Main Vulnerability Database SB2025092466

SB2025092466 - SUSE update for the Linux Kernel

Published: September 24, 2025 Updated: January 9, 2026

Security Bulletin ID SB2025092466

Severity

High

Patch available

YES

Number of vulnerabilities 35

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 35 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-49980)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb_udc_uevent() function in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.

2) Improper locking (CVE-ID: CVE-2022-50116)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gsm_queue(), gsmld_output(), gsm_stuff_frame(), gsm_data_alloc(), gsm_is_flow_ctrl_msg(), __gsm_data_queue(), gsm_dlci_modem_output(), gsm_control_message(), gsm_control_wait(), gsm_dlci_close(), gsm_dlci_open(), gsm1_receive(), gsm_cleanup_mux(), gsm_activate_mux(), gsm_alloc_mux() and gsmld_open() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2023-53117)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __close_fd() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

4) Input validation error (CVE-ID: CVE-2024-42265)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

5) Improper locking (CVE-ID: CVE-2024-53093)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_add_ns_head_cdev(), nvme_mpath_alloc_disk(), nvme_mpath_set_live(), nvme_mpath_shutdown_disk() and nvme_mpath_remove_disk() functions in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2024-53177)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_query_info_free(), invalidate_all_cached_dirs(), smb2_cached_lease_break(), cached_dir_lease_break() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.

7) Memory leak (CVE-ID: CVE-2024-57947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

8) Infinite loop (CVE-ID: CVE-2024-58239)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2025-21701)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ethnl_ops_begin() function in net/ethtool/netlink.c. A local user can perform a denial of service (DoS) attack.

10) Incorrect calculation (CVE-ID: CVE-2025-21971)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2025-37798)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.

12) Out-of-bounds read (CVE-ID: CVE-2025-38088)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.

13) Memory leak (CVE-ID: CVE-2025-38120)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.

14) Input validation error (CVE-ID: CVE-2025-38177)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the eltree_insert() and hfsc_qlen_notify() functions in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.

15) Use-after-free (CVE-ID: CVE-2025-38180)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.

16) NULL pointer dereference (CVE-ID: CVE-2025-38184)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2025-38323)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX(), lec_vcc_attach(), lecd_attach() and lane_ioctl() functions in net/atm/lec.c. A local user can escalate privileges on the system.

18) Use-after-free (CVE-ID: CVE-2025-38350)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_alloc_handle() and qdisc_tree_reduce_backlog() functions in net/sched/sch_api.c. A local user can escalate privileges on the system.

19) Race condition (CVE-ID: CVE-2025-38352)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.

Note, the vulnerability is being actively exploited in the wild against Android devices.

20) NULL pointer dereference (CVE-ID: CVE-2025-38460)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2025-38468)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2025-38477)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

23) Buffer overflow (CVE-ID: CVE-2025-38494)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

24) Incorrect calculation (CVE-ID: CVE-2025-38495)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

25) Out-of-bounds read (CVE-ID: CVE-2025-38497)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the webusb_landingPage_store() and os_desc_qw_sign_store() functions in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.

26) Improper privilege management (CVE-ID: CVE-2025-38498)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.

27) Input validation error (CVE-ID: CVE-2025-38499)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.

28) Memory leak (CVE-ID: CVE-2025-38546)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.

29) Use-after-free (CVE-ID: CVE-2025-38555)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.

30) Input validation error (CVE-ID: CVE-2025-38560)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.

31) Memory leak (CVE-ID: CVE-2025-38563)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

32) Use of uninitialized resource (CVE-ID: CVE-2025-38608)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.

33) Improper locking (CVE-ID: CVE-2025-38617)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

34) Use-after-free (CVE-ID: CVE-2025-38618)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

35) Use of uninitialized resource (CVE-ID: CVE-2025-38644)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202503344-1/

