SUSE update for the Linux Kernel



Risk High
Patch available YES
Number of vulnerabilities 171
CVE-ID CVE-2023-53146
CVE-2024-28956
CVE-2024-43869
CVE-2024-46713
CVE-2024-50106
CVE-2024-50223
CVE-2024-53135
CVE-2024-54458
CVE-2024-58098
CVE-2024-58099
CVE-2024-58100
CVE-2024-58237
CVE-2025-21629
CVE-2025-21648
CVE-2025-21702
CVE-2025-21787
CVE-2025-21814
CVE-2025-21919
CVE-2025-22005
CVE-2025-22021
CVE-2025-22030
CVE-2025-22056
CVE-2025-22057
CVE-2025-22063
CVE-2025-22066
CVE-2025-22070
CVE-2025-22089
CVE-2025-22095
CVE-2025-22103
CVE-2025-22119
CVE-2025-22124
CVE-2025-22125
CVE-2025-22126
CVE-2025-23140
CVE-2025-23141
CVE-2025-23142
CVE-2025-23144
CVE-2025-23146
CVE-2025-23147
CVE-2025-23148
CVE-2025-23149
CVE-2025-23150
CVE-2025-23151
CVE-2025-23156
CVE-2025-23157
CVE-2025-23158
CVE-2025-23159
CVE-2025-23160
CVE-2025-23161
CVE-2025-37740
CVE-2025-37741
CVE-2025-37742
CVE-2025-37747
CVE-2025-37748
CVE-2025-37749
CVE-2025-37750
CVE-2025-37754
CVE-2025-37755
CVE-2025-37758
CVE-2025-37765
CVE-2025-37766
CVE-2025-37767
CVE-2025-37768
CVE-2025-37769
CVE-2025-37770
CVE-2025-37771
CVE-2025-37772
CVE-2025-37773
CVE-2025-37780
CVE-2025-37781
CVE-2025-37782
CVE-2025-37787
CVE-2025-37788
CVE-2025-37789
CVE-2025-37790
CVE-2025-37792
CVE-2025-37793
CVE-2025-37794
CVE-2025-37796
CVE-2025-37797
CVE-2025-37798
CVE-2025-37803
CVE-2025-37804
CVE-2025-37805
CVE-2025-37809
CVE-2025-37810
CVE-2025-37812
CVE-2025-37815
CVE-2025-37819
CVE-2025-37820
CVE-2025-37823
CVE-2025-37824
CVE-2025-37829
CVE-2025-37830
CVE-2025-37831
CVE-2025-37833
CVE-2025-37836
CVE-2025-37839
CVE-2025-37840
CVE-2025-37841
CVE-2025-37842
CVE-2025-37849
CVE-2025-37850
CVE-2025-37851
CVE-2025-37852
CVE-2025-37853
CVE-2025-37854
CVE-2025-37858
CVE-2025-37867
CVE-2025-37870
CVE-2025-37871
CVE-2025-37873
CVE-2025-37875
CVE-2025-37879
CVE-2025-37881
CVE-2025-37886
CVE-2025-37887
CVE-2025-37889
CVE-2025-37890
CVE-2025-37891
CVE-2025-37892
CVE-2025-37897
CVE-2025-37900
CVE-2025-37901
CVE-2025-37903
CVE-2025-37905
CVE-2025-37911
CVE-2025-37912
CVE-2025-37913
CVE-2025-37914
CVE-2025-37915
CVE-2025-37918
CVE-2025-37925
CVE-2025-37928
CVE-2025-37929
CVE-2025-37930
CVE-2025-37931
CVE-2025-37932
CVE-2025-37937
CVE-2025-37943
CVE-2025-37944
CVE-2025-37948
CVE-2025-37949
CVE-2025-37951
CVE-2025-37953
CVE-2025-37954
CVE-2025-37957
CVE-2025-37958
CVE-2025-37959
CVE-2025-37960
CVE-2025-37963
CVE-2025-37969
CVE-2025-37970
CVE-2025-37972
CVE-2025-37974
CVE-2025-37978
CVE-2025-37979
CVE-2025-37980
CVE-2025-37982
CVE-2025-37983
CVE-2025-37985
CVE-2025-37986
CVE-2025-37989
CVE-2025-37990
CVE-2025-38104
CVE-2025-38152
CVE-2025-38240
CVE-2025-38637
CVE-2025-39735
CVE-2025-40014
CVE-2025-40325
CWE-ID CWE-476
CWE-399
CWE-401
CWE-667
CWE-416
CWE-20
CWE-119
CWE-388
CWE-125
CWE-787
CWE-369
CWE-366
CWE-415
CWE-908
CWE-190
CWE-682
CWE-835
CWE-362
Exploitation vector Local
Public exploit Public exploit code for vulnerability #22 is available.
Vulnerable software
 Public Cloud Module
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

