Main Vulnerability Database SB2025122415

SB2025122415 - SUSE update for the Linux Kernel

Published: December 24, 2025 Updated: January 4, 2026

Security Bulletin ID SB2025122415

Severity

Low

Patch available

YES

Number of vulnerabilities 65

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 65 secuirty vulnerabilities.

1) Reachable assertion (CVE-ID: CVE-2022-50253)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __bpf_redirect_no_mac() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

2) Buffer overflow (CVE-ID: CVE-2023-53676)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the lio_target_nacl_info_show() function in drivers/target/iscsi/iscsi_target_configfs.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2025-21710)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_select_window() function in net/ipv4/tcp_output.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2025-37916)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pdsc_auxbus_dev_del() function in drivers/net/ethernet/amd/pds_core/auxbus.c. A local user can escalate privileges on the system.

5) Memory leak (CVE-ID: CVE-2025-38359)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the do_secure_storage_access() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2025-38361)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dce110_blank_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2025-39788)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the exynos_ufs_post_link() function in drivers/scsi/ufs/ufs-exynos.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2025-39805)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the macb_remove() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.

9) Resource management error (CVE-ID: CVE-2025-39819)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the smb2_compound_op() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2025-39859)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ptp_ocp_detach() function in drivers/ptp/ptp_ocp.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2025-39944)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the otx2_ptp_destroy() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp.c. A local user can escalate privileges on the system.

12) NULL pointer dereference (CVE-ID: CVE-2025-39980)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the replace_nexthop_single() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2025-40001)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mvs_free() function in drivers/scsi/mvsas/mv_init.c. A local user can escalate privileges on the system.

14) Improper locking (CVE-ID: CVE-2025-40021)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dyn_event_open() function in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2025-40027)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the p9_fd_cancelled() function in net/9p/trans_fd.c. A local user can perform a denial of service (DoS) attack.

16) NULL pointer dereference (CVE-ID: CVE-2025-40030)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pinmux_func_name_to_selector() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.

17) Improper locking (CVE-ID: CVE-2025-40038)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the svm_vcpu_pre_run() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.

18) Improper error handling (CVE-ID: CVE-2025-40040)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the rust/bindings/bindings_helper.h. A local user can perform a denial of service (DoS) attack.

19) Memory leak (CVE-ID: CVE-2025-40048)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hv_uio_channel_cb(), hv_uio_new_channel() and hv_uio_open() functions in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.

20) Double free (CVE-ID: CVE-2025-40055)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2025-40059)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arm_trbe_register_coresight_cpu() function in drivers/hwtracing/coresight/coresight-trbe.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2025-40064)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_pnet_find_ism_by_pnetid() function in net/smc/smc_pnet.c. A local user can escalate privileges on the system.

23) Use-after-free (CVE-ID: CVE-2025-40070)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pps_register_cdev() function in drivers/pps/pps.c. A local user can escalate privileges on the system.

24) Use-after-free (CVE-ID: CVE-2025-40074)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv4_neigh_lookup() function in net/ipv4/route.c. A local user can escalate privileges on the system.

25) Improper locking (CVE-ID: CVE-2025-40075)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcpm_new(), __tcp_get_metrics_req() and tcp_get_metrics() functions in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

26) NULL pointer dereference (CVE-ID: CVE-2025-40083)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the agg_dequeue() function in net/sched/sch_qfq.c. A local user can perform a denial of service (DoS) attack.

27) NULL pointer dereference (CVE-ID: CVE-2025-40098)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cs35l41_get_acpi_mute_state() function in sound/hda/codecs/side-codecs/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.

28) Memory leak (CVE-ID: CVE-2025-40105)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.

29) Memory leak (CVE-ID: CVE-2025-40107)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hi3110_stop(), hi3110_open(), hi3110_can_probe() and hi3110_can_remove() functions in drivers/net/can/spi/hi311x.c. A local user can perform a denial of service (DoS) attack.