Vulnerable Software

SUSE Linux Enterprise High Performance Computing LTSS 15: SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Micro: 5.5
SUSE Linux Enterprise Live Patching: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-64kb: before 5.14.21-150500.55.121.2
kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-mediatek: before 5.14.21-150500.55.121.1
kernel-64kb-optional: before 5.14.21-150500.55.121.2
reiserfs-kmp-64kb: before 5.14.21-150500.55.121.2
kernel-64kb-devel: before 5.14.21-150500.55.121.2
kernel-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-qcom: before 5.14.21-150500.55.121.1
dtb-nvidia: before 5.14.21-150500.55.121.1
cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-apple: before 5.14.21-150500.55.121.1
dtb-exynos: before 5.14.21-150500.55.121.1
dtb-amlogic: before 5.14.21-150500.55.121.1
kernel-64kb-extra: before 5.14.21-150500.55.121.2
dtb-apm: before 5.14.21-150500.55.121.1
ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-hisilicon: before 5.14.21-150500.55.121.1
dlm-kmp-64kb: before 5.14.21-150500.55.121.2
dtb-altera: before 5.14.21-150500.55.121.1
kernel-64kb-debugsource: before 5.14.21-150500.55.121.2
dtb-broadcom: before 5.14.21-150500.55.121.1
dtb-xilinx: before 5.14.21-150500.55.121.1
dtb-marvell: before 5.14.21-150500.55.121.1
reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-amazon: before 5.14.21-150500.55.121.1
dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-rockchip: before 5.14.21-150500.55.121.1
dtb-allwinner: before 5.14.21-150500.55.121.1
kselftests-kmp-64kb: before 5.14.21-150500.55.121.2
kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.121.2
dtb-renesas: before 5.14.21-150500.55.121.1
dtb-cavium: before 5.14.21-150500.55.121.1
dtb-freescale: before 5.14.21-150500.55.121.1
cluster-md-kmp-64kb: before 5.14.21-150500.55.121.2
ocfs2-kmp-64kb: before 5.14.21-150500.55.121.2
kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.121.2
dtb-amd: before 5.14.21-150500.55.121.1
dtb-arm: before 5.14.21-150500.55.121.1
gfs2-kmp-64kb: before 5.14.21-150500.55.121.2
dtb-lg: before 5.14.21-150500.55.121.1
kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.121.2
gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.121.2
dtb-sprd: before 5.14.21-150500.55.121.1
dtb-socionext: before 5.14.21-150500.55.121.1
dtb-aarch64: before 5.14.21-150500.55.121.1
kernel-zfcpdump-debugsource: before 5.14.21-150500.55.121.2
kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.121.2
kernel-zfcpdump: before 5.14.21-150500.55.121.2
kernel-kvmsmall: before 5.14.21-150500.55.121.2
kernel-default-vdso: before 5.14.21-150500.55.121.2
kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.121.2
kernel-kvmsmall-vdso: before 5.14.21-150500.55.121.2
kernel-default-vdso-debuginfo: before 5.14.21-150500.55.121.2
kernel-livepatch-SLE15-SP5_Update_30-debugsource: before 1-150500.11.5.1
kernel-default-livepatch-devel: before 5.14.21-150500.55.121.2
kernel-livepatch-5_14_21-150500_55_121-default: before 1-150500.11.5.1
kernel-livepatch-5_14_21-150500_55_121-default-debuginfo: before 1-150500.11.5.1
kernel-default: before 5.14.21-150500.55.121.2
gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.121.2
gfs2-kmp-default: before 5.14.21-150500.55.121.2
cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-extra-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-debuginfo: before 5.14.21-150500.55.121.2
dlm-kmp-default-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-devel-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-debugsource: before 5.14.21-150500.55.121.2
ocfs2-kmp-default: before 5.14.21-150500.55.121.2
ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-optional: before 5.14.21-150500.55.121.2
kernel-obs-build: before 5.14.21-150500.55.121.1
kernel-syms: before 5.14.21-150500.55.121.1
kselftests-kmp-default: before 5.14.21-150500.55.121.2
reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.121.2
kernel-obs-build-debugsource: before 5.14.21-150500.55.121.1
reiserfs-kmp-default: before 5.14.21-150500.55.121.2
kernel-obs-qa: before 5.14.21-150500.55.121.1
cluster-md-kmp-default: before 5.14.21-150500.55.121.2
kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-optional-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-livepatch: before 5.14.21-150500.55.121.2
kernel-default-extra: before 5.14.21-150500.55.121.2
dlm-kmp-default: before 5.14.21-150500.55.121.2
kernel-default-devel: before 5.14.21-150500.55.121.2
kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-base: before 5.14.21-150500.55.121.2.150500.6.57.2
kernel-kvmsmall-debugsource: before 5.14.21-150500.55.121.2
kernel-kvmsmall-devel: before 5.14.21-150500.55.121.2
kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.121.2
kernel-default-base-rebuild: before 5.14.21-150500.55.121.2.150500.6.57.2
kernel-docs-html: before 5.14.21-150500.55.121.1
kernel-source: before 5.14.21-150500.55.121.2
kernel-devel: before 5.14.21-150500.55.121.2
kernel-source-vanilla: before 5.14.21-150500.55.121.2
kernel-macros: before 5.14.21-150500.55.121.2
kernel-docs: before 5.14.21-150500.55.121.1