * selftests: forwarding: Avoid failures to source net/lib.sh(bsc#1254235). * selftests: forwarding: Change inappropriate log_test_skip() calls (bsc#1254235). * selftests: forwarding: Convert log_test() to recognize RET values (bsc#1254235). * selftests: forwarding: Have RET track kselftest framework constants (bsc#1254235). * selftests: forwarding: Parametrize mausezahn delay (bsc#1254235). * selftests: forwarding: Redefine relative_path variable (bsc#1254235). * selftests: forwarding: Remove duplicated lib.sh content (bsc#1254235). * selftests: forwarding: Support for performance sensitive tests (bsc#1254235). * selftests: lib: Define more kselftest exit codes (bsc#1254235). * selftests: lib: tc_rule_stats_get(): Move default to argument definition (bsc#1254235). * selftests: net: List helper scripts in TEST_FILES Makefile variable (bsc#1254235). * selftests: net: Unify code of busywait() and slowwait() (bsc#1254235). * selftests: net: add helper for checking if nettest is available (bsc#1254235). * selftests: net: lib: Do not overwrite error messages (bsc#1254235). * selftests: net: lib: Move logging from forwarding/lib.sh here (bsc#1254235). * selftests: net: lib: avoid error removing empty netns name (bsc#1254235). * selftests: net: lib: do not set ns var as readonly (bsc#1254235). * selftests: net: lib: fix shift count out of range (bsc#1254235). * selftests: net: lib: ignore possible errors (bsc#1254235). * selftests: net: lib: kill PIDs before del netns (bsc#1254235). * selftests: net: lib: remove 'ns' var in setup_ns (bsc#1254235). * selftests: net: lib: remove ns from list after clean-up (bsc#1254235). * selftests: net: lib: set 'i' as local (bsc#1254235). * selftests: net: lib: support errexit with busywait (bsc#1254235). * selftests: net: libs: Change variable fallback syntax (bsc#1254235). * serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). * serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). * soc/tegra: fuse:Add Tegra114 nvmem cells and fuse lookups (stable-fixes). * soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). * soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). * spi: Try to get ACPI GPIO IRQ earlier (git-fixes). * spi: loopback-test: Don't use %pK through printk (stable-fixes). * spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). * strparser: Fix signed/unsigned mismatch bug (git-fixes). * tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock-> cork (bsc#1250705). * thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). * tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable- fixes). * tools/cpupower: fix error return value in cpupower_write_sysfs() (stable- fixes). * tools/hv: fcopy: Fix incorrect file path conversion (git-fixes). * tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). * tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable- fixes). * tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). * tools: lib: thermal: don't preserve owner in install (stable-fixes). * tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). * uio_hv_generic: Query the ringbuffer size for device (git-fixes). * usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). * usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). * usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable- fixes). * usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). * usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). * usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable- fixes). * usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable- fixes). * video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable- fixes). * watchdog:s3c2410_wdt: Fix max_timeout being calculated larger (stable- fixes). * wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). * wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). * wifi: ath11k: zero init info-> status in wmi_process_mgmt_tx_comp() (git- fixes). * wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). * wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list (stable-fixes). * wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands (stable-fixes). * wifi: mac80211: Fix HE capabilities element check (stable-fixes). * wifi: mac80211: Track NAN interface start/stop (stable-fixes). * wifi: mac80211: don't mark keys for inactive links as uploaded (stable- fixes). * wifi: mac80211: fix key tailroom accounting leak (git-fixes). * wifi: mac80211: reject address change while connecting (git-fixes). * wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). * wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git- fixes). * wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). * wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). * wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error (stable- fixes). * wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git- fixes). * wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). * wifi: rtw89: print just once for unknown C2H events (stable-fixes). * wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git- fixes). * x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). * x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). * x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). * x86/CPU/AMD: Do the common init on future Zens too (git-fixes). * x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). *x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). * x86/bugs: Report correct retbleed mitigation status (git-fixes). * x86/vmscape: Add old Intel CPUs to affected list (git-fixes). * xe/oa: Fix query mode of operation for OAR/OAC (git-fixes). * xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). * xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). * xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). * xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). * xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4393=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4393=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-4393=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2025-4393=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-4393=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-4393=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. ## Package List: * Basesystem Module 15-SP7 (aarch64 nosrc) * kernel-64kb-6.4.0-150700.53.25.1 * Basesystem Module 15-SP7 (aarch64) *kernel-64kb-devel-debuginfo-6.4.0-150700.53.25.1 * kernel-64kb-devel-6.4.0-150700.53.25.1 * kernel-64kb-debugsource-6.4.0-150700.53.25.1 * kernel-64kb-debuginfo-6.4.0-150700.53.25.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-150700.53.25.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150700.53.25.1.150700.17.17.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-6.4.0-150700.53.25.1 * kernel-default-debuginfo-6.4.0-150700.53.25.1 * kernel-default-devel-6.4.0-150700.53.25.1 * kernel-default-debugsource-6.4.0-150700.53.25.1 * Basesystem Module 15-SP7 (noarch) * kernel-devel-6.4.0-150700.53.25.1 * kernel-macros-6.4.0-150700.53.25.1 * Basesystem Module 15-SP7 (nosrc s390x) * kernel-zfcpdump-6.4.0-150700.53.25.1 * Basesystem Module 15-SP7 (s390x) * kernel-zfcpdump-debugsource-6.4.0-150700.53.25.1 * kernel-zfcpdump-debuginfo-6.4.0-150700.53.25.1 * Development Tools Module 15-SP7 (noarch nosrc) * kernel-docs-6.4.0-150700.53.25.2 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-6.4.0-150700.53.25.1 * kernel-syms-6.4.0-150700.53.25.1 * kernel-obs-build-debugsource-6.4.0-150700.53.25.1 * Development Tools Module 15-SP7 (noarch) * kernel-source-6.4.0-150700.53.25.1 * Legacy Module 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.25.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150700.53.25.1 * reiserfs-kmp-default-6.4.0-150700.53.25.1 * reiserfs-kmp-default-debuginfo-6.4.0-150700.53.25.1 * kernel-default-debugsource-6.4.0-150700.53.25.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-6.4.0-150700.53.25.1 * dlm-kmp-default-debuginfo-6.4.0-150700.53.25.1 * gfs2-kmp-default-6.4.0-150700.53.25.1 *ocfs2-kmp-default-6.4.0-150700.53.25.1 * cluster-md-kmp-default-6.4.0-150700.53.25.1 * dlm-kmp-default-6.4.0-150700.53.25.1 * kernel-default-debuginfo-6.4.0-150700.53.25.1 * kernel-default-debugsource-6.4.0-150700.53.25.1 * cluster-md-kmp-default-debuginfo-6.4.0-150700.53.25.1 * ocfs2-kmp-default-debuginfo-6.4.0-150700.53.25.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.25.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.25.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * kernel-default-debuginfo-6.4.0-150700.53.25.1 * kernel-default-extra-debuginfo-6.4.0-150700.53.25.1 * kernel-default-extra-6.4.0-150700.53.25.1 * kernel-default-debugsource-6.4.0-150700.53.25.1 * SUSE Linux Enterprise Live Patching 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.25.