SUSE Linux has released several security updates, including Live Patch 46 for SLE 15 SP3, grub2 security update, openssh security update, postgresql17 security update, gnuplot security update, postgresql16-16.9 security update, xen security update, python security update, postgresql security update, govulncheck security update, postgresql security update, dante security update, grype security update, Thunderbird security update, and s390-tools security update:

SUSE-SU-2025:01610-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
SUSE-SU-2025:01615-1: moderate: Security update for grub2
SUSE-SU-2025:01620-1: important: Security update for the Linux Kernel
SUSE-SU-2025:01627-1: important: Security update for the Linux Kernel
SUSE-SU-2025:01631-1: moderate: Security update for s390-tools
SUSE-SU-2025:01633-1: important: Security update for the Linux Kernel
SUSE-SU-2025:01638-1: moderate: Security update for openssh
SUSE-SU-2025:01640-1: important: Security update for the Linux Kernel
SUSE-SU-2025:01611-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
SUSE-SU-2025:01644-1: moderate: Security update for postgresql17
openSUSE-SU-2025:15134-1: moderate: gnuplot-6.0.2-3.1 on GA media
openSUSE-SU-2025:15140-1: moderate: postgresql16-16.9-1.1 on GA media
openSUSE-SU-2025:15142-1: moderate: xen-4.20.0_12-1.1 on GA media
openSUSE-SU-2025:15139-1: moderate: postgresql15-15.13-1.1 on GA media
openSUSE-SU-2025:15141-1: moderate: python314-3.14.0~b1-3.1 on GA media
openSUSE-SU-2025:15138-1: moderate: postgresql14-14.18-1.1 on GA media
openSUSE-SU-2025:15135-1: moderate: govulncheck-vulndb-0.0.20250515T200012-1.1 on GA media
openSUSE-SU-2025:15137-1: moderate: postgresql13-13.21-1.1 on GA media
openSUSE-SU-2025:15132-1: moderate: dante-1.4.4-1.1 on GA media
openSUSE-SU-2025:15136-1: moderate: grype-0.92.1-1.1 on GA media
openSUSE-SU-2025:15131-1: moderate: MozillaThunderbird-128.10.1-1.1 on GA media
openSUSE-SU-2025:15133-1: moderate: firefox-esr-128.10.1-1.1 on GA media
SUSE-SU-2025:01614-1: important: Security update for the Linux Kernel
SUSE-SU-2025:01619-1: moderate: Security update for s390-tools

SUSE-SU-2025:01610-1: important: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:01610-1
Release Date: 2025-05-21T07:33:31Z
Rating: important
References:

* bsc#1229504
* bsc#1233019
* bsc#1234847

Cross-References:

* CVE-2024-43882
* CVE-2024-50115
* CVE-2024-53156

CVSS scores:

* CVE-2024-43882 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43882 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-43882 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50115 ( SUSE ): 4.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-53156 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues.

The following security issues were fixed:

* CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (bsc#1234847).
* CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage
(bsc#1229504).
* CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(bsc#1233019).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2025-1610=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1608=1 SUSE-2025-1609=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1608=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-1609=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_225-default-10-2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_45-debugsource-14-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_46-debugsource-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-14-150300.2.2
* kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_164-default-14-150300.2.2
* kernel-livepatch-5_3_18-150300_59_167-default-13-150300.2.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-14-150300.2.2
* kernel-livepatch-5_3_18-150300_59_167-preempt-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_164-preempt-14-150300.2.2
* kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-13-150300.2.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_167-default-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_164-default-14-150300.2.2

## References:

* https://www.suse.com/security/cve/CVE-2024-43882.html
* https://www.suse.com/security/cve/CVE-2024-50115.html
* https://www.suse.com/security/cve/CVE-2024-53156.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229504
* https://bugzilla.suse.com/show_bug.cgi?id=1233019
* https://bugzilla.suse.com/show_bug.cgi?id=1234847

SUSE-SU-2025:01615-1: moderate: Security update for grub2

# Security update for grub2

Announcement ID: SUSE-SU-2025:01615-1
Release Date: 2025-05-21T09:53:14Z
Rating: moderate
References:

* bsc#1235958
* bsc#1235971
* bsc#1239651
* bsc#1242971
* jsc#PED-12028

Cross-References:

* CVE-2025-4382

CVSS scores:

* CVE-2025-4382 ( SUSE ): 8.4
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
* CVE-2025-4382 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-4382 ( NVD ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.

