Main Vulnerability Database SB2025101726

SB2025101726 - SUSE update for the Linux Kernel

Published: October 17, 2025

Security Bulletin ID SB2025101726

Severity

Medium

Patch available

YES

Number of vulnerabilities 84

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 84 secuirty vulnerabilities.

1) Incorrect calculation (CVE-ID: CVE-2021-4460)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the set_sched_resources() and initialize_cpsch() functions in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2022-2602)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error caused by an io_uring request, which is being processed on a registered file. The Unix GC runs and frees the io_uring file descriptor and all the registered file descriptors in a specific order that may allow a local user to win a race and execute arbitrary code with elevated privileges.

3) Use-after-free (CVE-ID: CVE-2022-2978)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel NILFS file system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

4) Out-of-bounds write (CVE-ID: CVE-2022-36280)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

5) Buffer overflow (CVE-ID: CVE-2022-43945)

The vulnerability allows a remote attacker to perform a denial of service attacl.

The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2022-49980)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb_udc_uevent() function in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.

7) Input validation error (CVE-ID: CVE-2022-50233)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the append_eir_data_to_buf() function in net/bluetooth/mgmt.c, within the eir_append_name(), eir_append_local_name() and eir_create() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2022-50234)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wait_for_unix_gc() and unix_gc() functions in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

9) Buffer overflow (CVE-ID: CVE-2022-50235)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfsd_init_dirlist_pages() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2022-50248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iwl_mvm_tx_skb_sta() function in drivers/net/wireless/intel/iwlwifi/mvm/tx.c. A local user can escalate privileges on the system.

11) Memory leak (CVE-ID: CVE-2022-50249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the of_get_ddr_timings() function in drivers/memory/of_memory.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2022-50252)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igb_alloc_q_vector() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.

13) Memory leak (CVE-ID: CVE-2022-50257)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gntdev_map_grant_pages() and __unmap_grant_pages_done() functions in drivers/xen/gntdev.c. A local user can perform a denial of service (DoS) attack.

14) Out-of-bounds read (CVE-ID: CVE-2022-50258)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the brcmf_c_preinit_dcmds() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c. A local user can perform a denial of service (DoS) attack.

15) NULL pointer dereference (CVE-ID: CVE-2022-50260)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_drv_shutdown() function in drivers/gpu/drm/msm/msm_drv.c. A local user can perform a denial of service (DoS) attack.

16) Buffer overflow (CVE-ID: CVE-2022-50271)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the EXPORT_SYMBOL_GPL() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2022-50272)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the az6027_i2c_xfer() function in drivers/media/usb/dvb-usb/az6027.c. A local user can perform a denial of service (DoS) attack.

18) Resource management error (CVE-ID: CVE-2022-50299)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dump_zones() function in drivers/md/raid0.c. A local user can perform a denial of service (DoS) attack.

19) Memory leak (CVE-ID: CVE-2022-50309)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xvip_graph_dma_init() function in drivers/media/platform/xilinx/xilinx-vipp.c. A local user can perform a denial of service (DoS) attack.

20) Memory leak (CVE-ID: CVE-2022-50312)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the jsm_probe_one() function in drivers/tty/serial/jsm/jsm_driver.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2022-50317)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ge_b850v3_lvds_remove() function in drivers/gpu/drm/bridge/megachips-stdpxxxx-ge-b850v3-fw.c. A local user can perform a denial of service (DoS) attack.

22) Integer overflow (CVE-ID: CVE-2022-50330)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the cpt_ucode_load_fw() function in drivers/crypto/cavium/cpt/cptpf_main.c. A local user can execute arbitrary code.

23) NULL pointer dereference (CVE-ID: CVE-2022-50344)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ext4_write_info() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

24) Memory leak (CVE-ID: CVE-2022-50355)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the device_init_rd0_ring(), device_init_rd1_ring() and device_init_td1_ring() functions in drivers/staging/vt6655/device_main.c. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2022-50359)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the queue_setup() and buffer_prepare() functions in drivers/media/pci/cx88/cx88-video.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2022-50367)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_init_always() function in fs/inode.c. A local user can escalate privileges on the system.

27) Use-after-free (CVE-ID: CVE-2022-50368)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the msm_dsi_modeset_init() function in drivers/gpu/drm/msm/dsi/dsi.c. A local user can escalate privileges on the system.

