Stay Vigilant with Timely Linux Security Advisories

security advisorysecurity updateDebian

Debian LTS: DLA-4098-1: amd64-microcode Security Advisory Updates

A potential vulnerability has been found for certain AMD platforms which creates a possible confidential computing vulnerability. AMD has released updated microcode to prevent an attacker from loading . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4098-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Tobias Frost March 31, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : amd64-microcode Version : 3.20250311.1~deb11u1 CVE ID : CVE-2024-56161 Debian Bug : 1095470 A potential vulnerability has been found for certain AMD platforms which creates a possible confidential computing vulnerability. AMD has released updated microcode to prevent an attacker from loading tampered microcode. Additionally an SEV firmware update might be required for some platforms to support SEV-SNP attestation, which may also necessitate a BIOS update. For details please see the AMD security bulletin AMD-SB-3019. CVE-2024-56161 (AMD-SB-3019): Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privileges to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. For Debian 11 bullseye, this problem has been fixed in version 3.20250311.1~deb11u1. We recommend that you upgrade your amd64-microcode packages. For the detailed security status of amd64-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/amd64-microcode Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Updates for critical AMD microcode vulnerability affecting confidentiality. Upgrade recommendedfor affected platforms.. potential, vulnerability, found, certain, platforms, which, creates, possible, confiden. . Severity: Critical. LinuxSecurity.com Team

