SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 103 |
| CVE-ID | CVE-2023-3867 CVE-2023-4130 CVE-2023-4515 CVE-2024-26661 CVE-2024-46733 CVE-2024-49996 CVE-2024-58238 CVE-2024-58239 CVE-2025-37885 CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38125 CVE-2025-38146 CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201 CVE-2025-38205 CVE-2025-38208 CVE-2025-38245 CVE-2025-38251 CVE-2025-38360 CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445 CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38472 CVE-2025-38490 CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506 CVE-2025-38510 CVE-2025-38511 CVE-2025-38512 CVE-2025-38513 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38521 CVE-2025-38524 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571 CVE-2025-38572 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583 CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38591 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621 CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38644 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38663 CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 |
| CWE-ID | CWE-125 CWE-20 CWE-399 CWE-401 CWE-119 CWE-835 CWE-416 CWE-476 CWE-388 CWE-369 CWE-682 CWE-908 CWE-667 CWE-415 CWE-617 CWE-190 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
SUSE Real Time Module Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system kernel-rt Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-6_4_0-150700_7_16-rt Operating systems & Components / Operating system package or component kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 103 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU82661
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3867
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the KSMBD implementation in the Linux kernel. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU114165
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-4130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Input validation error
EUVDB-ID: #VU114187
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-4515
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ksmbd_smb2_check_message() function in fs/ksmbd/smb2misc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU93260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26661
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU97490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46733
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_qgroup_free_data() and extent_clear_unlock_delalloc() functions in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU99101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-49996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU113805
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58238
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ps_start_timer(), ps_control(), ps_setup(), nxp_dequeue() and btnxpuart_tx_work() functions in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Infinite loop
EUVDB-ID: #VU114545
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58239
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU108860
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU111699
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38006
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU111547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38075
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU112193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38103
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU112268
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38125
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU112197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38146
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper error handling
EUVDB-ID: #VU112246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38160
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU112311
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38184
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU112277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38185
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU112279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38190
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU112331
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38201
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Division by zero
EUVDB-ID: #VU112323
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38205
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the populate_dummy_dml_surface_cfg() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU112304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38208
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Incorrect calculation
EUVDB-ID: #VU112839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38245
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU112841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38251
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU113325
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38360
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn35_calc_blocks_to_gate() and dcn35_calc_blocks_to_ungate() functions in drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Resource management error
EUVDB-ID: #VU113314
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38439
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU113266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38440
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_dim_rx_change() and mlx5e_dim_tx_change() functions in drivers/net/ethernet/mellanox/mlx5/core/en_dim.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use of uninitialized resource
EUVDB-ID: #VU113301
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38441
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU113229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38444
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU113242
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU113261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU113278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38459
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU113243
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38464
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU113372
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38472
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Double free
EUVDB-ID: #VU113399
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38490
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU113398
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38491
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU113807
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38499
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU113902
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38500
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrmi_changelink() function in net/xfrm/xfrm_interface_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Reachable assertion
EUVDB-ID: #VU114169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38503
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU114159
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38506
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_vm_set_mem_attributes() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU114162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38510
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Reachable assertion
EUVDB-ID: #VU114170
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38511
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the lmtt_pt_alloc(), lmtt_pt_free() and lmtt_write_pte() functions in drivers/gpu/drm/xe/xe_lmtt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU114190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38512
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU114145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38513
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU114163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38515
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU114167
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38516
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU114132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38520
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU114179
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38521
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pvr_power_reset() function in drivers/gpu/drm/imagination/pvr_power.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU114150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38524
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU114181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38528
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU114136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38529
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU114137
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38530
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use of uninitialized resource
EUVDB-ID: #VU114174
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38531