28) Incorrect calculation (CVE-ID: CVE-2022-50375)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the lpuart_dma_shutdown() function in drivers/tty/serial/fsl_lpuart.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2022-50381)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the md_end_flush() and super_written() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

30) Input validation error (CVE-ID: CVE-2022-50385)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfs_d_automount() function in fs/nfs/namespace.c. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2022-50386)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_create_rsp() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

32) Use-after-free (CVE-ID: CVE-2022-50401)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the setup_callback_client() function in fs/nfsd/nfs4callback.c. A local user can escalate privileges on the system.

33) Use-after-free (CVE-ID: CVE-2022-50408)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_netdev_start_xmit() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can escalate privileges on the system.

34) NULL pointer dereference (CVE-ID: CVE-2022-50409)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_stream_wait_memory() function in net/core/stream.c. A local user can perform a denial of service (DoS) attack.

35) Buffer overflow (CVE-ID: CVE-2022-50410)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfsd_proc_read() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.

36) Resource management error (CVE-ID: CVE-2022-50412)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the adv7511_remove() function in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can perform a denial of service (DoS) attack.

37) Resource management error (CVE-ID: CVE-2022-50414)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fcoe_init() function in drivers/scsi/fcoe/fcoe.c. A local user can perform a denial of service (DoS) attack.

38) Improper error handling (CVE-ID: CVE-2022-50419)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the hci_conn_add_sysfs() function in net/bluetooth/hci_sysfs.c. A local user can perform a denial of service (DoS) attack.

39) Use-after-free (CVE-ID: CVE-2022-50422)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smp_execute_task_sg() function in drivers/scsi/libsas/sas_expander.c. A local user can escalate privileges on the system.

40) Memory leak (CVE-ID: CVE-2022-50427)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the snd_ac97_dev_register() function in sound/pci/ac97/ac97_codec.c. A local user can perform a denial of service (DoS) attack.

41) Incorrect calculation (CVE-ID: CVE-2022-50431)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the i2sbus_add_dev() function in sound/aoa/soundbus/i2sbus/core.c. A local user can perform a denial of service (DoS) attack.

42) Race condition (CVE-ID: CVE-2022-50435)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the ext4_seek_data() function in fs/ext4/file.c. A local user can perform a denial of service (DoS) attack.

43) Incorrect calculation (CVE-ID: CVE-2022-50437)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the msm_hdmi_modeset_init() function in drivers/gpu/drm/msm/hdmi/hdmi.c. A local user can perform a denial of service (DoS) attack.

44) Input validation error (CVE-ID: CVE-2022-50440)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vmw_kms_cursor_snoop() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.

45) Incorrect calculation (CVE-ID: CVE-2022-50444)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the tegra20_clock_init() function in drivers/clk/tegra/clk-tegra20.c. A local user can perform a denial of service (DoS) attack.

46) Use-after-free (CVE-ID: CVE-2022-50454)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can escalate privileges on the system.

47) Incorrect calculation (CVE-ID: CVE-2022-50458)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the tegra210_clock_init() function in drivers/clk/tegra/clk-tegra210.c. A local user can perform a denial of service (DoS) attack.

48) Incorrect calculation (CVE-ID: CVE-2022-50459)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the drivers/scsi/iscsi_tcp.h. A local user can perform a denial of service (DoS) attack.

49) NULL pointer dereference (CVE-ID: CVE-2022-50467)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_cmpl_ct_cmd_gft_id() function in drivers/scsi/lpfc/lpfc_ct.c. A local user can perform a denial of service (DoS) attack.

50) Out-of-bounds read (CVE-ID: CVE-2023-1380)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.

51) NULL pointer dereference (CVE-ID: CVE-2023-28328)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

52) Use-after-free (CVE-ID: CVE-2023-31248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.

53) NULL pointer dereference (CVE-ID: CVE-2023-3772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.

54) Out-of-bounds read (CVE-ID: CVE-2023-39197)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Netfilter Connection Tracking (conntrack) in the Linux kernel in the nf_conntrack_dccp_packet() function in net/netfilter/nf_conntrack_proto_dccp.c. A remote attacker can send specially crafted DCCP packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.

55) Out-of-bounds write (CVE-ID: CVE-2023-42753)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

56) NULL pointer dereference (CVE-ID: CVE-2023-53147)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xfrm_update_ae_params() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

57) Use-after-free (CVE-ID: CVE-2023-53178)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_writeback_entry() function in mm/zswap.c. A local user can escalate privileges on the system.