Mar 31, 2025 •Critical Debian LTS

security advisorysecurity updatesoftware update

SUSE: 2025:0784-1 important: Kernel Security Advisory for SP6

* bsc#1012628 * bsc#1215199 * bsc#1219367 * bsc#1222672 * bsc#1222803 . # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:0784-1 Release Date: Rating: important References: * bsc#1012628 * bsc#1215199 * bsc#1219367 * bsc#1222672 * bsc#1222803 * bsc#1225742 * bsc#1225981 * bsc#1228521 * bsc#1230235 * bsc#1230438 * bsc#1230439 * bsc#1231920 * bsc#1232159 * bsc#1232198 * bsc#1232201 * bsc#1232508 * bsc#1232520 * bsc#1232919 * bsc#1233109 * bsc#1234853 * bsc#1234857 * bsc#1234891 * bsc#1234963 * bsc#1235032 * bsc#1235054 * bsc#1235061 * bsc#1235073 * bsc#1235435 * bsc#1235592 * bsc#1235609 * bsc#1235932 * bsc#1235933 * bsc#1236113 * bsc#1236114 * bsc#1236115 * bsc#1236122 * bsc#1236123 * bsc#1236133 * bsc#1236138 * bsc#1236199 * bsc#1236200 * bsc#1236203 * bsc#1236205 * bsc#1236573 * bsc#1236575 * bsc#1236576 * bsc#1236591 * bsc#1236661 * bsc#1236677 * bsc#1236700 * bsc#1236752 * bsc#1236821 * bsc#1236822 * bsc#1236896 * bsc#1236897 * bsc#1236952 * bsc#1236967 * bsc#1236994 * bsc#1237007 * bsc#1237017 * bsc#1237025 * bsc#1237028 * bsc#1237045 * bsc#1237126 * bsc#1237132 * bsc#1237139 * bsc#1237155 * bsc#1237158 * bsc#1237159 * bsc#1237232 * bsc#1237234 * bsc#1237325 * bsc#1237415 * bsc#1237452 * bsc#1237558 * bsc#1237562 * bsc#1237563 * jsc#PED-10028 * jsc#PED-12094 * jsc#PED-348 * jsc#PED-6143 Cross-References: * CVE-2023-52924 * CVE-2023-52925 * CVE-2024-26708 * CVE-2024-26810 * CVE-2024-41055 * CVE-2024-44974 * CVE-2024-45009 * CVE-2024-45010 * CVE-2024-47701 * CVE-2024-49884 * CVE-2024-49950 * CVE-2024-50073 * CVE-2024-50085 * CVE-2024-50115 * CVE-2024-50185 * CVE-2024-53147 * CVE-2024-53173 * CVE-2024-53226 * CVE-2024-53239 * CVE-2024-56539 * CVE-2024-56548 * CVE-2024-56568 * CVE-2024-56579 * CVE-2024-56605 * CVE-2024-56647 * CVE-2024-56720 * CVE-2024-57889 *CVE-2024-57948 * CVE-2025-21636 * CVE-2025-21637 * CVE-2025-21638 * CVE-2025-21639 * CVE-2025-21640 * CVE-2025-21647 * CVE-2025-21680 * CVE-2025-21684 * CVE-2025-21687 * CVE-2025-21688 * CVE-2025-21689 * CVE-2025-21690 * CVE-2025-21692 * CVE-2025-21697 * CVE-2025-21699 * CVE-2025-21700 CVSS scores: * CVE-2023-52924 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-52924 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2023-52925 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2023-52925 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52925 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26708 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26708 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26810 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26810 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41055 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-44974 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2024-44974 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-44974 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45009 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45009 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45010 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45010 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47701 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-47701 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-47701 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49884 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50073 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50073 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-50073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H * CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H * CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53147 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53147 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53226 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53226 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53226 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56568 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56568 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56568 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56579 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56579 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56579 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56647 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56647 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56720 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56720 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57889 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-57889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57948 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-57948 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21636 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21636 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21637 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21637 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21638 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21638 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21638 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21639 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21639 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21640 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21640 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21647 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21647 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21680 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21684 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21684 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21684 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21687 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21687 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21687 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21688 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21689 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21690 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21692 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21697 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-21697 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21699 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21699 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21699 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21700 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21700 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Confidential Computing Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 44 vulnerabilities, contains four features and has 33 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-26708: mptcp: fastopen and PM-trigger subflow shutdown can race (bsc#1222672). * CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). * CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). * CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). * CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). * CVE-2024-50185: mptcp: handle consistently DSS corruption (bsc#1233109). * CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). * CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). * CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). * CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). * CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-> nsproxy (bsc#1236113). * CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-> nsproxy (bsc#1236114). * CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-> nsproxy (bsc#1236115). * CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-> nsproxy (bsc#1236122). * CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-> nsproxy (bsc#1236123). * CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). * CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). * CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). * CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). * CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). The following non-security bugs were fixed: * ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). * ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). * ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). * ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). * ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). * ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). * APEI: GHES: Have GHES honor the panic= setting (stable-fixes). * ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). * ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). * ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git- fixes). * ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). * ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). * ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git- fixes). * Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). * HID: Wacom: Add PCI Wacom device support (stable-fixes). * HID: hid-steam: Add Deck IMU support (stable-fixes). * HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). * HID:hid-steam: Avoid overwriting smoothing parameter (stable-fixes). * HID: hid-steam: Clean up locking (stable-fixes). * HID: hid-steam: Disable watchdog instead of using a heartbeat (stable- fixes). * HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git- fixes). * HID: hid-steam: Fix cleanup in probe() (git-fixes). * HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). * HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). * HID: hid-steam: Update list of identifiers from SDL (stable-fixes). * HID: hid-steam: remove pointless error message (stable-fixes). * HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). * HID: multitouch: Add NULL check in mt_input_configured (git-fixes). * Input: allocate keycode for phone linking (stable-fixes). * KVM: SVM: Propagate error from snp_guest_req_init() to userspace (jsc#PED-348). * KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). * KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). * KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). * KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). * KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git- fixes). * KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). * KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). * KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) * KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). * KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). * KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). * KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). * KVM: x86/mmu: Processatomically-zapped SPTEs after TLB flush (jsc#PED-6143). * KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes). * KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). * KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). * KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). * KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). * KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git- fixes). * KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git- fixes). * KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). * KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). * PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). * PCI: Use downstream bridges for distributing resources (bsc#1237325). * PCI: hookup irq_get_affinity callback (bsc#1236896). * PCI: imx6: Simplify clock handling by using clk_bulk*() function (git- fixes). * PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). * Pickup RXE code change introduced by upstream. * RDMA/efa: Reset device on probe failure (git-fixes) * RDMA/rxe: Improve newline in printing messages (git-fixes) * Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes). * Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes). * USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable- fixes). * USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). * USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). * USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). * USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). * USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). * USB: quirks: addUSB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). * USB: serial: option: add MeiG Smart SLM828 (stable-fixes). * USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). * USB: serial: option: drop MeiG Smart defines (stable-fixes). * USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). * Use gcc-13 for build on SLE16 (jsc#PED-10028). * acct: block access to kernel internal filesystems (git-fixes). * acct: perform last write from workqueue (git-fixes). * arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) * arm64: Handle .ARM.attributes section in linker scripts (git-fixes) * arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) * ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). * batman-adv: Drop unmanaged ELP metric worker (git-fixes). * batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). * batman-adv: fix panic during interface removal (git-fixes). * bio-integrity: do not restrict the size of integrity metadata (git-fixes). * blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). * blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git- fixes). * blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git- fixes). * blk-mq: add number of queue calc helper (bsc#1236897). * blk-mq: create correct map for fallback case (bsc#1236896). * blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). * blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). * blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). * blk-mq: move cpuhp callback registering out of q-> sysfs_lock (git-fixes). * blk-mq: register cpuhp callback after hctx is added to xarray table (git- fixes). * blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). * blk_iocost: remove some duplicate irqdisable/enables (git-fixes). * block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). * block: Clear zone limits for a non-zoned stacked queue (git-fixes). * block: Fix elevator_get_default() checking for NULL q-> tag_set (git-fixes). * block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). * block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). * block: Provide bdev_open_* functions (git-fixes). * block: Remove special-casing of compound pages (git-fixes). * block: Set memalloc_noio to false on device_add_disk() error path (git- fixes). * block: add a disk_has_partscan helper (git-fixes). * block: add a partscan sysfs attribute for disks (git-fixes). * block: add check of 'minors' and 'first_minor' in device_add_disk() (git- fixes). * block: avoid to reuse `hctx` not removed from cpuhp callback list (git- fixes). * block: change rq_integrity_vec to respect the iterator (git-fixes). * block: copy back bounce buffer to user-space correctly in case of split (git-fixes). * block: ensure we hold a queue reference when using queue limits (git-fixes). * block: fix and simplify blkdevparts= cmdline parsing (git-fixes). * block: fix bio_split_rw_at to take zone_write_granularity into account (git- fixes). * block: fix integer overflow in BLKSECDISCARD (git-fixes). * block: fix missing dispatching request when queue is started or unquiesced (git-fixes). * block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git- fixes). * block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). * block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). * block: propagate partition scanning errors to the BLKRRPART ioctl (git- fixes). * block: remove the blk_flush_integrity call in blk_integrity_unregister (git- fixes). * block: retry call probe after request_module in blk_request_module (git- fixes). * block: return unsigned int frombdev_io_min (git-fixes). * block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). * block: support to account io_ticks precisely (git-fixes). * block: use the right type for stub rq_integrity_vec() (git-fixes). * bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). * bnxt_en: Refactor bnxt_ptp_init() (git-fixes). * bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). * btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). * btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). * can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). * can: ctucanfd: handle skb allocation failure (git-fixes). * can: etas_es58x: fix potential NULL pointer dereference on udev-> serial (git-fixes). * can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). * chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). * clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git- fixes). * clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). * clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). * clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). * clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git- fixes). * clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). * clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). * clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). * clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). * clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). * clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). * clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). * cpu/hotplug: Do not offline the last non-isolated CPU(bsc#1237562). * cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). * cpufreq: s3c64xx: Fix compilation warning (stable-fixes). * cxgb4: Avoid removal of uninserted tid (git-fixes). * cxgb4: use port number to set mac addr (git-fixes). * devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). * dlm: fix srcu_read_lock() return type to int (git-fixes). * doc: update managed_irq documentation (bsc#1236897). * driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). * drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). * drm/amd/pm: Mark MM activity as unsupported (stable-fixes). * drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable- fixes). * drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). * drm/amdkfd: only flush the validate MES contex (stable-fixes). * drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable- fixes). * drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). * drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). * drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). * drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). * drm/i915/selftests: avoid using uninitialized context (git-fixes). * drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). * drm/i915: Fix page cleanup on DMA remap failure (git-fixes). * drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). * drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). * drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git- fixes). * drm/msm: Avoid rounding up to one jiffy (git-fixes). * drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). * drm/virtio: New fence for every plane update (stable-fixes). * efi: Avoid cold plugged memory for placing the kernel (stable-fixes). * efi:libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). * eth: gve: use appropriate helper to set xdp_features (git-fixes). * exfat: convert to ctime accessor functions (git-fixes). * exfat: fix file being changed by unaligned direct write (git-fixes). * exfat: fix zero the unwritten part for dio read (git-fixes). * fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). * gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). * gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). * gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git- fixes). * gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). * gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). * hfs: Sanity check the root record (git-fixes). * i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). * iavf: allow changing VLAN state without calling PF (git-fixes). * ice: Skip PTP HW writes during PTP reset procedure (git-fixes). * ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). * ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). * ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git- fixes). * ice: fix incorrect PHY settings for 100 GB/s (git-fixes). * ice: fix max values for dpll pin phase adjust (git-fixes). * ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). * ice: gather page_count()'s of each frag right before XDP prog call (git- fixes). * ice: put Rx buffers after being done with current frame (git-fixes). * ice: stop storing XDP verdict within ice_rx_buf (git-fixes). * ice: use internal pf id instead of function number (git-fixes). * idpf: add read memory barrier when checking descriptor done bit (git-fixes). * idpf: call set_real_num_queues in idpf_open (bsc#1236661). * idpf: convert workqueues to unbound (git-fixes). * idpf: fix VF dynamic interrupt ctlregister initialization (git-fixes). * idpf: fix handling rsc packet with a single segment (git-fixes). * igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). * igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). * igc: return early when failing to read EECD register (git-fixes). * iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). * kabi: fix bus type (bsc#1236896). * kabi: fix group_cpus_evenly (bsc#1236897). * kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). * kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). * kvm: svm: Fix gctx page leak on invalid inputs (jsc#PED-348). * lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). * lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). * lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). * lib: stackinit: hide never-taken branch from compiler (stable-fixes). * lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). * loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). * media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). * media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). * media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). * media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). * media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). * mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable- fixes). * mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). * mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). * mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). * mptcp: export local_address (git-fixes) * mptcp: fix NL PM announced address accounting (git-fixes) * mptcp: fix data races on local_id (git-fixes) * mptcp: fix inconsistentstate on fastopen race (bsc#1222672). * mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) * mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) * mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git- fixes) * mptcp: pm: deny endp with signal + subflow + port (git-fixes) * mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) * mptcp: pm: do not try to create sf if alloc failed (git-fixes) * mptcp: pm: fullmesh: select the right ID later (git-fixes) * mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) * mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) * mptcp: pm: re-using ID of unused flushed subflows (git-fixes) * mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) * mptcp: pm: re-using ID of unused removed subflows (git-fixes) * mptcp: pm: reduce indentation blocks (git-fixes) * mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) * mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) * mptcp: unify pm get_local_id interfaces (git-fixes) * mptcp: unify pm set_flags interfaces (git-fixes) * mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). * mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). * mtd: rawnand: cadence: fix unchecked dereference (git-fixes). * mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). * nbd: Fix signal handling (git-fixes). * nbd: Improve the documentation of the locking assumptions (git-fixes). * nbd: do not allow reconnect after disconnect (git-fixes). * net/mlx5: Correct TASR typo into TSAR (git-fixes). * net/mlx5: Fix RDMA TX steering prio (git-fixes). * net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). * net/mlx5: SF, Fix add port error handling (git-fixes). * net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). * net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). * net/mlx5e: Rely onreqid in IPsec tunnel mode (git-fixes). * net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). * net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). * net: rose: lock the socket in rose_bind() (git-fixes). * net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). * net: smc: fix spurious error message from __sock_release() (bsc#1237126). * net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable- fixes). * nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). * null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). * null_blk: Fix missing mutex_destroy() at module removal (git-fixes). * null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git- fixes). * null_blk: Print correct max open zones limit in null_init_zoned_dev() (git- fixes). * null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). * null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). * null_blk: fix validation of block size (git-fixes). * nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). * nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). * ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). * padata: Clean up in padata_do_multithreaded() (bsc#1237563). * padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). * partitions: ldm: remove the initial kernel-doc notation (git-fixes). * pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). * platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). * platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). * platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). * platform/x86: ISST: Ignore minor version change (bsc#1237452). * platform/x86: acer-wmi: IgnoreAC events (stable-fixes). * platform/x86: int3472: Check for adev == NULL (stable-fixes). * power: supply: da9150-fg: fix potential overflow (git-fixes). * powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). * powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). * powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). * powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). * powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (bsc#1235933 bsc#1235932). * powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967). * rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). * rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). * rbd: do not move requests to the running list on errors (git-fixes). * rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). * regmap-irq: Add missing kfree() (git-fixes). * s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). * s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). * s390/iucv: fix receive buffer virtual vs physical address confusion (git- fixes bsc#1236200). * s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). * s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). * s390/pci: Ignore RID for isolated VFs (bsc#1236752). * s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). * s390/pci: Use topology ID for multi-function devices (bsc#1236752). * s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). * s390/topology: Improve topology detection (bsc#1236591). * s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). * scripts/gdb: fix aarch64 userspace detection in get_current_task (stable- fixes). * scsi:replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). * scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). * scsi: use block layer helpers to calculate num of queues (bsc#1236897). * selftest: hugetlb_dio: fix test naming (git-fixes). * selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). * selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable- fixes). * selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). * selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). * selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). * selftests: mptcp: connect: -f: no reconnect (git-fixes). * selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). * serial: 8250: Fix fifo underflow on flush (git-fixes). * smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). * soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). * spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). * spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). * spi: sn-f-ospi: Fix division by zero (git-fixes). * tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). * tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). * tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes). * ublk: fix error code for unsupported command (git-fixes). * ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). * ublk: move ublk_cancel_dev() out of ub-> mutex (git-fixes). * ublk: move zone report data out of request pdu (git-fixes). * usb: cdc-acm: Check control transfer buffer size before access (git-fixes). * usb: cdc-acm: Fix handling of oversized fragments (git-fixes). * usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). * usb:dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). * usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). * usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). * usb: gadget: core: flush gadget workqueue after device removal (git-fixes). * usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). * usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). * usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). * usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). * usb: roles: set switch registered flag early on (git-fixes). * usb: xhci: Fix NULL pointer dereference on certain command aborts (git- fixes). * usbnet: ipheth: document scope of NCM implementation (stable-fixes). * util_macros.h: fix/rework find_closest() macros (git-fixes). * vhost/net: Set num_buffers for virtio 1.0 (git-fixes). * virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). * virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). * virtio: hookup irq_get_affinity callback (bsc#1236896). * virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). * wifi: ath12k: fix handling of 6 GHz rules (git-fixes). * wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). * wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable- fixes). * wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). * wifi: iwlwifi: avoid memory leak (stable-fixes). * wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). * wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). * wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). * x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). * x86/asm:Make serialize() always_inline (git-fixes). * x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). * x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). * x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). * x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). * x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). * x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). * x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). * x86/xen: Grab mm lock before grabbing pt lock (git-fixes). * xen/swiotlb: relax alignment requirements (git-fixes). * xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Confidential Computing Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-784=1 ## Package List: * Confidential Computing Module 15-SP6 (nosrc x86_64) * kernel-coco-6.4.0-15061.18.coco15sp6.1 * kernel-coco_debug-6.4.0-15061.18.coco15sp6.1 * Confidential Computing Module 15-SP6 (x86_64) * reiserfs-kmp-coco-debuginfo-6.4.0-15061.18.coco15sp6.1 * kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1 * kernel-syms-coco-6.4.0-15061.18.coco15sp6.1 * kernel-coco_debug-debuginfo-6.4.0-15061.18.coco15sp6.1 * kernel-coco-vdso-debuginfo-6.4.0-15061.18.coco15sp6.1 * kernel-coco-devel-6.4.0-15061.18.coco15sp6.1 * kernel-coco_debug-devel-debuginfo-6.4.0-15061.18.coco15sp6.1 * kernel-coco_debug-debugsource-6.4.0-15061.18.coco15sp6.1 * reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1 * kernel-coco-debugsource-6.4.0-15061.18.coco15sp6.1 * kernel-coco-debuginfo-6.4.0-15061.18.coco15sp6.1 * Confidential ComputingModule 15-SP6 (noarch) * kernel-devel-coco-6.4.0-15061.18.coco15sp6.1 * kernel-source-coco-6.4.0-15061.18.coco15sp6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52924.html * https://www.suse.com/security/cve/CVE-2023-52925.html * https://www.suse.com/security/cve/CVE-2024-26708.html * https://www.suse.com/security/cve/CVE-2024-26810.html * https://www.suse.com/security/cve/CVE-2024-41055.html * https://www.suse.com/security/cve/CVE-2024-44974.html * https://www.suse.com/security/cve/CVE-2024-45009.html * https://www.suse.com/security/cve/CVE-2024-45010.html * https://www.suse.com/security/cve/CVE-2024-47701.html * https://www.suse.com/security/cve/CVE-2024-49884.html * https://www.suse.com/security/cve/CVE-2024-49950.html * https://www.suse.com/security/cve/CVE-2024-50073.html * https://www.suse.com/security/cve/CVE-2024-50085.html * https://www.suse.com/security/cve/CVE-2024-50115.html * https://www.suse.com/security/cve/CVE-2024-50185.html * https://www.suse.com/security/cve/CVE-2024-53147.html * https://www.suse.com/security/cve/CVE-2024-53173.html * https://www.suse.com/security/cve/CVE-2024-53226.html * https://www.suse.com/security/cve/CVE-2024-53239.html * https://www.suse.com/security/cve/CVE-2024-56539.html * https://www.suse.com/security/cve/CVE-2024-56548.html * https://www.suse.com/security/cve/CVE-2024-56568.html * https://www.suse.com/security/cve/CVE-2024-56579.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://www.suse.com/security/cve/CVE-2024-56647.html * https://www.suse.com/security/cve/CVE-2024-56720.html * https://www.suse.com/security/cve/CVE-2024-57889.html * https://www.suse.com/security/cve/CVE-2024-57948.html * https://www.suse.com/security/cve/CVE-2025-21636.html * https://www.suse.com/security/cve/CVE-2025-21637.html * https://www.suse.com/security/cve/CVE-2025-21638.html * https://www.suse.com/security/cve/CVE-2025-21639.html *https://www.suse.com/security/cve/CVE-2025-21640.html * https://www.suse.com/security/cve/CVE-2025-21647.html * https://www.suse.com/security/cve/CVE-2025-21680.html * https://www.suse.com/security/cve/CVE-2025-21684.html * https://www.suse.com/security/cve/CVE-2025-21687.html * https://www.suse.com/security/cve/CVE-2025-21688.html * https://www.suse.com/security/cve/CVE-2025-21689.html * https://www.suse.com/security/cve/CVE-2025-21690.html * https://www.suse.com/security/cve/CVE-2025-21692.html * https://www.suse.com/security/cve/CVE-2025-21697.html * https://www.suse.com/security/cve/CVE-2025-21699.html * https://www.suse.com/security/cve/CVE-2025-21700.html * https://bugzilla.suse.com/show_bug.cgi?id=1012628 * https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1219367 * https://bugzilla.suse.com/show_bug.cgi?id=1222672 * https://bugzilla.suse.com/show_bug.cgi?id=1222803 * https://bugzilla.suse.com/show_bug.cgi?id=1225742 * https://bugzilla.suse.com/show_bug.cgi?id=1225981 * https://bugzilla.suse.com/show_bug.cgi?id=1228521 * https://bugzilla.suse.com/show_bug.cgi?id=1230235 * https://bugzilla.suse.com/show_bug.cgi?id=1230438 * https://bugzilla.suse.com/show_bug.cgi?id=1230439 * https://bugzilla.suse.com/show_bug.cgi?id=1231920 * https://bugzilla.suse.com/show_bug.cgi?id=1232159 * https://bugzilla.suse.com/show_bug.cgi?id=1232198 * https://bugzilla.suse.com/show_bug.cgi?id=1232201 * https://bugzilla.suse.com/show_bug.cgi?id=1232508 * https://bugzilla.suse.com/show_bug.cgi?id=1232520 * https://bugzilla.suse.com/show_bug.cgi?id=1232919 * https://bugzilla.suse.com/show_bug.cgi?id=1233109 * https://bugzilla.suse.com/show_bug.cgi?id=1234853 * https://bugzilla.suse.com/show_bug.cgi?id=1234857 * https://bugzilla.suse.com/show_bug.cgi?id=1234891 * https://bugzilla.suse.com/show_bug.cgi?id=1234963 * https://bugzilla.suse.com/show_bug.cgi?id=1235032 * https://bugzilla.suse.com/show_bug.cgi?id=1235054 *https://bugzilla.suse.com/show_bug.cgi?id=1235061 * https://bugzilla.suse.com/show_bug.cgi?id=1235073 * https://bugzilla.suse.com/show_bug.cgi?id=1235435 * https://bugzilla.suse.com/show_bug.cgi?id=1235592 * https://bugzilla.suse.com/show_bug.cgi?id=1235609 * https://bugzilla.suse.com/show_bug.cgi?id=1235932 * https://bugzilla.suse.com/show_bug.cgi?id=1235933 * https://bugzilla.suse.com/show_bug.cgi?id=1236113 * https://bugzilla.suse.com/show_bug.cgi?id=1236114 * https://bugzilla.suse.com/show_bug.cgi?id=1236115 * https://bugzilla.suse.com/show_bug.cgi?id=1236122 * https://bugzilla.suse.com/show_bug.cgi?id=1236123 * https://bugzilla.suse.com/show_bug.cgi?id=1236133 * https://bugzilla.suse.com/show_bug.cgi?id=1236138 * https://bugzilla.suse.com/show_bug.cgi?id=1236199 * https://bugzilla.suse.com/show_bug.cgi?id=1236200 * https://bugzilla.suse.com/show_bug.cgi?id=1236203 * https://bugzilla.suse.com/show_bug.cgi?id=1236205 * https://bugzilla.suse.com/show_bug.cgi?id=1236573 * https://bugzilla.suse.com/show_bug.cgi?id=1236575 * https://bugzilla.suse.com/show_bug.cgi?id=1236576 * https://bugzilla.suse.com/show_bug.cgi?id=1236591 * https://bugzilla.suse.com/show_bug.cgi?id=1236661 * https://bugzilla.suse.com/show_bug.cgi?id=1236677 * https://bugzilla.suse.com/show_bug.cgi?id=1236700 * https://bugzilla.suse.com/show_bug.cgi?id=1236752 * https://bugzilla.suse.com/show_bug.cgi?id=1236821 * https://bugzilla.suse.com/show_bug.cgi?id=1236822 * https://bugzilla.suse.com/show_bug.cgi?id=1236896 * https://bugzilla.suse.com/show_bug.cgi?id=1236897 * https://bugzilla.suse.com/show_bug.cgi?id=1236952 * https://bugzilla.suse.com/show_bug.cgi?id=1236967 * https://bugzilla.suse.com/show_bug.cgi?id=1236994 * https://bugzilla.suse.com/show_bug.cgi?id=1237007 * https://bugzilla.suse.com/show_bug.cgi?id=1237017 * https://bugzilla.suse.com/show_bug.cgi?id=1237025 * https://bugzilla.suse.com/show_bug.cgi?id=1237028 *https://bugzilla.suse.com/show_bug.cgi?id=1237045 * https://bugzilla.suse.com/show_bug.cgi?id=1237126 * https://bugzilla.suse.com/show_bug.cgi?id=1237132 * https://bugzilla.suse.com/show_bug.cgi?id=1237139 * https://bugzilla.suse.com/show_bug.cgi?id=1237155 * https://bugzilla.suse.com/show_bug.cgi?id=1237158 * https://bugzilla.suse.com/show_bug.cgi?id=1237159 * https://bugzilla.suse.com/show_bug.cgi?id=1237232 * https://bugzilla.suse.com/show_bug.cgi?id=1237234 * https://bugzilla.suse.com/show_bug.cgi?id=1237325 * https://bugzilla.suse.com/show_bug.cgi?id=1237415 * https://bugzilla.suse.com/show_bug.cgi?id=1237452 * https://bugzilla.suse.com/show_bug.cgi?id=1237558 * https://bugzilla.suse.com/show_bug.cgi?id=1237562 * https://bugzilla.suse.com/show_bug.cgi?id=1237563 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10028&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-12094&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-348&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-6143&page_caps=&user_role= . Canonical reveals a significant Ubuntu system update addressing 37 security flaws and enhancing overall platform resilience.. Linux Kernel Security, SUSE Update, Patch Management. . Severity: Important. LinuxSecurity.com Team