kernel-devel-azure
Operating systems & Components / Operating system package or component

kernel-source-azure
Operating systems & Components / Operating system package or component

kernel-azure-vdso
Operating systems & Components / Operating system package or component

kernel-azure-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure
Operating systems & Components / Operating system package or component

dlm-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-devel
Operating systems & Components / Operating system package or component

kernel-azure-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-optional
Operating systems & Components / Operating system package or component

kernel-azure-debugsource
Operating systems & Components / Operating system package or component

kernel-azure-extra
Operating systems & Components / Operating system package or component

kernel-syms-azure
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure
Operating systems & Components / Operating system package or component

cluster-md-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure
Operating systems & Components / Operating system package or component

kernel-azure-debuginfo
Operating systems & Components / Operating system package or component

ocfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-azure
Operating systems & Components / Operating system package or component

reiserfs-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

kernel-azure-extra-debuginfo
Operating systems & Components / Operating system package or component

kselftests-kmp-azure-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-azure
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 171 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU109254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53146

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dw2102_i2c_transfer() function in drivers/media/usb/dvb-usb/dw2102.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU109000

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-28956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU96285

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43869

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_sched_out(), exclusive_event_installable(), perf_pending_task() and perf_event_alloc() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU97313

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46713

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ring_buffer_init() function in kernel/events/ring_buffer.c, within the put_ctx(), perf_mmap_close(), perf_mmap() and atomic_dec() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU99802

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50106

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the destroy_delegation(), nfsd4_revoke_states(), nfs4_laundromat(), nfsd4_free_stateid() and nfsd4_delegreturn() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU100174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50223

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vma_next() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU101228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53135

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the module_param() function in arch/x86/kvm/vmx/vmx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU104956

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-54458

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ufs_bsg_remove() function in drivers/ufs/core/ufs_bsg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU108686

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58098

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the check_func_call(), mark_subprog_changes_pkt_data(), visit_func_call_insn() and visit_insn() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU108057

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58099

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vmxnet3_xdp_xmit_frame() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU108687

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58100

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kvfree(), jit_subprogs(), bpf_check_attach_target() and bpf_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU108688

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58237

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the subprog_tc() function in tools/testing/selftests/bpf/progs/tc_bpf2bpf.c, within the bpf_helper_changes_pkt_data() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU102981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21629

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the skb_csum_hwoffload_help() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU103047

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21648

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_ct_alloc_hashtable() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU104074

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21702

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU105035

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21787

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU105141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21814

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU106804

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21919

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU106954

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22005

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the in6_dev_put() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU107786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22021

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_sk_lookup_slow_v6() function in net/ipv6/netfilter/nf_socket_ipv6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU107677

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22030

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_cpu_comp_dead() function in mm/zswap.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU107782

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2025-22056

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

23) Use-after-free

EUVDB-ID: #VU107671

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dst_count_dec() function in net/core/dst.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU107716

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22063

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the calipso_sock_getattr() and calipso_sock_setattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU107714

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22066

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the imx_card_probe() function in sound/soc/fsl/imx-card.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU107713

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22070

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v9fs_vfs_mkdir_dotl() function in fs/9p/vfs_inode_dotl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU107710

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22089

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ib_setup_device_attrs() function in drivers/infiniband/core/sysfs.c, within the rdma_init_coredev() function in drivers/infiniband/core/device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU107778

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22095

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the brcm_pcie_add_bus() function in drivers/pci/controller/pcie-brcmstb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) NULL pointer dereference

EUVDB-ID: #VU107705

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22103

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ipvlan_l3s_unregister() function in drivers/net/ipvlan/ipvlan_l3s.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU107742

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22119

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the INIT_WORK() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU107805

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22124

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __write_sb_page() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU107741

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22125

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU107662

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22126

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __mddev_put(), md_seq_show(), EXPORT_SYMBOL_GPL(), md_notify_reboot(), md_autostart_arrays() and md_exit() functions in drivers/md/md.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory leak

EUVDB-ID: #VU108213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23140

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper locking

EUVDB-ID: #VU108317

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl_get_mpstate() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU108246

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23142

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU108318

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23144

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the led_bl_remove() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU108468

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23146

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU108298

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23147

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU108297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23148

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the exynos_chipid_probe() function in drivers/soc/samsung/exynos-chipid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper error handling