58) Out-of-bounds read (CVE-ID: CVE-2023-53179)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the MODULE_ALIAS() function in net/netfilter/ipset/ip_set_hash_netportnet.c. A local user can perform a denial of service (DoS) attack.

59) Out-of-bounds read (CVE-ID: CVE-2023-53213)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the brcmf_get_assoc_ies() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.

60) NULL pointer dereference (CVE-ID: CVE-2023-53220)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the az6007_i2c_xfer() function in drivers/media/usb/dvb-usb-v2/az6007.c. A local user can perform a denial of service (DoS) attack.

61) Out-of-bounds write (CVE-ID: CVE-2023-53265)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the io_init() function in drivers/mtd/ubi/build.c. A local user can execute arbitrary code.

62) Resource management error (CVE-ID: CVE-2023-53273)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmbus_disconnect() function in drivers/hv/connection.c. A local user can perform a denial of service (DoS) attack.

63) Memory leak (CVE-ID: CVE-2023-53304)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_rbtree_get() and __nft_rbtree_insert() functions in net/netfilter/nft_set_rbtree.c. A local user can perform a denial of service (DoS) attack.

64) Input validation error (CVE-ID: CVE-2023-53321)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hwsim_cloned_frame_received_nl() function in drivers/net/wireless/mac80211_hwsim.c. A local user can perform a denial of service (DoS) attack.

65) Out-of-bounds read (CVE-ID: CVE-2023-53333)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dccp_error() function in net/netfilter/nf_conntrack_proto_dccp.c. A local user can perform a denial of service (DoS) attack.

66) Improper error handling (CVE-ID: CVE-2023-53438)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/x86/kernel/cpu/mce/internal.h. A local user can perform a denial of service (DoS) attack.

67) Input validation error (CVE-ID: CVE-2023-53464)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iscsi_sw_tcp_conn_set_param() function in drivers/scsi/iscsi_tcp.c. A local user can perform a denial of service (DoS) attack.

68) Input validation error (CVE-ID: CVE-2023-53492)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_updchain(), nft_chain_lookup_byid(), nf_tables_newrule() and nft_verdict_init() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

69) Race condition (CVE-ID: CVE-2024-26583)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.

70) Error handling (CVE-ID: CVE-2024-26584)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

71) Improper locking (CVE-ID: CVE-2024-53093)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_add_ns_head_cdev(), nvme_mpath_alloc_disk(), nvme_mpath_set_live(), nvme_mpath_shutdown_disk() and nvme_mpath_remove_disk() functions in drivers/nvme/host/multipath.c. A local user can perform a denial of service (DoS) attack.

72) Use-after-free (CVE-ID: CVE-2024-58240)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_do_decryption() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.

73) Use-after-free (CVE-ID: CVE-2025-21969)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_get_ident(), l2cap_send_cmd(), l2cap_conn_del(), l2cap_conn_free(), l2cap_recv_reset() and l2cap_recv_acldata() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.

74) Memory leak (CVE-ID: CVE-2025-38011)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amdgpu_unmap_static_csa() function in drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c. A local user can perform a denial of service (DoS) attack.

75) NULL pointer dereference (CVE-ID: CVE-2025-38184)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.

76) Input validation error (CVE-ID: CVE-2025-38216)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the intel_nested_attach_dev() function in drivers/iommu/intel/nested.c, within the dmar_domain_attach_device(), device_block_translation() and identity_domain_attach_dev() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

77) Use-after-free (CVE-ID: CVE-2025-38488)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.

78) Improper locking (CVE-ID: CVE-2025-38553)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.

79) Integer overflow (CVE-ID: CVE-2025-38572)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.

80) NULL pointer dereference (CVE-ID: CVE-2025-38664)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.

81) Out-of-bounds read (CVE-ID: CVE-2025-38685)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the con2fb_init_display() and fbcon_set_disp() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

82) Out-of-bounds read (CVE-ID: CVE-2025-38713)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hfsplus_uni2asc() function in fs/hfsplus/unicode.c. A local user can perform a denial of service (DoS) attack.

83) Buffer overflow (CVE-ID: CVE-2025-39751)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the add_tuning_control() function in sound/pci/hda/patch_ca0132.c. A local user can escalate privileges on the system.