Mar 05, 2025 •Important SuSE

security advisorysecurity fixvulnerability

SUSE Linux 15 SP6: 2025:0564-1 Important Kernel Security Fixes

* bsc#1215199 * bsc#1222803 * bsc#1224049 * bsc#1226980 * bsc#1227937 . # Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:0564-1 Release Date: 2025-02-17T13:26:35Z Rating: important References: * bsc#1215199 * bsc#1222803 * bsc#1224049 * bsc#1226980 * bsc#1227937 * bsc#1231088 * bsc#1232101 * bsc#1232161 * bsc#1233028 * bsc#1233221 * bsc#1233248 * bsc#1233522 * bsc#1233778 * bsc#1234070 * bsc#1234683 * bsc#1234693 * bsc#1234947 * bsc#1235001 * bsc#1235217 * bsc#1235230 * bsc#1235244 * bsc#1235390 * bsc#1235418 * bsc#1235430 * bsc#1235441 * bsc#1235485 * bsc#1235487 * bsc#1235489 * bsc#1235498 * bsc#1235545 * bsc#1235578 * bsc#1235582 * bsc#1235583 * bsc#1235612 * bsc#1235638 * bsc#1235656 * bsc#1235686 * bsc#1235865 * bsc#1235874 * bsc#1235914 * bsc#1235941 * bsc#1235948 * bsc#1236127 * bsc#1236160 * bsc#1236161 * bsc#1236163 * bsc#1236182 * bsc#1236192 * bsc#1236245 * bsc#1236247 * bsc#1236260 * bsc#1236262 * bsc#1236628 * bsc#1236680 * bsc#1236681 * bsc#1236682 * bsc#1236683 * bsc#1236684 * bsc#1236685 * bsc#1236688 * bsc#1236689 * bsc#1236694 * bsc#1236696 * bsc#1236698 * bsc#1236702 * bsc#1236703 * bsc#1236732 * bsc#1236733 * bsc#1236757 * bsc#1236758 * bsc#1236759 * bsc#1236760 * bsc#1236761 * jsc#PED-12094 * jsc#PED-7242 Cross-References: * CVE-2024-40980 * CVE-2024-46858 * CVE-2024-49948 * CVE-2024-49978 * CVE-2024-50142 * CVE-2024-50251 * CVE-2024-50258 * CVE-2024-50304 * CVE-2024-53123 * CVE-2024-53187 * CVE-2024-53203 * CVE-2024-56592 * CVE-2024-56600 * CVE-2024-56601 * CVE-2024-56608 * CVE-2024-56610 * CVE-2024-56633 * CVE-2024-56650 * CVE-2024-56658 * CVE-2024-56665 * CVE-2024-56679 * CVE-2024-56693 * CVE-2024-56707 * CVE-2024-56715 * CVE-2024-56725 * CVE-2024-56726 * CVE-2024-56727 * CVE-2024-56728 * CVE-2024-56763 * CVE-2024-57802 * CVE-2024-57882 *CVE-2024-57884 * CVE-2024-57917 * CVE-2024-57931 * CVE-2024-57938 * CVE-2024-57946 * CVE-2025-21652 * CVE-2025-21653 * CVE-2025-21655 * CVE-2025-21663 * CVE-2025-21664 * CVE-2025-21665 * CVE-2025-21666 * CVE-2025-21667 * CVE-2025-21668 * CVE-2025-21669 * CVE-2025-21670 * CVE-2025-21673 * CVE-2025-21674 * CVE-2025-21675 * CVE-2025-21676 * CVE-2025-21678 * CVE-2025-21681 * CVE-2025-21682 CVSS scores: * CVE-2024-40980 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40980 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46858 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-46858 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-49948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49978 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-49978 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50142 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50142 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50142 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50251 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50251 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50251 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50258 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-50258 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50258 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50304 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50304 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53123 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53123 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53187 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2024-53187 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-53187 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53203 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-53203 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-53203 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56592 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56592 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56600 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56600 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56608 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56608 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56610 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56610 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56633 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N *CVE-2024-56633 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56650 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56650 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56650 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-56658 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56658 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56658 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56665 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56665 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56679 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56679 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56693 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56693 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56693 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56707 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56715 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56715 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56725 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56725 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56725 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56726 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56726 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56726 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56727 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56727 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56728 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56763 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-56763 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56763 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57802 ( SUSE ): 2.1 CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-57802 ( SUSE ): 4.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-57802 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57882 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-57882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-57882 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57884 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-57884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57917 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-57917 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57931 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-57931 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57938 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-57938 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57938 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-57946 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-57946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21652 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21652 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21652 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21652 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21653 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-21653 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-21655 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21655 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21663 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21664 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21664 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21665 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21665 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21666 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21666 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21666 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21667 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21667 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21667 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21668 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-21668 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-21669 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21669 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21669 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21670 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21670 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21673 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21673 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-21673 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21674 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21674 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21675 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21675 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21676 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21676 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21676 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H *CVE-2025-21678 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21678 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21681 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-21681 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-21682 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21682 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21682 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Confidential Computing Module 15-SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 54 vulnerabilities, contains two features and has 19 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). * CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). * CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). * CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). * CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). * CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). * CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). * CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). * CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). * CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). *CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). * CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). * CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). * CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). * CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). * CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). * CVE-2024-56633: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (bsc#1235485). * CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). * CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). * CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). * CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). * CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). * CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). * CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). * CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). * CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). * CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). * CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). * CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). * CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). * CVE-2024-57882: mptcp: fix TCP options overflow.(bsc#1235914). * CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). * CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). * CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). * CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). * CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). * CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). * CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). * CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). * CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). * CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). * CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). * CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). * CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). * CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). * CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). * CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). * CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). * CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). * CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). * CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). * CVE-2025-21678: gtp: Destroy device along with udpsocket's netns dismantle (bsc#1236698). * CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). * CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). The following non-security bugs were fixed: * ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). * ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). * ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). * ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable- fixes). * ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). * ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). * ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). * ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). * ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). * ALSA: seq: Make dependency on UMP clearer (git-fixes). * ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable- fixes). * ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). * ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). * ASoC: Intel: avs: Abstract IPC handling (stable-fixes). * ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). * ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). * ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). * ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). * ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). * ASoC: samsung: Add missing depends on I2C (git-fixes). * ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). * ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). * ASoC: wm8994: Add depends on MFD core (stable-fixes). * Bluetooth: L2CAP: accept zeroas a special value for MTU auto-selection (git-fixes). * Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). * Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). * EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). * HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). * HID: fix generic desktop D-Pad controls (git-fixes). * HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). * HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). * HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). * Input: atkbd - map F23 key to support default copilot shortcut (stable- fixes). * Input: bbnsm_pwrkey - add remove hook (git-fixes). * Input: davinci-keyscan - remove leftover header (git-fixes). * Input: xpad - add QH Electronics VID/PID (stable-fixes). * Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable- fixes). * Input: xpad - add support for Nacon Pro Compact (stable-fixes). * Input: xpad - add support for wooting two he (arm) (stable-fixes). * Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable- fixes). * Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). * KVM: Allow page-sized MMU caches to be initialized with custom 64-bit values (jsc#PED-6143). * KVM: x86/mmu: Add Suppress VE bit to EPT shadow_mmio_mask/shadow_present_mask (jsc#PED-6143). * KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE (jsc#PED-6143). * KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE (jsc#PED-6143). * KVM: x86/mmu: Track shadow MMIO value on a per-VM basis (jsc#PED-6143). * NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). * NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). * NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). * PCI: Avoid puttingsome root ports into D3 on TUXEDO Sirius Gen1 (git- fixes). * PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). * PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git- fixes). * PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). * PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). * PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git- fixes). * PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). * PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git- fixes). * PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git- fixes). * PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). * PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). * PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). * PM: hibernate: Add error handling for syscore_suspend() (git-fixes). * RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git- fixes) * RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) * RDMA/mlx4: Avoid false error about access to uninitialized gids array (git- fixes) * RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git- fixes) * RDMA/mlx5: Fix implicit ODP use after free (git-fixes) * RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) * RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) * RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" (git-fixes) * RDMA/srp: Fix error handling in srp_add_port (git-fixes) * Remove "iommu/arm-smmu: Defer probe of clients after smmu device bound", reverted by upstream. * Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" (stable- fixes). * Revert "drm/i915/dpt: Make DPT object unshrinkable" (stable-fixes). * Revert "usb: gadget: u_serial:Disable ep before setting port to null to fix the crash caused by port being null" (stable-fixes). * Revert "Disable ceph". * USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git- fixes). * VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). * VMCI: fix reference to ioctl-number.rst (git-fixes). * afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). * afs: Fix cleanup of immediately failed async calls (git-fixes). * afs: Fix directory format encoding struct (git-fixes). * afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). * arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) * arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) * arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file * arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git- fixes) * arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) * arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) * arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) * arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) * ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable- fixes). * bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git- fixes). * cpufreq: ACPI: Fix max-frequency computation (git-fixes). * cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). * cpufreq: amd-pstate: remove global header file (git-fixes). * cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). * cpufreq: imx6q: do not warn for disabling a non-existing frequency (git- fixes). * cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). * cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git- fixes). * cpufreq: intel_pstate: fix pstate limits enforcement foradjust_perf call back (git-fixes). * cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). * cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). * cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). * cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). * cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). * cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). * cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). * cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). * cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). * cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). * cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). * cpuidle: Avoid potential overflow in integer multiplication (git-fixes). * cpupower: fix TSC MHz calculation (git-fixes). * crypto: caam - use JobR's space to access page 0 regs (git-fixes). * crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). * crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). * crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). * crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). * crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git- fixes). * crypto: qce - fix goto jump in error path (git-fixes). * crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). * crypto: qce - unregister previously registered algos in error path (git- fixes). * devcoredump: cleanup some comments (git-fixes). * dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). * docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git- fixes). * driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). *drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). * drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). * drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). * drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). * drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). * drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). * drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). * drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). * drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). * drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). * drm/etnaviv: Fix page property being used for non writecombine buffers (git- fixes). * drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). * drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). * drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). * drm/i915/pmu: Fix zero delta busyness issue (git-fixes). * drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). * drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) * drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). * drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). * drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). * drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). * drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). * drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). * drm/msm: Check return value of of_dma_configure() (git-fixes). * drm/msm: do not clean up priv-> kms prematurely (git-fixes). * drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). * drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). * drm/rockchip: move output interfacerelated definition to rockchip_drm_drv.h (stable-fixes). * drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). * drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git- fixes). * drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). * drm/rockchip: vop2: Fix the windows switch between different layers (git- fixes). * drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). * drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). * drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable- fixes). * drm/tidss: Clear the interrupt status for interrupts being disabled (git- fixes). * drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). * drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). * drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). * fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git- fixes). * firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). * futex: Do not include process MM in futex key on no-MMU (git-fixes). * genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). * genksyms: fix memory leak when the same symbol is added from source (git- fixes). * genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). * gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). * gpio: mxc: remove dead code after switch to DT-only (git-fixes). * gpio: pca953x: Improve interrupt support (git-fixes). * gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). * gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). * hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). * hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). * ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). * iio: adc: ad_sigma_delta:Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). * iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git- fixes). * iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). * intel_th: core: fix kernel-doc warnings (git-fixes). * ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). * ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git- fixes). * kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git- fixes). * kheaders: Ignore silly-rename files (stable-fixes). * ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). * ktest.pl: Check kernelrelease return in get_version (git-fixes). * ktest.pl: Fix typo "accesing" (git-fixes). * ktest.pl: Fix typo in comment (git-fixes). * ktest.pl: Remove unused declarations in run_bisect_test function (git- fixes). * ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable- fixes). * landlock: Handle weird files (git-fixes). * latencytop: use correct kernel-doc format for func params (git-fixes). * leds: lp8860: Write full EEPROM, not only half of it (git-fixes). * leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). * lib/inflate.c: remove dead code (git-fixes). * lockdep: fix deadlock issue between lockdep and rcu (git-fixes). * locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). * locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). * mac802154: check local interfaces before deleting sdata list (stable-fixes). * mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). * maple_tree: simplify split calculation (git-fixes). * media: camif-core: Add check for clk_enable() (git-fixes). * media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). * media: ccs: Fix CCS static dataparsing for large block sizes (git-fixes). * media: ccs: Fix cleanup order in ccs_probe() (git-fixes). * media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). * media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). * media: firewire: firedtv-avc.c: replace BUG with proper, error return (git- fixes). * media: i2c: imx412: Add missing newline to prints (git-fixes). * media: i2c: ov9282: Correct the exposure offset (git-fixes). * media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). * media: imx296: Add standby delay during probe (git-fixes). * media: lmedm04: Handle errors for lme2510_int_read (git-fixes). * media: marvell: Add check for clk_enable() (git-fixes). * media: mc: fix endpoint iteration (git-fixes). * media: mipi-csis: Add check for clk_enable() (git-fixes). * media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). * media: ov08x40: Fix hblank out of range issue (git-fixes). * media: ov5640: fix get_light_freq on auto (git-fixes). * media: rc: iguanair: handle timeouts (git-fixes). * media: rkisp1: Fix unused value issue (git-fixes). * media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). * media: uvcvideo: Fix double free in error path (git-fixes). * media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). * media: uvcvideo: Only save async fh if success (git-fixes). * media: uvcvideo: Propagate buf-> error to userspace (git-fixes). * media: uvcvideo: Remove dangling pointers (git-fixes). * media: uvcvideo: Remove redundant NULL assignment (git-fixes). * media: uvcvideo: Support partial control reads (git-fixes). * memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). * misc: fastrpc: Deregister device nodes properly in error scenarios (git- fixes). * misc: fastrpc: Fix copy buffer page size (git-fixes). * misc: fastrpc: Fix registeredbuffer page address (git-fixes). * misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git- fixes). * mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). * mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). * mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) * mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). * mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). * net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). * net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). * net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760). * net: mana: Enable debugfs files for MANA device (bsc#1236758). * net: netvsc: Update default VMBus channels (bsc#1236757). * net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). * net: rose: fix timer races against user threads (git-fixes). * net: usb: rtl8150: enable basic endpoint checking (git-fixes). * netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). * nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). * nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). * nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). * nvme: Add error path for xa_store in nvme_init_effects (git-fixes). * nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git- fixes). * nvmet: propagate npwg topology (git-fixes). * padata: add pd get/put refcnt helper (git-fixes). * padata: avoid UAF for reorder_work (git-fixes). * padata: fix UAF in padata_reorder (git-fixes). * pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). * pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). * pm:cpupower: Add missing powercap_set_enabled() stubfunction (git-fixes). * power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). * powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). * pps: add an error check in parport_attach (git-fixes). * pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). * printk: Add is_printk_legacy_deferred() (bsc#1236733). * printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). * pwm: stm32-lp: Add check for clk_enable() (git-fixes). * pwm: stm32: Add check for clk_enable() (git-fixes). * r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). * rcu-tasks: Pull sampling of -> percpu_dequeue_lim out of loop (git-fixes) * rcu/tree: Defer setting of jiffies during stall reset (git-fixes) * rcu: Dump memory object info if callback function is invalid (git-fixes) * rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) * rcuscale: Move