Kernel and Govulncheck-vulndb updates for SUSE

SUSE 5474 Published by

SUSE Linux has released several security updates. The updates include patches for various updates for the Linux kernel, including Live Patches 8, 7, 12, and 9 for SLE 15 SP6. Additionally, an update was released to address vulnerabilities with govulncheck-vulndb, categorized as moderate in severity. These security updates are considered important, except for one that is classified as moderate.

SUSE-SU-2025:3927-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
SUSE-SU-2025:3932-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
SUSE-SU-2025:3935-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
SUSE-SU-2025:3937-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:3936-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)




SUSE-SU-2025:3927-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:3927-1
Release Date: 2025-11-04T07:04:21Z
Rating: important
References:

* bsc#1248631
* bsc#1249207
* bsc#1249208

Cross-References:

* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues.

The following security issues were fixed:

* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3927=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3927=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-10-150600.4.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-10-150600.4.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-10-150600.4.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-10-150600.4.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-10-150600.4.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-10-150600.4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208



SUSE-SU-2025:3932-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:3932-1
Release Date: 2025-11-04T09:04:27Z
Rating: important
References:

* bsc#1248631
* bsc#1249207
* bsc#1249208

Cross-References:

* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.

The following security issues were fixed:

* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3928=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3932=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3932=1 SUSE-2025-3928=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-9-150600.4.1
* kernel-livepatch-6_4_0-150600_23_47-default-9-150600.4.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-8-150600.4.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-9-150600.4.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-8-150600.4.1
* kernel-livepatch-6_4_0-150600_23_53-default-8-150600.4.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-9-150600.4.1
* kernel-livepatch-6_4_0-150600_23_47-default-9-150600.4.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-8-150600.4.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-9-150600.4.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-8-150600.4.1
* kernel-livepatch-6_4_0-150600_23_53-default-8-150600.4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208



SUSE-SU-2025:3935-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:3935-1
Release Date: 2025-11-04T11:34:01Z
Rating: important
References:

* bsc#1246019
* bsc#1248631
* bsc#1249207
* bsc#1249208

Cross-References:

* CVE-2024-53164
* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2024-53164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53164 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.

The following security issues were fixed:

* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).
* CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3935=1 SUSE-2025-3933=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3935=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3933=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-15-150600.4.1
* kernel-livepatch-6_4_0-150600_23_33-default-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-15-150600.4.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-15-150600.4.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-15-150600.4.1
* kernel-livepatch-6_4_0-150600_23_33-default-15-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-15-150600.4.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-15-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-15-150600.4.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53164.html
* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246019
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208



SUSE-SU-2025:3937-1: moderate: Security update for govulncheck-vulndb


# Security update for govulncheck-vulndb

Announcement ID: SUSE-SU-2025:3937-1
Release Date: 2025-11-04T12:47:51Z
Rating: moderate
References:

* jsc#PED-11136

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that contains one feature can now be installed.

## Description:

This update for govulncheck-vulndb fixes the following issues:

* Update to version 0.0.20251029T215107 2025-10-29T21:51:07Z. (jsc#PED-11136):
* GO-2025-4006
* GO-2025-4007
* GO-2025-4008
* GO-2025-4009
* GO-2025-4010
* GO-2025-4011
* GO-2025-4012
* GO-2025-4013
* GO-2025-4014
* GO-2025-4015

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3937=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3937=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20251029T215107-150000.1.113.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20251029T215107-150000.1.113.1

## References:

* https://jira.suse.com/browse/PED-11136



SUSE-SU-2025:3936-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)


# Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:3936-1
Release Date: 2025-11-04T12:04:18Z
Rating: important
References:

* bsc#1248631
* bsc#1249207
* bsc#1249208

Cross-References:

* CVE-2025-38617
* CVE-2025-38618
* CVE-2025-38664

CVSS scores:

* CVE-2025-38617 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38617 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38618 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38618 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38664 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38664 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.

The following security issues were fixed:

* CVE-2025-38664: ice: Fix a null pointer dereference in
ice_copy_and_init_pkg() (bsc#1248631).
* CVE-2025-38617: net/packet: fix a race in packet_set_ring() and
packet_notifier() (bsc#1249208).
* CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY
(bsc#1249207).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3936=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3936=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-10-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-10-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-10-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-10-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-38617.html
* https://www.suse.com/security/cve/CVE-2025-38618.html
* https://www.suse.com/security/cve/CVE-2025-38664.html
* https://bugzilla.suse.com/show_bug.cgi?id=1248631
* https://bugzilla.suse.com/show_bug.cgi?id=1249207
* https://bugzilla.suse.com/show_bug.cgi?id=1249208


Librepo, Xorg-X11-Server, TigerVNC, and more updates for Oracle Linux

Kernel, LibSSH, Squid, Unbound, OpenStack updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...