84) Input validation error (CVE-ID: CVE-2025-39823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the kvm_sched_yield() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202503626-1/

Vulnerable Software

SUSE Enterprise Server 15 SP3 Business Critical: Linux
SUSE Linux Enterprise Server 15 SP3: LTSS
SUSE Linux Enterprise Live Patching: 15-SP3
SUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise High Availability Extension 15: SP3
SUSE Linux Enterprise Server for SAP Applications 15: SP3
SUSE Linux Enterprise Server 15: SP3
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP3
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
openSUSE Leap: 15.3
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
kernel-64kb: before 5.3.18-150300.59.221.1
dtb-broadcom: before 5.3.18-150300.59.221.1
kselftests-kmp-64kb: before 5.3.18-150300.59.221.1
dtb-freescale: before 5.3.18-150300.59.221.1
dtb-allwinner: before 5.3.18-150300.59.221.1
ocfs2-kmp-64kb: before 5.3.18-150300.59.221.1
dtb-amlogic: before 5.3.18-150300.59.221.1
gfs2-kmp-64kb: before 5.3.18-150300.59.221.1
dtb-mediatek: before 5.3.18-150300.59.221.1
dtb-xilinx: before 5.3.18-150300.59.221.1
dtb-arm: before 5.3.18-150300.59.221.1
dtb-al: before 5.3.18-150300.59.221.1
dlm-kmp-64kb: before 5.3.18-150300.59.221.1
kernel-64kb-devel: before 5.3.18-150300.59.221.1
cluster-md-kmp-64kb-debuginfo: before 5.3.18-150300.59.221.1
kselftests-kmp-64kb-debuginfo: before 5.3.18-150300.59.221.1
kernel-64kb-debuginfo: before 5.3.18-150300.59.221.1
dlm-kmp-64kb-debuginfo: before 5.3.18-150300.59.221.1
dtb-exynos: before 5.3.18-150300.59.221.1
dtb-socionext: before 5.3.18-150300.59.221.1
dtb-nvidia: before 5.3.18-150300.59.221.1
cluster-md-kmp-64kb: before 5.3.18-150300.59.221.1
dtb-apm: before 5.3.18-150300.59.221.1
dtb-zte: before 5.3.18-150300.59.221.1
dtb-qcom: before 5.3.18-150300.59.221.1
dtb-sprd: before 5.3.18-150300.59.221.1
dtb-lg: before 5.3.18-150300.59.221.1
dtb-cavium: before 5.3.18-150300.59.221.1
dtb-amd: before 5.3.18-150300.59.221.1
kernel-64kb-extra: before 5.3.18-150300.59.221.1
reiserfs-kmp-64kb: before 5.3.18-150300.59.221.1
ocfs2-kmp-64kb-debuginfo: before 5.3.18-150300.59.221.1
kernel-64kb-devel-debuginfo: before 5.3.18-150300.59.221.1
dtb-hisilicon: before 5.3.18-150300.59.221.1
kernel-64kb-extra-debuginfo: before 5.3.18-150300.59.221.1
kernel-64kb-optional-debuginfo: before 5.3.18-150300.59.221.1
reiserfs-kmp-64kb-debuginfo: before 5.3.18-150300.59.221.1
dtb-renesas: before 5.3.18-150300.59.221.1
kernel-64kb-debugsource: before 5.3.18-150300.59.221.1
kernel-64kb-optional: before 5.3.18-150300.59.221.1
dtb-rockchip: before 5.3.18-150300.59.221.1
dtb-marvell: before 5.3.18-150300.59.221.1
gfs2-kmp-64kb-debuginfo: before 5.3.18-150300.59.221.1
dtb-altera: before 5.3.18-150300.59.221.1
dtb-aarch64: before 5.3.18-150300.59.221.1
kernel-zfcpdump-debuginfo: before 5.3.18-150300.59.221.1
kernel-zfcpdump-debugsource: before 5.3.18-150300.59.221.1
kernel-zfcpdump: before 5.3.18-150300.59.221.1
kernel-preempt: before 5.3.18-150300.59.221.1
kernel-preempt-devel-debuginfo: before 5.3.18-150300.59.221.1
kernel-preempt-extra-debuginfo: before 5.3.18-150300.59.221.1
kernel-preempt-extra: before 5.3.18-150300.59.221.1
reiserfs-kmp-preempt-debuginfo: before 5.3.18-150300.59.221.1
kernel-preempt-optional-debuginfo: before 5.3.18-150300.59.221.1