rcu_scale_writer() (git-fixes) * rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) * regulator: core: Add missing newline character (git-fixes). * regulator: of: Implement the unwind path of of_regulator_match() (git- fixes). * remoteproc: core: Fix ida_free call while not allocated (git-fixes). * rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). * rtc: zynqmp: Fix optional clock name property (git-fixes). * samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). * sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). * sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). * scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git- fixes). * seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). * selftest: media_tests: fix trivial UAF typo (git-fixes). * selftests/alsa: Fix circular dependency involving global-timer (stable- fixes). * selftests/futex: pass _GNU_SOURCE without a value to thecompiler (git- fixes). * selftests/landlock: Fix error message (git-fixes). * selftests/mm/cow: modify the incorrect checking parameters (git-fixes). * selftests/powerpc: Fix argument order to timer_sub() (git-fixes). * selftests: harness: fix printing of mismatch values in __EXPECT() (git- fixes). * selftests: tc-testing: reduce rshift value (stable-fixes). * selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). * selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). * serial: 8250: Adjust the timeout for FIFO mode (git-fixes). * serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). * serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). * serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). * soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). * soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). * soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). * soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). * soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). * soc: qcom: socinfo: move SMEM item struct and defines to a header (git- fixes). * spi: zynq-qspi: Add check for clk_enable() (git-fixes). * srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) * srcu: Only accelerate on enqueue time (git-fixes) * staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git- fixes). * staging: media: max96712: fix kernel oops when removing module (git-fixes). * tools: Sync if_xdp.h uapi tooling header (git-fixes). * tty: xilinx_uartps: split sysrq handling (git-fixes). * ubifs: skip dumping tnc tree when zroot is null (git-fixes). * uio: Fix return value of poll (git-fixes). * uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git- fixes). * usb:chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). * usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). * usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). * usb: gadget: f_tcm: Do not free command immediately (git-fixes). * usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). * usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). * usb: gadget: f_tcm: Translate error to sense (git-fixes). * usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). * usb: host: xhci-plat: Assign shared_hcd-> rsrc_start (git-fixes). * usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) * usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). * usbnet: ipheth: break up NCM header size computation (git-fixes). * usbnet: ipheth: check that DPE points past NCM header (git-fixes). * usbnet: ipheth: fix DPE OoB read (git-fixes). * usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). * usbnet: ipheth: refactor NCM datagram loop (git-fixes). * usbnet: ipheth: use static NDP16 location in URB (git-fixes). * vfio/pci: Lock external INTx masking ops (bsc#1222803). * virtio-mem: check if the config changed before fake offlining memory (git- fixes). * virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git- fixes). * virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). * virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). * vsock/virtio: cancel close work in the destructor (git-fixes) * vsock: Keep the binding until socket destruction (git-fixes) * vsock: reset socket state when de-assigning the transport (git-fixes) * wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). * wifi: ath11k: cleanup structath11k_mon_data (git-fixes). * wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). * wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). * wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). * wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). * wifi: mac80211: Fix common size calculation for ML element (git-fixes). * wifi: mac80211: do not flush non-uploaded STAs (git-fixes). * wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). * wifi: mac80211: prohibit deactivating all links (git-fixes). * wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). * wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). * wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). * wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). * wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). * wifi: mt76: mt7915: fix omac index assignment after hardware reset (git- fixes). * wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git- fixes). * wifi: mt76: mt7915: fix register mapping (git-fixes). * wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). * wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). * wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). * wifi: mt76: mt7996: add max mpdu len capability (git-fixes). * wifi: mt76: mt7996: fix HE Phy capability (git-fixes). * wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). * wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). * wifi: mt76: mt7996: fix ldpc setting (git-fixes). * wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git- fixes). * wifi: mt76: mt7996: fix register mapping (git-fixes). * wifi: mt76: mt7996: fix rx filter setting for bfeefunctionality (git- fixes). * wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git- fixes). * wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). * wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). * wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). * wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git- fixes). * wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git- fixes). * wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). * wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). * wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). * wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). * wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). * wifi: rtlwifi: wait for firmware loading before releasing memory (git- fixes). * wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). * wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). * wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). * workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). * xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). * xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Confidential Computing Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-564=1 ## Package List: * Confidential Computing Module 15-SP6 (nosrc x86_64) * kernel-coco-6.4.0-15061.15.coco15sp6.1 *kernel-coco_debug-6.4.0-15061.15.coco15sp6.1 * Confidential Computing Module 15-SP6 (x86_64) * kernel-coco-debuginfo-6.4.0-15061.15.coco15sp6.1 * kernel-coco_debug-debugsource-6.4.0-15061.15.coco15sp6.1 * kernel-coco_debug-devel-6.4.0-15061.15.coco15sp6.1 * reiserfs-kmp-coco-debuginfo-6.4.0-15061.15.coco15sp6.1 * kernel-coco-vdso-debuginfo-6.4.0-15061.15.coco15sp6.1 * kernel-coco-devel-6.4.0-15061.15.coco15sp6.1 * reiserfs-kmp-coco-6.4.0-15061.15.coco15sp6.1 * kernel-syms-coco-6.4.0-15061.15.coco15sp6.1 * kernel-coco_debug-devel-debuginfo-6.4.0-15061.15.coco15sp6.1 * kernel-coco-debugsource-6.4.0-15061.15.coco15sp6.1 * kernel-coco_debug-debuginfo-6.4.0-15061.15.coco15sp6.1 * Confidential Computing Module 15-SP6 (noarch) * kernel-devel-coco-6.4.0-15061.15.coco15sp6.1 * kernel-source-coco-6.4.0-15061.15.coco15sp6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40980.html * https://www.suse.com/security/cve/CVE-2024-46858.html * https://www.suse.com/security/cve/CVE-2024-49948.html * https://www.suse.com/security/cve/CVE-2024-49978.html * https://www.suse.com/security/cve/CVE-2024-50142.html * https://www.suse.com/security/cve/CVE-2024-50251.html * https://www.suse.com/security/cve/CVE-2024-50258.html * https://www.suse.com/security/cve/CVE-2024-50304.html * https://www.suse.com/security/cve/CVE-2024-53123.html * https://www.suse.com/security/cve/CVE-2024-53187.html * https://www.suse.com/security/cve/CVE-2024-53203.html * https://www.suse.com/security/cve/CVE-2024-56592.html * https://www.suse.com/security/cve/CVE-2024-56600.html * https://www.suse.com/security/cve/CVE-2024-56601.html * https://www.suse.com/security/cve/CVE-2024-56608.html * https://www.suse.com/security/cve/CVE-2024-56610.html * https://www.suse.com/security/cve/CVE-2024-56633.html * https://www.suse.com/security/cve/CVE-2024-56650.html * https://www.suse.com/security/cve/CVE-2024-56658.html *https://www.suse.com/security/cve/CVE-2024-56665.html * https://www.suse.com/security/cve/CVE-2024-56679.html * https://www.suse.com/security/cve/CVE-2024-56693.html * https://www.suse.com/security/cve/CVE-2024-56707.html * https://www.suse.com/security/cve/CVE-2024-56715.html * https://www.suse.com/security/cve/CVE-2024-56725.html * https://www.suse.com/security/cve/CVE-2024-56726.html * https://www.suse.com/security/cve/CVE-2024-56727.html * https://www.suse.com/security/cve/CVE-2024-56728.html * https://www.suse.com/security/cve/CVE-2024-56763.html * https://www.suse.com/security/cve/CVE-2024-57802.html * https://www.suse.com/security/cve/CVE-2024-57882.html * https://www.suse.com/security/cve/CVE-2024-57884.html * https://www.suse.com/security/cve/CVE-2024-57917.html * https://www.suse.com/security/cve/CVE-2024-57931.html * https://www.suse.com/security/cve/CVE-2024-57938.html * https://www.suse.com/security/cve/CVE-2024-57946.html * https://www.suse.com/security/cve/CVE-2025-21652.html * https://www.suse.com/security/cve/CVE-2025-21653.html * https://www.suse.com/security/cve/CVE-2025-21655.html * https://www.suse.com/security/cve/CVE-2025-21663.html * https://www.suse.com/security/cve/CVE-2025-21664.html * https://www.suse.com/security/cve/CVE-2025-21665.html * https://www.suse.com/security/cve/CVE-2025-21666.html * https://www.suse.com/security/cve/CVE-2025-21667.html * https://www.suse.com/security/cve/CVE-2025-21668.html * https://www.suse.com/security/cve/CVE-2025-21669.html * https://www.suse.com/security/cve/CVE-2025-21670.html * https://www.suse.com/security/cve/CVE-2025-21673.html * https://www.suse.com/security/cve/CVE-2025-21674.html * https://www.suse.com/security/cve/CVE-2025-21675.html * https://www.suse.com/security/cve/CVE-2025-21676.html * https://www.suse.com/security/cve/CVE-2025-21678.html * https://www.suse.com/security/cve/CVE-2025-21681.html * https://www.suse.com/security/cve/CVE-2025-21682.html *https://bugzilla.suse.com/show_bug.cgi?id=1215199 * https://bugzilla.suse.com/show_bug.cgi?id=1222803 * https://bugzilla.suse.com/show_bug.cgi?id=1224049 * https://bugzilla.suse.com/show_bug.cgi?id=1226980 * https://bugzilla.suse.com/show_bug.cgi?id=1227937 * https://bugzilla.suse.com/show_bug.cgi?id=1231088 * https://bugzilla.suse.com/show_bug.cgi?id=1232101 * https://bugzilla.suse.com/show_bug.cgi?id=1232161 * https://bugzilla.suse.com/show_bug.cgi?id=1233028 * https://bugzilla.suse.com/show_bug.cgi?id=1233221 * https://bugzilla.suse.com/show_bug.cgi?id=1233248 * https://bugzilla.suse.com/show_bug.cgi?id=1233522 * https://bugzilla.suse.com/show_bug.cgi?id=1233778 * https://bugzilla.suse.com/show_bug.cgi?id=1234070 * https://bugzilla.suse.com/show_bug.cgi?id=1234683 * https://bugzilla.suse.com/show_bug.cgi?id=1234693 * https://bugzilla.suse.com/show_bug.cgi?id=1234947 * https://bugzilla.suse.com/show_bug.cgi?id=1235001 * https://bugzilla.suse.com/show_bug.cgi?id=1235217 * https://bugzilla.suse.com/show_bug.cgi?id=1235230 * https://bugzilla.suse.com/show_bug.cgi?id=1235244 * https://bugzilla.suse.com/show_bug.cgi?id=1235390 * https://bugzilla.suse.com/show_bug.cgi?id=1235418 * https://bugzilla.suse.com/show_bug.cgi?id=1235430 * https://bugzilla.suse.com/show_bug.cgi?id=1235441 * https://bugzilla.suse.com/show_bug.cgi?id=1235485 * https://bugzilla.suse.com/show_bug.cgi?id=1235487 * https://bugzilla.suse.com/show_bug.cgi?id=1235489 * https://bugzilla.suse.com/show_bug.cgi?id=1235498 * https://bugzilla.suse.com/show_bug.cgi?id=1235545 * https://bugzilla.suse.com/show_bug.cgi?id=1235578 * https://bugzilla.suse.com/show_bug.cgi?id=1235582 * https://bugzilla.suse.com/show_bug.cgi?id=1235583 * https://bugzilla.suse.com/show_bug.cgi?id=1235612 * https://bugzilla.suse.com/show_bug.cgi?id=1235638 * https://bugzilla.suse.com/show_bug.cgi?id=1235656 * https://bugzilla.suse.com/show_bug.cgi?id=1235686 *https://bugzilla.suse.com/show_bug.cgi?id=1235865 * https://bugzilla.suse.com/show_bug.cgi?id=1235874 * https://bugzilla.suse.com/show_bug.cgi?id=1235914 * https://bugzilla.suse.com/show_bug.cgi?id=1235941 * https://bugzilla.suse.com/show_bug.cgi?id=1235948 * https://bugzilla.suse.com/show_bug.cgi?id=1236127 * https://bugzilla.suse.com/show_bug.cgi?id=1236160 * https://bugzilla.suse.com/show_bug.cgi?id=1236161 * https://bugzilla.suse.com/show_bug.cgi?id=1236163 * https://bugzilla.suse.com/show_bug.cgi?id=1236182 * https://bugzilla.suse.com/show_bug.cgi?id=1236192 * https://bugzilla.suse.com/show_bug.cgi?id=1236245 * https://bugzilla.suse.com/show_bug.cgi?id=1236247 * https://bugzilla.suse.com/show_bug.cgi?id=1236260 * https://bugzilla.suse.com/show_bug.cgi?id=1236262 * https://bugzilla.suse.com/show_bug.cgi?id=1236628 * https://bugzilla.suse.com/show_bug.cgi?id=1236680 * https://bugzilla.suse.com/show_bug.cgi?id=1236681 * https://bugzilla.suse.com/show_bug.cgi?id=1236682 * https://bugzilla.suse.com/show_bug.cgi?id=1236683 * https://bugzilla.suse.com/show_bug.cgi?id=1236684 * https://bugzilla.suse.com/show_bug.cgi?id=1236685 * https://bugzilla.suse.com/show_bug.cgi?id=1236688 * https://bugzilla.suse.com/show_bug.cgi?id=1236689 * https://bugzilla.suse.com/show_bug.cgi?id=1236694 * https://bugzilla.suse.com/show_bug.cgi?id=1236696 * https://bugzilla.suse.com/show_bug.cgi?id=1236698 * https://bugzilla.suse.com/show_bug.cgi?id=1236702 * https://bugzilla.suse.com/show_bug.cgi?id=1236703 * https://bugzilla.suse.com/show_bug.cgi?id=1236732 * https://bugzilla.suse.com/show_bug.cgi?id=1236733 * https://bugzilla.suse.com/show_bug.cgi?id=1236757 * https://bugzilla.suse.com/show_bug.cgi?id=1236758 * https://bugzilla.suse.com/show_bug.cgi?id=1236759 * https://bugzilla.suse.com/show_bug.cgi?id=1236760 * https://bugzilla.suse.com/show_bug.cgi?id=1236761 *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-12094&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-7242&page_caps=&user_role= . This Red Hat patch resolves 30 vulnerabilities in the Linux Kernel and incorporates essential security enhancements. Stay protected!. Linux Kernel Security, SUSE Update, Kernel Patches, Security Fixes, Software Updates. . Severity: Important. LinuxSecurity.com Team