30) Input validation error (CVE-ID: CVE-2025-40109)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the crypto_del_default_rng() and crypto_register_rng() functions in crypto/rng.c. A local user can perform a denial of service (DoS) attack.

31) Input validation error (CVE-ID: CVE-2025-40110)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vmw_cmd_dma() function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.

32) Use-after-free (CVE-ID: CVE-2025-40111)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmw_validation_add_resource() function in drivers/gpu/drm/vmwgfx/vmwgfx_validation.c. A local user can escalate privileges on the system.

33) Double free (CVE-ID: CVE-2025-40115)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mpt3sas_transport_port_remove() function in drivers/scsi/mpt3sas/mpt3sas_transport.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2025-40116)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the max3421_probe() function in drivers/usb/host/max3421-hcd.c. A local user can perform a denial of service (DoS) attack.

35) Out-of-bounds read (CVE-ID: CVE-2025-40118)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pm8001_dev_gone_notify() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.

36) Improper locking (CVE-ID: CVE-2025-40120)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ax88772_suspend(), ax88772_bind() and ax88772_unbind() functions in drivers/net/usb/asix_devices.c. A local user can perform a denial of service (DoS) attack.

37) Out-of-bounds read (CVE-ID: CVE-2025-40121)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.

38) Use of uninitialized resource (CVE-ID: CVE-2025-40127)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ks_sa_rng_probe() function in drivers/char/hw_random/ks-sa-rng.c. A local user can perform a denial of service (DoS) attack.

39) NULL pointer dereference (CVE-ID: CVE-2025-40129)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the svcauth_gss_verify_header() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.

40) Use-after-free (CVE-ID: CVE-2025-40139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_clc_msg_hdr_valid(), smc_clc_prfx_set4_rcu() and smc_clc_prfx_set() functions in net/smc/smc_clc.c. A local user can escalate privileges on the system.

41) Improper locking (CVE-ID: CVE-2025-40140)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtl8150_set_multicast() function in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.

42) Use-after-free (CVE-ID: CVE-2025-40141)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iso_sock_kill() function in net/bluetooth/iso.c. A local user can escalate privileges on the system.

43) Use-after-free (CVE-ID: CVE-2025-40149)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.

44) Out-of-bounds read (CVE-ID: CVE-2025-40154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.

45) NULL pointer dereference (CVE-ID: CVE-2025-40156)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_ccifreq_probe() function in drivers/devfreq/mtk-cci-devfreq.c. A local user can perform a denial of service (DoS) attack.

46) Out-of-bounds read (CVE-ID: CVE-2025-40157)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the i10nm_check_ecc() and i10nm_get_dimm_config() functions in drivers/edac/i10nm_base.c. A local user can perform a denial of service (DoS) attack.

47) Input validation error (CVE-ID: CVE-2025-40159)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/xdp/xsk_queue.h. A local user can perform a denial of service (DoS) attack.

48) Resource management error (CVE-ID: CVE-2025-40164)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the usbnet_resume_rx() function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.

49) Use-after-free (CVE-ID: CVE-2025-40168)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_clc_prfx_match6_rcu() function in net/smc/smc_clc.c. A local user can escalate privileges on the system.

50) Input validation error (CVE-ID: CVE-2025-40169)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the check_alu_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

51) Memory leak (CVE-ID: CVE-2025-40171)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.

52) Buffer overflow (CVE-ID: CVE-2025-40172)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the find_and_map_user_pages() function in drivers/accel/qaic/qaic_control.c. A local user can perform a denial of service (DoS) attack.

53) Input validation error (CVE-ID: CVE-2025-40173)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ip6_tnl_xmit() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.

54) Use-after-free (CVE-ID: CVE-2025-40176)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_decrypt_sg() function in net/tls/tls_sw.c. A local user can escalate privileges on the system.

55) Out-of-bounds read (CVE-ID: CVE-2025-40180)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the zynqmp_ipi_free_mboxes() function in drivers/mailbox/zynqmp-ipi-mailbox.c. A local user can perform a denial of service (DoS) attack.