EUVDB-ID: #VU108336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23149

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU108247

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper locking

EUVDB-ID: #VU108319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23151

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mhi_gen_tre() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU108261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23156

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fill_buf_mode(), parse_alloc_mode(), fill_profile_level(), parse_profile_level(), fill_caps(), parse_caps(), fill_raw_fmts(), parse_raw_formats(), parse_codecs(), hfi_platform_parser() and hfi_parser() functions in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU108260

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23157

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the init_codecs() function in drivers/media/platform/qcom/venus/hfi_parser.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds write

EUVDB-ID: #VU108383

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23158

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU108367

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23159

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Memory leak

EUVDB-ID: #VU108214

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23160

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU108320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23161

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmd_pci_read(), vmd_pci_write() and vmd_probe() functions in drivers/pci/controller/vmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU108324

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37740

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper locking

EUVDB-ID: #VU108321

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37741

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the diReadSpecial() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU108248

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37742

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the diMount() function in fs/jfs/jfs_imap.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Memory leak

EUVDB-ID: #VU108217

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37747

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the exclusive_event_installable(), _free_event(), perf_remove_from_owner(), list_del(), perf_pending_task(), __perf_event_overflow(), perf_event_alloc(), perf_event_exit_event() and perf_free_event() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU108296

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37748

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_iommu_probe() function in drivers/iommu/mtk_iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds read

EUVDB-ID: #VU108258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37749

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ppp_sync_txmunge() function in drivers/net/ppp/ppp_synctty.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU108240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37750

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the decrypt_raw_data() function in fs/smb/client/smb2ops.c, within the cifs_crypto_secmech_release() function in fs/smb/client/cifsencrypt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU108368

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37754

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the intel_uc_init_late() function in drivers/gpu/drm/i915/gt/uc/intel_uc.c, within the intel_huc_init_early() and intel_huc_fini() functions in drivers/gpu/drm/i915/gt/uc/intel_huc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU108295

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37755

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wx_alloc_mapped_page() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU108294

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37758

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU108243

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37765

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nouveau_gem_object_del() function in drivers/gpu/drm/nouveau/nouveau_gem.c, within the nouveau_bo_del_ttm() function in drivers/gpu/drm/nouveau/nouveau_bo.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Input validation error

EUVDB-ID: #VU108393

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37766

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vega20_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Division by zero

EUVDB-ID: #VU108344

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37767

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the smu_v13_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Division by zero

EUVDB-ID: #VU108345

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37768

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the smu7_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Division by zero

EUVDB-ID: #VU108346

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37769

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the smu_v11_0_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Division by zero

EUVDB-ID: #VU108347

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37770

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Division by zero

EUVDB-ID: #VU108348

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37771

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the arcturus_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU108292

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU108388

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37773

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

EUVDB-ID: #VU108255

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37780

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the isofs_fh_to_parent() function in fs/isofs/export.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Resource management error

EUVDB-ID: #VU108355

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37781

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

EUVDB-ID: #VU108254

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37782

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hfs_bnode_read_key() function in fs/hfsplus/bnode.c, within the hfs_bnode_read_key() function in fs/hfs/bnode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Input validation error

EUVDB-ID: #VU108389

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37787

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mv88e6xxx_teardown_devlink_regions_global() function in drivers/net/dsa/mv88e6xxx/devlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Memory leak

EUVDB-ID: #VU108212

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37788

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cxgb4_init_ethtool_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU108394

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37789

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the validate_set() function in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Input validation error

EUVDB-ID: #VU108395

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37790

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mctp_sk_hash() function in net/mctp/af_mctp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU108290

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37792

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rtl_dev_err() function in drivers/bluetooth/btrtl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper error handling

EUVDB-ID: #VU108335

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37793

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the avs_component_probe() function in sound/soc/intel/avs/pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU108289

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37794

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Memory leak

EUVDB-ID: #VU108209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37796

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the at76_disconnect() function in drivers/net/wireless/atmel/at76c50x-usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Input validation error

EUVDB-ID: #VU108391

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37797

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Input validation error

EUVDB-ID: #VU108390

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37798

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Buffer overflow

EUVDB-ID: #VU108822

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37803

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Race condition within a thread

EUVDB-ID: #VU108819

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37804

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the io_wq_free_work() function in io_uring/io_uring.c. A local user can corrupt data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU108809

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37805

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) NULL pointer dereference

EUVDB-ID: #VU108799

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37809

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the typec_register_partner(), typec_unregister_partner(), typec_get_partner(), typec_partner_attach(), typec_partner_deattach() and typec_register_port() functions in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Out-of-bounds read