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_7-debugsource-1-150700.15.3.1 * kernel-default-debuginfo-6.4.0-150700.53.25.1 * kernel-livepatch-6_4_0-150700_53_25-default-1-150700.15.3.1 * kernel-default-debugsource-6.4.0-150700.53.25.1 * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-1-150700.15.3.1 * kernel-default-livepatch-6.4.0-150700.53.25.1 * kernel-default-livepatch-devel-6.4.0-150700.53.25.1 ## References: * https://www.suse.com/security/cve/CVE-2022-50253.html * https://www.suse.com/security/cve/CVE-2023-53676.html * https://www.suse.com/security/cve/CVE-2025-21710.html * https://www.suse.com/security/cve/CVE-2025-37916.html * https://www.suse.com/security/cve/CVE-2025-38359.html * https://www.suse.com/security/cve/CVE-2025-39788.html * https://www.suse.com/security/cve/CVE-2025-39805.html * https://www.suse.com/security/cve/CVE-2025-39819.html * https://www.suse.com/security/cve/CVE-2025-39822.html * https://www.suse.com/security/cve/CVE-2025-39859.html *https://www.suse.com/security/cve/CVE-2025-39944.html * https://www.suse.com/security/cve/CVE-2025-39980.html * https://www.suse.com/security/cve/CVE-2025-40001.html * https://www.suse.com/security/cve/CVE-2025-40021.html * https://www.suse.com/security/cve/CVE-2025-40027.html * https://www.suse.com/security/cve/CVE-2025-40030.html * https://www.suse.com/security/cve/CVE-2025-40038.html * https://www.suse.com/security/cve/CVE-2025-40040.html * https://www.suse.com/security/cve/CVE-2025-40047.html * https://www.suse.com/security/cve/CVE-2025-40048.html * https://www.suse.com/security/cve/CVE-2025-40055.html * https://www.suse.com/security/cve/CVE-2025-40059.html * https://www.suse.com/security/cve/CVE-2025-40064.html * https://www.suse.com/security/cve/CVE-2025-40070.html * https://www.suse.com/security/cve/CVE-2025-40074.html * https://www.suse.com/security/cve/CVE-2025-40075.html * https://www.suse.com/security/cve/CVE-2025-40080.html * https://www.suse.com/security/cve/CVE-2025-40083.html * https://www.suse.com/security/cve/CVE-2025-40086.html * https://www.suse.com/security/cve/CVE-2025-40098.html * https://www.suse.com/security/cve/CVE-2025-40105.html * https://www.suse.com/security/cve/CVE-2025-40107.html * https://www.suse.com/security/cve/CVE-2025-40109.html * https://www.suse.com/security/cve/CVE-2025-40110.html * https://www.suse.com/security/cve/CVE-2025-40111.html * https://www.suse.com/security/cve/CVE-2025-40115.html * https://www.suse.com/security/cve/CVE-2025-40116.html * https://www.suse.com/security/cve/CVE-2025-40118.html * https://www.suse.com/security/cve/CVE-2025-40120.html * https://www.suse.com/security/cve/CVE-2025-40121.html * https://www.suse.com/security/cve/CVE-2025-40127.html * https://www.suse.com/security/cve/CVE-2025-40129.html * https://www.suse.com/security/cve/CVE-2025-40139.html * https://www.suse.com/security/cve/CVE-2025-40140.html * https://www.suse.com/security/cve/CVE-2025-40141.html *https://www.suse.com/security/cve/CVE-2025-40149.html * https://www.suse.com/security/cve/CVE-2025-40154.html * https://www.suse.com/security/cve/CVE-2025-40156.html * https://www.suse.com/security/cve/CVE-2025-40157.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-40164.html * https://www.suse.com/security/cve/CVE-2025-40168.html * https://www.suse.com/security/cve/CVE-2025-40169.html * https://www.suse.com/security/cve/CVE-2025-40171.html * https://www.suse.com/security/cve/CVE-2025-40172.html * https://www.suse.com/security/cve/CVE-2025-40173.html * https://www.suse.com/security/cve/CVE-2025-40176.html * https://www.suse.com/security/cve/CVE-2025-40180.html * https://www.suse.com/security/cve/CVE-2025-40183.html * https://www.suse.com/security/cve/CVE-2025-40185.html * https://www.suse.com/security/cve/CVE-2025-40186.html * https://www.suse.com/security/cve/CVE-2025-40188.html * https://www.suse.com/security/cve/CVE-2025-40194.html * https://www.suse.com/security/cve/CVE-2025-40198.html * https://www.suse.com/security/cve/CVE-2025-40200.