Feb 17, 2025 •Important SuSE

security advisorydenial of serviceubuntu

Ubuntu 22.04 LTS USN-7123-1 critical: kernel issues affecting cloud systems

Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7123-1 November 20, 2024 linux-azure vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems Details: It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6610) Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - Null block device driver; - Character device driver; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I3C subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Miscellaneous) drivers; -IOMMU subsystem; - IRQ chip drivers; - ISDN/mISDN subsystem; - LED subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - Near Field Communication (NFC) drivers; - NVME drivers; - Device tree and open firmware driver; - Parport drivers; - PCI subsystem; - Pin controllers subsystem; - Remote Processor subsystem; - S/390 drivers; - SCSI drivers; - QCOM SoC drivers; - Direct Digital Synthesis drivers; - Thunderbolt and USB4 drivers; - TTY drivers; - Userspace I/O drivers; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - USB Type-C Connector System Software Interface driver; - USB over IP driver; - VHOST drivers; - File systems infrastructure; - BTRFS file system; - Ext4 file system; - F2FS file system; - JFS file system; - NILFS2 file system; - NTFS3 file system; - Proc file system; - SMB network file system; - Core kernel; - DMA mapping infrastructure; - RCU subsystem; - Tracing infrastructure; - Radix Tree data structure library; - Kernel userspace event delivery library; - Objagg library; - Memory management; - Amateur Radio drivers; - Bluetooth subsystem; - Ethernet bridge; - CAN network layer; - Networking core; - Ethtool driver; - IPv4 networking; - IPv6 networking; - IUCV driver; - KCM (Kernel Connection Multiplexor) sockets driver; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - Wireless networking; - AppArmor security module; - Landlock security; - Simplified Mandatory Access Control Kernel framework; - FireWire sound drivers; - SoC audio core drivers; - USB sound devices; (CVE-2023-52751, CVE-2024-43902, CVE-2024-46791,CVE-2024-45018, CVE-2024-44987, CVE-2024-46763, CVE-2024-46724, CVE-2024-26893, CVE-2024-42283, CVE-2024-46738, CVE-2024-46819, CVE-2024-44982, CVE-2023-52889, CVE-2024-45025, CVE-2023-52918, CVE-2024-46800, CVE-2024-46756, CVE-2024-46719, CVE-2024-39472, CVE-2024-42292, CVE-2024-45006, CVE-2024-46675, CVE-2024-44971, CVE-2024-46731, CVE-2024-42286, CVE-2024-44954, CVE-2024-42274, CVE-2024-46746, CVE-2024-42276, CVE-2024-43869, CVE-2024-43830, CVE-2024-42288, CVE-2024-41042, CVE-2024-42126, CVE-2024-43870, CVE-2024-46805, CVE-2024-41078, CVE-2024-44966, CVE-2024-44989, CVE-2024-46795, CVE-2024-44988, CVE-2024-38577, CVE-2024-43839, CVE-2024-43909, CVE-2024-46745, CVE-2024-42285, CVE-2024-43871, CVE-2024-41081, CVE-2024-42289, CVE-2024-44965, CVE-2024-42271, CVE-2024-42284, CVE-2024-45009, CVE-2024-41068, CVE-2024-44958, CVE-2024-46759, CVE-2024-42304, CVE-2024-43890, CVE-2024-41019, CVE-2024-43846, CVE-2024-41012, CVE-2024-44983, CVE-2024-41072, CVE-2024-46702, CVE-2024-26800, CVE-2024-42302, CVE-2023-52572, CVE-2024-46783, CVE-2024-43892, CVE-2024-45028, CVE-2024-44999, CVE-2024-46814, CVE-2024-41022, CVE-2024-42281, CVE-2024-46679, CVE-2024-42290, CVE-2024-44960, CVE-2024-41071, CVE-2024-41091, CVE-2024-44990, CVE-2024-46757, CVE-2024-38611, CVE-2024-47668, CVE-2024-45008, CVE-2024-46707, CVE-2024-44935, CVE-2024-42299, CVE-2024-46771, CVE-2024-42265, CVE-2024-43883, CVE-2024-46673, CVE-2024-46747, CVE-2024-43875, CVE-2024-44985, CVE-2024-42311, CVE-2024-46798, CVE-2024-43884, CVE-2024-46725, CVE-2024-42318, CVE-2024-43873, CVE-2024-42296, CVE-2024-43907, CVE-2024-43834, CVE-2024-46721, CVE-2024-47659, CVE-2024-45026, CVE-2024-47667, CVE-2024-44986, CVE-2024-41020, CVE-2024-43849, CVE-2024-46744, CVE-2024-44946, CVE-2024-43861, CVE-2024-42269, CVE-2024-46822, CVE-2024-46739, CVE-2024-44948, CVE-2024-46804, CVE-2024-41064, CVE-2024-44995, CVE-2024-26669, CVE-2024-46781, CVE-2024-46732, CVE-2024-42246, CVE-2024-46780, CVE-2024-46743, CVE-2024-44947, CVE-2024-47663, CVE-2024-46752,CVE-2024-43893, CVE-2024-45021, CVE-2024-43856, CVE-2024-46714, CVE-2024-41011, CVE-2024-41070, CVE-2024-46832, CVE-2024-46737, CVE-2024-43867, CVE-2024-42277, CVE-2024-44934, CVE-2024-46723, CVE-2024-43880, CVE-2024-43860, CVE-2024-42297, CVE-2024-45003, CVE-2024-46810, CVE-2024-43889, CVE-2024-42287, CVE-2024-43854, CVE-2024-42313, CVE-2024-42305, CVE-2024-41077, CVE-2024-38602, CVE-2024-46758, CVE-2024-46807, CVE-2024-43853, CVE-2024-45007, CVE-2024-41090, CVE-2024-42280, CVE-2024-46844, CVE-2024-45011, CVE-2024-47660, CVE-2024-47665, CVE-2024-46829, CVE-2024-44944, CVE-2024-41015, CVE-2024-42259, CVE-2024-43914, CVE-2024-43829, CVE-2022-48666, CVE-2024-43828, CVE-2024-46755, CVE-2024-43858, CVE-2024-46740, CVE-2024-46689, CVE-2024-42309, CVE-2024-42295, CVE-2024-41098, CVE-2023-52757, CVE-2024-46782, CVE-2024-46777, CVE-2024-46685, CVE-2024-44969, CVE-2024-47669, CVE-2024-43882, CVE-2024-42310, CVE-2024-43905, CVE-2024-44998, CVE-2024-42306, CVE-2024-40915, CVE-2024-46713, CVE-2024-41059, CVE-2024-41017, CVE-2024-43879, CVE-2024-46677, CVE-2024-42312, CVE-2024-43908, CVE-2024-46750, CVE-2024-46722, CVE-2024-42267, CVE-2024-46818, CVE-2024-26661, CVE-2024-43817, CVE-2024-42272, CVE-2024-41065, CVE-2024-46828, CVE-2024-46840, CVE-2024-46676, CVE-2024-43841, CVE-2024-46815, CVE-2024-26607, CVE-2023-52434, CVE-2024-46761, CVE-2024-42114, CVE-2024-41073, CVE-2024-43894, CVE-2024-43835, CVE-2024-46817, CVE-2024-41060, CVE-2024-36484, CVE-2024-42301, CVE-2024-44974, CVE-2024-43863, CVE-2024-41063) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1075-azure 5.15.0-1075.84 linux-image-azure-lts-22.04 5.15.0.1075.73 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all thirdparty kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7123-1 CVE-2022-48666, CVE-2023-52434, CVE-2023-52572, CVE-2023-52751, CVE-2023-52757, CVE-2023-52889, CVE-2023-52918, CVE-2023-6610, CVE-2024-25744, CVE-2024-26607, CVE-2024-26661, CVE-2024-26669, CVE-2024-26800, CVE-2024-26893, CVE-2024-36484, CVE-2024-38577, CVE-2024-38602, CVE-2024-38611, CVE-2024-39472, CVE-2024-40915, CVE-2024-41011, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41019, CVE-2024-41020, CVE-2024-41022, CVE-2024-41042, CVE-2024-41059, CVE-2024-41060, CVE-2024-41063, CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070, CVE-2024-41071, CVE-2024-41072, CVE-2024-41073, CVE-2024-41077, CVE-2024-41078, CVE-2024-41081, CVE-2024-41090, CVE-2024-41091, CVE-2024-41098, CVE-2024-42114, CVE-2024-42126, CVE-2024-42246, CVE-2024-42259, CVE-2024-42265, CVE-2024-42267, CVE-2024-42269, CVE-2024-42271, CVE-2024-42272, CVE-2024-42274, CVE-2024-42276, CVE-2024-42277, CVE-2024-42280, CVE-2024-42281, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289, CVE-2024-42290, CVE-2024-42292, CVE-2024-42295, CVE-2024-42296, CVE-2024-42297, CVE-2024-42299, CVE-2024-42301, CVE-2024-42302, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306, CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42312, CVE-2024-42313, CVE-2024-42318, CVE-2024-43817, CVE-2024-43828, CVE-2024-43829, CVE-2024-43830, CVE-2024-43834, CVE-2024-43835, CVE-2024-43839, CVE-2024-43841, CVE-2024-43846, CVE-2024-43849, CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861, CVE-2024-43863, CVE-2024-43867, CVE-2024-43869,CVE-2024-43870, CVE-2024-43871, CVE-2024-43873, CVE-2024-43875, CVE-2024-43879, CVE-2024-43880, CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43889, CVE-2024-43890, CVE-2024-43892, CVE-2024-43893, CVE-2024-43894, CVE-2024-43902, CVE-2024-43905, CVE-2024-43907, CVE-2024-43908, CVE-2024-43909, CVE-2024-43914, CVE-2024-44934, CVE-2024-44935, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947, CVE-2024-44948, CVE-2024-44954, CVE-2024-44958, CVE-2024-44960, CVE-2024-44965, CVE-2024-44966, CVE-2024-44969, CVE-2024-44971, CVE-2024-44974, CVE-2024-44982, CVE-2024-44983, CVE-2024-44985, CVE-2024-44986, CVE-2024-44987, CVE-2024-44988, CVE-2024-44989, CVE-2024-44990, CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003, CVE-2024-45006, CVE-2024-45007, CVE-2024-45008, CVE-2024-45009, CVE-2024-45011, CVE-2024-45018, CVE-2024-45021, CVE-2024-45025, CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46675, CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685, CVE-2024-46689, CVE-2024-46702, CVE-2024-46707, CVE-2024-46713, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721, CVE-2024-46722, CVE-2024-46723, CVE-2024-46724, CVE-2024-46725, CVE-2024-46731, CVE-2024-46732, CVE-2024-46737, CVE-2024-46738, CVE-2024-46739, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46746, CVE-2024-46747, CVE-2024-46750, CVE-2024-46752, CVE-2024-46755, CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759, CVE-2024-46761, CVE-2024-46763, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780, CVE-2024-46781, CVE-2024-46782, CVE-2024-46783, CVE-2024-46791, CVE-2024-46795, CVE-2024-46798, CVE-2024-46800, CVE-2024-46804, CVE-2024-46805, CVE-2024-46807, CVE-2024-46810, CVE-2024-46814, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818, CVE-2024-46819, CVE-2024-46822, CVE-2024-46828, CVE-2024-46829, CVE-2024-46832, CVE-2024-46840, CVE-2024-46844, CVE-2024-47659, CVE-2024-47660,CVE-2024-47663, CVE-2024-47665, CVE-2024-47667, CVE-2024-47668, CVE-2024-47669 Package Information: https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1075.84 . Essential patches for Ubuntu 22.04 LTS address several flaws in the Linux kernel, bolstering security measures for cloud environments on AWS.. Linux Kernel Updates, Ubuntu Security Advisory, Azure Kernel Enhancements. . Severity: Critical. LinuxSecurity.com Team

Nov 20, 2024 •Critical Ubuntu

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Explore Latest Linux Security advisories

Debian LTS: DLA-4098-1: amd64-microcode Security Advisory Updates

SUSE: 2025:0784-1 important: Kernel Security Advisory for SP6

SUSE Linux 15 SP6: 2025:0564-1 Important Kernel Security Fixes

Ubuntu 22.04 LTS USN-7123-1 critical: kernel issues affecting cloud systems

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!