EUVDB-ID: #VU108791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37810

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper locking

EUVDB-ID: #VU108810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37812

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper locking

EUVDB-ID: #VU108811

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37815

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Double free

EUVDB-ID: #VU108816

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37819

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Memory leak

EUVDB-ID: #VU108789

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37820

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Input validation error

EUVDB-ID: #VU108825

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37823

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU108803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37824

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU108805

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37829

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU108806

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37830

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU108807

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37831

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU108821

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37833

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the niu_try_msix() function in drivers/net/ethernet/sun/niu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Memory leak

EUVDB-ID: #VU108851

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37836

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Input validation error

EUVDB-ID: #VU108900

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37839

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use of uninitialized resource

EUVDB-ID: #VU108881

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37840

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the brcmnand_resume() function in drivers/mtd/nand/raw/brcmnand/brcmnand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) NULL pointer dereference

EUVDB-ID: #VU108862

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37841

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the prepare_default_config() function in tools/power/cpupower/bench/parse.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Resource management error

EUVDB-ID: #VU108892

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37842

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fsl_qspi_cleanup(), fsl_qspi_probe(), fsl_qspi_remove() and module_platform_driver() functions in drivers/spi/spi-fsl-qspi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Memory leak

EUVDB-ID: #VU108853

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37849

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Division by zero

EUVDB-ID: #VU108886

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37850

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the pwm_mediatek_config() function in drivers/pwm/pwm-mediatek.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use of uninitialized resource

EUVDB-ID: #VU108882

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37851

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dispc_ovl_setup() function in drivers/video/fbdev/omap2/omapfb/dss/dispc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU108864

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37852

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amd_powerplay_create() function in drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) NULL pointer dereference

EUVDB-ID: #VU108865

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37853

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kfd_debugfs_hang_hws() function in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper locking

EUVDB-ID: #VU108873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37854

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Integer overflow

EUVDB-ID: #VU108884

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37858

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Buffer overflow

EUVDB-ID: #VU108889

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37867

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ib_init_umem_odp() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Input validation error

EUVDB-ID: #VU108902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37870

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dcn401_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c, within the dcn20_enable_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU108876

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37871

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfsd_break_one_deleg() function in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Buffer overflow

EUVDB-ID: #VU108898

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37873

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dev_kfree_skb_any() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Resource management error

EUVDB-ID: #VU108894

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37875

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the igc_ptm_log_error(), igc_phc_get_syncdevicetime(), igc_ptp_stop() and igc_ptp_reset() functions in drivers/net/ethernet/intel/igc/igc_ptp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Incorrect calculation

EUVDB-ID: #VU108897

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37879

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improper error handling

EUVDB-ID: #VU108880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37881

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Buffer overflow

EUVDB-ID: #VU108890

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37886

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Buffer overflow

EUVDB-ID: #VU108891

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37887

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU108869

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37889

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_msi_set_enable(), msi_setup_msi_desc(), msix_map_region() and msix_capability_init() functions in drivers/pci/msi/msi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use-after-free

EUVDB-ID: #VU109282

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37890

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Buffer overflow

EUVDB-ID: #VU109432

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37891

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Out-of-bounds read

EUVDB-ID: #VU109516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37892

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the INFTL_findwriteunit() function in drivers/mtd/inftlcore.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Improper locking

EUVDB-ID: #VU109540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37897

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) NULL pointer dereference

EUVDB-ID: #VU109519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37900

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Input validation error

EUVDB-ID: #VU109543

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37901

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Use-after-free

EUVDB-ID: #VU109501

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37903

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Memory leak

EUVDB-ID: #VU109492

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37905

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Out-of-bounds read

EUVDB-ID: #VU109514

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37911

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU109521

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37912

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Use-after-free

EUVDB-ID: #VU109502

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37913

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU109503

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37914

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use-after-free

EUVDB-ID: #VU109504

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37915

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU109522

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37918

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btusb_coredump_qca(), handle_dump_pkt_qca() and acl_pkt_is_dump_qca() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Improper locking

EUVDB-ID: #VU107734

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37925

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper error handling

EUVDB-ID: #VU109549

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37928

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper error handling

EUVDB-ID: #VU109550

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37929

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Resource management error

EUVDB-ID: #VU109571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37930

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Infinite loop

EUVDB-ID: #VU109558

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37931

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the submit_eb_subpage() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Resource management error