dlm-kmp-preempt-debuginfo: before 5.3.18-150300.59.221.1
kernel-preempt-devel: before 5.3.18-150300.59.221.1
cluster-md-kmp-preempt: before 5.3.18-150300.59.221.1
cluster-md-kmp-preempt-debuginfo: before 5.3.18-150300.59.221.1
ocfs2-kmp-preempt: before 5.3.18-150300.59.221.1
dlm-kmp-preempt: before 5.3.18-150300.59.221.1
kselftests-kmp-preempt: before 5.3.18-150300.59.221.1
gfs2-kmp-preempt: before 5.3.18-150300.59.221.1
kernel-preempt-debugsource: before 5.3.18-150300.59.221.1
ocfs2-kmp-preempt-debuginfo: before 5.3.18-150300.59.221.1
reiserfs-kmp-preempt: before 5.3.18-150300.59.221.1
kernel-preempt-optional: before 5.3.18-150300.59.221.1
kernel-preempt-debuginfo: before 5.3.18-150300.59.221.1
kselftests-kmp-preempt-debuginfo: before 5.3.18-150300.59.221.1
gfs2-kmp-preempt-debuginfo: before 5.3.18-150300.59.221.1
kernel-livepatch-5_3_18-150300_59_221-preempt: before 1-150300.7.3.1
kernel-livepatch-5_3_18-150300_59_221-preempt-debuginfo: before 1-150300.7.3.1
kernel-kvmsmall-debuginfo: before 5.3.18-150300.59.221.1
kernel-kvmsmall-debugsource: before 5.3.18-150300.59.221.1
kernel-kvmsmall-devel-debuginfo: before 5.3.18-150300.59.221.1
kernel-kvmsmall-devel: before 5.3.18-150300.59.221.1
kernel-kvmsmall: before 5.3.18-150300.59.221.1
kernel-livepatch-5_3_18-150300_59_221-default: before 1-150300.7.3.1
kernel-livepatch-SLE15-SP3_Update_62-debugsource: before 1-150300.7.3.1
kernel-default-livepatch-devel: before 5.3.18-150300.59.221.1
kernel-livepatch-5_3_18-150300_59_221-default-debuginfo: before 1-150300.7.3.1
kernel-default: before 5.3.18-150300.59.221.1
kernel-default-livepatch: before 5.3.18-150300.59.221.1
ocfs2-kmp-default: before 5.3.18-150300.59.221.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150300.59.221.1
kernel-syms: before 5.3.18-150300.59.221.1
kernel-obs-build: before 5.3.18-150300.59.221.1
kernel-default-optional-debuginfo: before 5.3.18-150300.59.221.1
kernel-default-extra: before 5.3.18-150300.59.221.1
kernel-default-devel: before 5.3.18-150300.59.221.1
kernel-obs-qa: before 5.3.18-150300.59.221.1
kernel-default-base-rebuild: before 5.3.18-150300.59.221.1.150300.18.132.1
gfs2-kmp-default: before 5.3.18-150300.59.221.1
kernel-default-optional: before 5.3.18-150300.59.221.1
reiserfs-kmp-default: before 5.3.18-150300.59.221.1
kselftests-kmp-default-debuginfo: before 5.3.18-150300.59.221.1
dlm-kmp-default-debuginfo: before 5.3.18-150300.59.221.1
gfs2-kmp-default-debuginfo: before 5.3.18-150300.59.221.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150300.59.221.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150300.59.221.1
kernel-default-debuginfo: before 5.3.18-150300.59.221.1
kernel-default-devel-debuginfo: before 5.3.18-150300.59.221.1
kernel-default-extra-debuginfo: before 5.3.18-150300.59.221.1
cluster-md-kmp-default: before 5.3.18-150300.59.221.1
kernel-obs-build-debugsource: before 5.3.18-150300.59.221.1
kselftests-kmp-default: before 5.3.18-150300.59.221.1
dlm-kmp-default: before 5.3.18-150300.59.221.1
kernel-default-debugsource: before 5.3.18-150300.59.221.1
kernel-default-base: before 5.3.18-150300.59.221.1.150300.18.132.1
kernel-source-vanilla: before 5.3.18-150300.59.221.1
kernel-devel: before 5.3.18-150300.59.221.1
kernel-macros: before 5.3.18-150300.59.221.1
kernel-source: before 5.3.18-150300.59.221.1
kernel-docs-html: before 5.3.18-150300.59.221.1
kernel-docs: before 5.3.18-150300.59.221.1