56) Memory leak (CVE-ID: CVE-2025-40183)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

57) Use-after-free (CVE-ID: CVE-2025-40186)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can escalate privileges on the system.

58) Input validation error (CVE-ID: CVE-2025-40188)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the berlin_pwm_suspend() and berlin_pwm_resume() functions in drivers/pwm/pwm-berlin.c. A local user can perform a denial of service (DoS) attack.

59) Resource management error (CVE-ID: CVE-2025-40194)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.

60) Out-of-bounds read (CVE-ID: CVE-2025-40198)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the parse_apply_sb_mount_options() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

61) Resource management error (CVE-ID: CVE-2025-40200)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

62) Resource management error (CVE-ID: CVE-2025-40204)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

63) Out-of-bounds read (CVE-ID: CVE-2025-40205)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the btrfs_encode_fh() function in fs/btrfs/export.c. A local user can perform a denial of service (DoS) attack.

64) Input validation error (CVE-ID: CVE-2025-40206)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_objref_eval() and nft_objref_map_destroy() functions in net/netfilter/nft_objref.c. A local user can perform a denial of service (DoS) attack.

65) Input validation error (CVE-ID: CVE-2025-40207)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/media/v4l2-subdev.h. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-20254521-1/

Vulnerable Software

SUSE Real Time Module: 15-SP6
SUSE Linux Enterprise Live Patching: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kernel-livepatch-6_4_0-150600_10_61-rt-debuginfo: before 1-150600.1.3.1
kernel-livepatch-6_4_0-150600_10_61-rt: before 1-150600.1.3.1
kernel-livepatch-SLE15-SP6-RT_Update_18-debugsource: before 1-150600.1.3.1
kernel-rt: before 6.4.0-150600.10.61.1
kernel-rt_debug: before 6.4.0-150600.10.61.1
kernel-source-rt: before 6.4.0-150600.10.61.1
kernel-devel-rt: before 6.4.0-150600.10.61.1
kernel-rt_debug-devel: before 6.4.0-150600.10.61.1
ocfs2-kmp-rt: before 6.4.0-150600.10.61.1
dlm-kmp-rt-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt-vdso-debuginfo: before 6.4.0-150600.10.61.1
ocfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.61.1
kernel-syms-rt: before 6.4.0-150600.10.61.1
gfs2-kmp-rt: before 6.4.0-150600.10.61.1
kernel-rt-extra: before 6.4.0-150600.10.61.1
kernel-rt-optional-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt-devel: before 6.4.0-150600.10.61.1
kernel-rt-debugsource: before 6.4.0-150600.10.61.1
dlm-kmp-rt: before 6.4.0-150600.10.61.1
kernel-rt_debug-vdso-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt_debug-vdso: before 6.4.0-150600.10.61.1
kernel-rt-livepatch-devel: before 6.4.0-150600.10.61.1
cluster-md-kmp-rt-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt_debug-devel-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt-extra-debuginfo: before 6.4.0-150600.10.61.1
kselftests-kmp-rt: before 6.4.0-150600.10.61.1
kernel-rt_debug-debuginfo: before 6.4.0-150600.10.61.1
kselftests-kmp-rt-debuginfo: before 6.4.0-150600.10.61.1
cluster-md-kmp-rt: before 6.4.0-150600.10.61.1
kernel-rt-devel-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt-vdso: before 6.4.0-150600.10.61.1
kernel-rt-optional: before 6.4.0-150600.10.61.1
kernel-rt-debuginfo: before 6.4.0-150600.10.61.1
gfs2-kmp-rt-debuginfo: before 6.4.0-150600.10.61.1
kernel-rt_debug-debugsource: before 6.4.0-150600.10.61.1
reiserfs-kmp-rt: before 6.4.0-150600.10.61.1
reiserfs-kmp-rt-debuginfo: before 6.4.0-150600.10.61.1