EUVDB-ID: #VU109572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37932

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Division by zero

EUVDB-ID: #VU109556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37937

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Input validation error

EUVDB-ID: #VU109544

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37943

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ath12k_dp_rx_deliver_msdu(), ath12k_dp_rx_process_msdu(), skb_pull(), ath12k_dp_rx_h_null_q_desc(), ath12k_dp_rx_h_reo_err(), ath12k_dp_rx_h_tkip_mic_err() and ath12k_dp_rx_h_rxdma_err() functions in drivers/net/wireless/ath/ath12k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Buffer overflow

EUVDB-ID: #VU109566

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37944

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ath12k_dp_mon_srng_process() function in drivers/net/wireless/ath/ath12k/dp_mon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Input validation error

EUVDB-ID: #VU109581

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Improper locking

EUVDB-ID: #VU109533

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37949

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Memory leak

EUVDB-ID: #VU109495

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37951

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) NULL pointer dereference

EUVDB-ID: #VU109526

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37953

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the htb_add_to_wait_tree(), htb_activate(), htb_qlen_notify(), htb_delete() and htb_change_class() functions in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Memory leak

EUVDB-ID: #VU109496

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37954

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_or_create_cached_dir() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Use-after-free

EUVDB-ID: #VU109511

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Improper locking

EUVDB-ID: #VU109532

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37958

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Input validation error

EUVDB-ID: #VU109583

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37959

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the skb_do_redirect() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Resource management error

EUVDB-ID: #VU109562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37960

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the memblock_double_array() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Input validation error

EUVDB-ID: #VU109582

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Infinite loop

EUVDB-ID: #VU109557

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37969

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Improper locking

EUVDB-ID: #VU109528

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37970

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) NULL pointer dereference

EUVDB-ID: #VU109518

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37972

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_pmic_keys_lp_reset_setup() function in drivers/input/keyboard/mtk-pmic-keys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Input validation error

EUVDB-ID: #VU109586

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __clp_add() function in arch/s390/pci/pci_clp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Buffer overflow

EUVDB-ID: #VU109573

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37978

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bio_integrity_alloc(), bio_integrity_uncopy_user(), bio_integrity_unmap_user(), bio_integrity_copy_user() and bio_integrity_map_user() functions in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Out-of-bounds read

EUVDB-ID: #VU109513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37979

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sound/soc/qcom/lpass.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Memory leak

EUVDB-ID: #VU109489

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37980

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the blk_debugfs_remove() function in block/blk-sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Memory leak

EUVDB-ID: #VU109490

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37982

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wl1251_tx_work() function in drivers/net/wireless/ti/wl1251/tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Memory leak

EUVDB-ID: #VU109579

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37983

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Race condition

EUVDB-ID: #VU109559

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37985

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Input validation error

EUVDB-ID: #VU109585

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37986

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the typec_unregister_partner() function in drivers/usb/typec/class.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Use-after-free

EUVDB-ID: #VU109499

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37989

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Improper error handling

EUVDB-ID: #VU109545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37990

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Improper locking

EUVDB-ID: #VU107733

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38104

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_virt_rlcg_reg_rw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c, within the amdgpu_device_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) NULL pointer dereference

EUVDB-ID: #VU107697

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38152

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) NULL pointer dereference

EUVDB-ID: #VU107696

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38240

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_dp_parse_capabilities() and mtk_dp_wait_hpd_asserted() functions in drivers/gpu/drm/mediatek/mtk_dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Improper locking

EUVDB-ID: #VU107732

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38637

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the skbprio_enqueue() and skbprio_dequeue() functions in net/sched/sch_skbprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Out-of-bounds read

EUVDB-ID: #VU107684

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-39735

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Out-of-bounds read

EUVDB-ID: #VU107683

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amd_set_spi_freq() function in drivers/spi/spi-amd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Resource management error

EUVDB-ID: #VU107771

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40325

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the raid10_handle_discard() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-devel-azure: before 6.4.0-150600.8.40.1

kernel-source-azure: before 6.4.0-150600.8.40.1

kernel-azure-vdso: before 6.4.0-150600.8.40.1

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure: before 6.4.0-150600.8.40.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-devel: before 6.4.0-150600.8.40.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-optional: before 6.4.0-150600.8.40.1

kernel-azure-debugsource: before 6.4.0-150600.8.40.1

kernel-azure-extra: before 6.4.0-150600.8.40.1

kernel-syms-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure: before 6.4.0-150600.8.40.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure: before 6.4.0-150600.8.40.1

kernel-azure-debuginfo: before 6.4.0-150600.8.40.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure: before 6.4.0-150600.8.40.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.40.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.40.1

dlm-kmp-azure: before 6.4.0-150600.8.40.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###