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Resource management error
EUVDB-ID: #VU114182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38535
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU114154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38537
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Buffer overflow
EUVDB-ID: #VU114175
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38538
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU114188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU114144
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38541
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7925_thermal_init() function in drivers/net/wireless/mediatek/mt76/mt7925/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper error handling
EUVDB-ID: #VU114172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38543
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU114130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38546
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Input validation error
EUVDB-ID: #VU114166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38548
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Input validation error
EUVDB-ID: #VU114189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38550
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Improper locking
EUVDB-ID: #VU114278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU114242
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU114279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38560
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Memory leak
EUVDB-ID: #VU114234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38563
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU114236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38565
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Resource management error
EUVDB-ID: #VU114292
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38566
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Out-of-bounds read
EUVDB-ID: #VU114255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38568
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Incorrect calculation
EUVDB-ID: #VU114294
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38571
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Integer overflow
EUVDB-ID: #VU114283
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38572
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Infinite loop
EUVDB-ID: #VU114286
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38576
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU114270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38581
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Buffer overflow
EUVDB-ID: #VU114291
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38582
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hns_roce_setup_hca() and hns_roce_init() functions in drivers/infiniband/hw/hns/hns_roce_main.c, within the hns_roce_v2_init() and __hns_roce_hw_v2_init_instance() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU114269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38583
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Buffer overflow
EUVDB-ID: #VU114284
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38585
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gmin_get_config_var() function in drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Infinite loop
EUVDB-ID: #VU114287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38587
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Infinite loop
EUVDB-ID: #VU114288
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38588
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Resource management error
EUVDB-ID: #VU114293
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38591
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_skb_is_valid_access(), sock_addr_is_valid_access(), sock_ops_is_valid_access(), sk_msg_is_valid_access() and sk_lookup_is_valid_access() functions in net/core/filter.c, within the cg_sockopt_is_valid_access() function in kernel/bpf/cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper locking
EUVDB-ID: #VU114277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU114265
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38602
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU114263
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38604
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU114262
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the u32_encode_bits() function in drivers/net/wireless/ath/ath12k/dp_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Use of uninitialized resource
EUVDB-ID: #VU114282
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38608
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) NULL pointer dereference
EUVDB-ID: #VU114260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38609
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) NULL pointer dereference
EUVDB-ID: #VU114259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38610
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Memory leak
EUVDB-ID: #VU114240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38612
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU114533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38617
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU114500
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38618
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU114525
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38621
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rdev_is_spare() and rdev_addable() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Memory leak
EUVDB-ID: #VU114493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38624
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) NULL pointer dereference
EUVDB-ID: #VU114523
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38630
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU114522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38632
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU114521
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38634
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) NULL pointer dereference
EUVDB-ID: #VU114520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38635
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use of uninitialized resource
EUVDB-ID: #VU114540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38644
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) NULL pointer dereference
EUVDB-ID: #VU114517
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper locking
EUVDB-ID: #VU114528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38650
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU114497
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iwl_op_mode_dvm_start() function in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Input validation error
EUVDB-ID: #VU114534
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU114513
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38665
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) NULL pointer dereference
EUVDB-ID: #VU114512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38668
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper error handling
EUVDB-ID: #VU114535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38670
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Infinite loop
EUVDB-ID: #VU114543
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38671
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Real Time Module: 15-SP7
SUSE Linux Enterprise Live Patching: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
kernel-rt: before 6.4.0-150700.7.16.1
kernel-source-rt: before 6.4.0-150700.7.16.1
kernel-devel-rt: before 6.4.0-150700.7.16.1
kernel-rt-devel-debuginfo: before 6.4.0-150700.7.16.1
gfs2-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-syms-rt: before 6.4.0-150700.7.16.1
kernel-rt-debugsource: before 6.4.0-150700.7.16.1
kernel-rt-devel: before 6.4.0-150700.7.16.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt: before 6.4.0-150700.7.16.1
dlm-kmp-rt: before 6.4.0-150700.7.16.1
kernel-rt-debuginfo: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt: before 6.4.0-150700.7.16.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150700.7.16.1
kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt: before 1-150700.1.3.2
kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo: before 1-150700.1.3.2
CPE2.3- cpe:2.3:o:suse:suse_real_time_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_live_patching:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-devel-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-syms-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:gfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:dlm-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:ocfs2-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:cluster-md-kmp-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-sle15-sp7-rt_update_4-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202503382-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