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://www.suse.com/security/cve/CVE-2025-40205.html * https://www.suse.com/security/cve/CVE-2025-40206.html * https://www.suse.com/security/cve/CVE-2025-40207.html * https://bugzilla.suse.com/show_bug.cgi?id=1235463 * https://bugzilla.suse.com/show_bug.cgi?id=1236743 * https://bugzilla.suse.com/show_bug.cgi?id=1237888 * https://bugzilla.suse.com/show_bug.cgi?id=1241166 * https://bugzilla.suse.com/show_bug.cgi?id=1243474 * https://bugzilla.suse.com/show_bug.cgi?id=1245193 * https://bugzilla.suse.com/show_bug.cgi?id=1247076 * https://bugzilla.suse.com/show_bug.cgi?id=1247500 * https://bugzilla.suse.com/show_bug.cgi?id=1247509 * https://bugzilla.suse.com/show_bug.cgi?id=1247683 * https://bugzilla.suse.com/show_bug.cgi?id=1249547 * https://bugzilla.suse.com/show_bug.cgi?id=1249912 *https://bugzilla.suse.com/show_bug.cgi?id=1249982 * https://bugzilla.suse.com/show_bug.cgi?id=1250034 * https://bugzilla.suse.com/show_bug.cgi?id=1250176 * https://bugzilla.suse.com/show_bug.cgi?id=1250237 * https://bugzilla.suse.com/show_bug.cgi?id=1250252 * https://bugzilla.suse.com/show_bug.cgi?id=1250705 * https://bugzilla.suse.com/show_bug.cgi?id=1251120 * https://bugzilla.suse.com/show_bug.cgi?id=1251786 * https://bugzilla.suse.com/show_bug.cgi?id=1252063 * https://bugzilla.suse.com/show_bug.cgi?id=1252267 * https://bugzilla.suse.com/show_bug.cgi?id=1252269 * https://bugzilla.suse.com/show_bug.cgi?id=1252303 * https://bugzilla.suse.com/show_bug.cgi?id=1252352 * https://bugzilla.suse.com/show_bug.cgi?id=1252353 * https://bugzilla.suse.com/show_bug.cgi?id=1252365 * https://bugzilla.suse.com/show_bug.cgi?id=1252366 * https://bugzilla.suse.com/show_bug.cgi?id=1252368 * https://bugzilla.suse.com/show_bug.cgi?id=1252370 * https://bugzilla.suse.com/show_bug.cgi?id=1252681 * https://bugzilla.suse.com/show_bug.cgi?id=1252763 * https://bugzilla.suse.com/show_bug.cgi?id=1252773 * https://bugzilla.suse.com/show_bug.cgi?id=1252774 * https://bugzilla.suse.com/show_bug.cgi?id=1252780 * https://bugzilla.suse.com/show_bug.cgi?id=1252790 * https://bugzilla.suse.com/show_bug.cgi?id=1252794 * https://bugzilla.suse.com/show_bug.cgi?id=1252795 * https://bugzilla.suse.com/show_bug.cgi?id=1252809 * https://bugzilla.suse.com/show_bug.cgi?id=1252817 * https://bugzilla.suse.com/show_bug.cgi?id=1252821 * https://bugzilla.suse.com/show_bug.cgi?id=1252836 * https://bugzilla.suse.com/show_bug.cgi?id=1252845 * https://bugzilla.suse.com/show_bug.cgi?id=1252862 * https://bugzilla.suse.com/show_bug.cgi?id=1252912 * https://bugzilla.suse.com/show_bug.cgi?id=1252917 * https://bugzilla.suse.com/show_bug.cgi?id=1252923 * https://bugzilla.suse.com/show_bug.cgi?id=1252928 * https://bugzilla.suse.com/show_bug.cgi?id=1253018 *https://bugzilla.suse.com/show_bug.cgi?id=1253176 * https://bugzilla.suse.com/show_bug.cgi?id=1253275 * https://bugzilla.suse.com/show_bug.cgi?id=1253318 * https://bugzilla.suse.com/show_bug.cgi?id=1253324 * https://bugzilla.suse.com/show_bug.cgi?id=1253349 * https://bugzilla.suse.com/show_bug.cgi?id=1253352 * https://bugzilla.suse.com/show_bug.cgi?id=1253355 * https://bugzilla.suse.com/show_bug.cgi?id=1253360 * https://bugzilla.suse.com/show_bug.cgi?id=1253362 * https://bugzilla.suse.com/show_bug.cgi?id=1253363 * https://bugzilla.suse.com/show_bug.cgi?id=1253367 * https://bugzilla.suse.com/show_bug.cgi?id=1253369 * https://bugzilla.suse.com/show_bug.cgi?id=1253393 * https://bugzilla.suse.com/show_bug.cgi?id=1253394 * https://bugzilla.suse.com/show_bug.cgi?id=1253395 * https://bugzilla.suse.com/show_bug.cgi?id=1253403 * https://bugzilla.suse.com/show_bug.cgi?id=1253407 * https://bugzilla.suse.com/show_bug.cgi?id=1253409 * https://bugzilla.suse.com/show_bug.cgi?id=1253412 * https://bugzilla.suse.com/show_bug.cgi?id=1253416 * https://bugzilla.suse.com/show_bug.cgi?id=1253421 * https://bugzilla.suse.com/show_bug.cgi?id=1253423 * https://bugzilla.suse.com/show_bug.cgi?id=1253424 * https://bugzilla.suse.com/show_bug.cgi?id=1253425 * https://bugzilla.suse.com/show_bug.cgi?id=1253427 * https://bugzilla.suse.com/show_bug.cgi?id=1253428 * https://bugzilla.suse.com/show_bug.cgi?id=1253431 * https://bugzilla.suse.com/show_bug.cgi?id=1253436 * https://bugzilla.suse.com/show_bug.cgi?id=1253438 * https://bugzilla.suse.com/show_bug.cgi?id=1253440 * https://bugzilla.suse.com/show_bug.cgi?id=1253441 * https://bugzilla.suse.com/show_bug.cgi?id=1253445 * https://bugzilla.suse.com/show_bug.cgi?id=1253448 * https://bugzilla.suse.com/show_bug.cgi?id=1253449 * https://bugzilla.suse.com/show_bug.cgi?id=1253453 * https://bugzilla.suse.com/show_bug.cgi?id=1253456 * https://bugzilla.suse.com/show_bug.cgi?id=1253472 *https://bugzilla.suse.com/show_bug.cgi?id=1253648 * https://bugzilla.suse.com/show_bug.cgi?id=1253779 * https://bugzilla.suse.com/show_bug.cgi?id=1254181 * https://bugzilla.suse.com/show_bug.cgi?id=1254221 * https://bugzilla.suse.com/show_bug.cgi?id=1254235 . SUSE updates kernel to important rating, fixing 69 vulnerabilities with 22 critical security fixes available.. SUSE Linux, kernel update, security fixes, vulnerability management, system patching. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.