## Description:

This update for grub2 rebuilds the existing package with the new 4k RSA secure
boot key for IBM Power and Z.

Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged.

Also the following issue were fixed:

* CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971)
* Fix segmentation fault error in grub2-probe with target=hints_string
(bsc#1235971) (bsc#1235958) (bsc#1239651)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1615=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1615=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1615=1 openSUSE-SLE-15.6-2025-1615=1

## Package List:

* Basesystem Module 15-SP6 (noarch)
* grub2-powerpc-ieee1275-2.12-150600.8.27.1
* grub2-i386-pc-2.12-150600.8.27.1
* grub2-snapper-plugin-2.12-150600.8.27.1
* grub2-x86_64-efi-2.12-150600.8.27.1
* grub2-systemd-sleep-plugin-2.12-150600.8.27.1
* grub2-arm64-efi-2.12-150600.8.27.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* grub2-debuginfo-2.12-150600.8.27.1
* grub2-2.12-150600.8.27.1
* Basesystem Module 15-SP6 (aarch64 s390x x86_64)
* grub2-debugsource-2.12-150600.8.27.1
* Basesystem Module 15-SP6 (s390x)
* grub2-s390x-emu-2.12-150600.8.27.1
* Server Applications Module 15-SP6 (noarch)
* grub2-x86_64-xen-2.12-150600.8.27.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* grub2-debuginfo-2.12-150600.8.27.1
* grub2-2.12-150600.8.27.1
* grub2-branding-upstream-2.12-150600.8.27.1
* openSUSE Leap 15.6 (aarch64 s390x x86_64 i586)
* grub2-debugsource-2.12-150600.8.27.1
* openSUSE Leap 15.6 (noarch)
* grub2-powerpc-ieee1275-debug-2.12-150600.8.27.1
* grub2-powerpc-ieee1275-2.12-150600.8.27.1
* grub2-i386-pc-2.12-150600.8.27.1
* grub2-arm64-efi-extras-2.12-150600.8.27.1
* grub2-snapper-plugin-2.12-150600.8.27.1
* grub2-x86_64-efi-extras-2.12-150600.8.27.1
* grub2-i386-pc-extras-2.12-150600.8.27.1
* grub2-i386-xen-2.12-150600.8.27.1
* grub2-arm64-efi-debug-2.12-150600.8.27.1
* grub2-powerpc-ieee1275-extras-2.12-150600.8.27.1
* grub2-i386-efi-2.12-150600.8.27.1
* grub2-x86_64-efi-debug-2.12-150600.8.27.1
* grub2-i386-efi-debug-2.12-150600.8.27.1
* grub2-x86_64-xen-2.12-150600.8.27.1
* grub2-i386-efi-extras-2.12-150600.8.27.1
* grub2-i386-xen-debug-2.12-150600.8.27.1
* grub2-i386-pc-debug-2.12-150600.8.27.1
* grub2-arm64-efi-2.12-150600.8.27.1
* grub2-x86_64-xen-extras-2.12-150600.8.27.1
* grub2-s390x-emu-extras-2.12-150600.8.27.1
* grub2-x86_64-xen-debug-2.12-150600.8.27.1
* grub2-i386-xen-extras-2.12-150600.8.27.1
* grub2-x86_64-efi-2.12-150600.8.27.1
* grub2-systemd-sleep-plugin-2.12-150600.8.27.1
* openSUSE Leap 15.6 (s390x)
* grub2-s390x-emu-2.12-150600.8.27.1
* grub2-s390x-emu-debug-2.12-150600.8.27.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4382.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235958
* https://bugzilla.suse.com/show_bug.cgi?id=1235971
* https://bugzilla.suse.com/show_bug.cgi?id=1239651
* https://bugzilla.suse.com/show_bug.cgi?id=1242971
* https://jira.suse.com/browse/PED-12028

SUSE-SU-2025:01620-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:01620-1
Release Date: 2025-05-21T09:58:56Z
Rating: important
References:

* bsc#1054914
* bsc#1206843
* bsc#1210409
* bsc#1225903
* bsc#1229361
* bsc#1229621
* bsc#1230764
* bsc#1231103
* bsc#1231910
* bsc#1236777
* bsc#1237981
* bsc#1238032
* bsc#1238471
* bsc#1238512
* bsc#1238747
* bsc#1238865
* bsc#1239061
* bsc#1239684
* bsc#1239968
* bsc#1240209
* bsc#1240211
* bsc#1240214
* bsc#1240228
* bsc#1240230
* bsc#1240246
* bsc#1240248
* bsc#1240269
* bsc#1240271
* bsc#1240274
* bsc#1240285
* bsc#1240295
* bsc#1240306
* bsc#1240314
* bsc#1240315
* bsc#1240321
* bsc#1240747
* bsc#1240835
* bsc#1241280
* bsc#1241371
* bsc#1241421
* bsc#1241433
* bsc#1241541
* bsc#1241625
* bsc#1241648
* bsc#1242284
* bsc#1242493
* bsc#1242778

Cross-References:

* CVE-2021-47671
* CVE-2022-48933
* CVE-2022-49110
* CVE-2022-49139
* CVE-2022-49741
* CVE-2022-49745
* CVE-2022-49767
* CVE-2023-52928
* CVE-2023-52931
* CVE-2023-52936
* CVE-2023-52937
* CVE-2023-52938
* CVE-2023-52981
* CVE-2023-52982
* CVE-2023-52986
* CVE-2023-52994
* CVE-2023-53001
* CVE-2023-53002
* CVE-2023-53009
* CVE-2023-53014
* CVE-2023-53018
* CVE-2023-53031
* CVE-2023-53051
* CVE-2024-42307
* CVE-2024-46763
* CVE-2024-46865
* CVE-2024-50038
* CVE-2025-21726
* CVE-2025-21785
* CVE-2025-21791
* CVE-2025-21812
* CVE-2025-21839
* CVE-2025-22004
* CVE-2025-22020
* CVE-2025-22045
* CVE-2025-22055
* CVE-2025-22097
* CVE-2025-2312
* CVE-2025-23138
* CVE-2025-39735

CVSS scores:

* CVE-2021-47671 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47671 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-48933 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49110 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49139 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49139 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49741 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49741 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49741 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49745 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52928 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52928 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52931 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52936 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52937 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52937 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52938 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52938 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52994 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52994 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53001 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53002 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53002 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53009 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53014 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-42307 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-42307 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46763 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46763 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46865 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46865 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-50038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50038 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21726 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21726 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21785 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22004 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22045 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22055 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-22097 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22097 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-22097 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-2312 ( SUSE ): 6.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-2312 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-2312 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-23138 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39735 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39735 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39735 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 40 vulnerabilities and has seven security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj
update (bsc#1229621).
* CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
* CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1238032).
* CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
* CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
* CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed
(bsc#1231910).
* CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
* CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo
array (bsc#1238747).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
* CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
* CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering
.vcpu_run() loop (bsc#1239061).
* CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
* CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280).
* CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal
PMDs (bsc#1241433).
* CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
* CVE-2025-22097: drm/vkms: Fix use after free and double free on init error
(bsc#1241541).
* CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution
(bsc#1239684).
* CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
* CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).

The following non-security bugs were fixed:

* cpufreq: ACPI: Mark boost policy as enabled when setting boost
(bsc#1236777).
* cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
* cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw()
(bsc#1236777).
* cpufreq: Support per-policy performance boost (bsc#1236777).
* x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
* x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
* x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-1620=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1620=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1620=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1620=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1620=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1620=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1620=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_103-default-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-1-150500.11.3.1
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-1-150500.11.3.1
* kernel-default-livepatch-devel-5.14.21-150500.55.103.1
* kernel-default-livepatch-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* kernel-default-devel-5.14.21-150500.55.103.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-obs-build-5.14.21-150500.55.103.1
* ocfs2-kmp-default-5.14.21-150500.55.103.1
* cluster-md-kmp-default-5.14.21-150500.55.103.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.103.1
* gfs2-kmp-default-5.14.21-150500.55.103.1
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* kernel-syms-5.14.21-150500.55.103.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-5.14.21-150500.55.103.1
* kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1
* kernel-obs-build-debugsource-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
nosrc)
* kernel-64kb-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.103.1
* kernel-64kb-debugsource-5.14.21-150500.55.103.1
* kernel-64kb-devel-5.14.21-150500.55.103.1
* kernel-64kb-debuginfo-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* kernel-source-5.14.21-150500.55.103.1
* kernel-macros-5.14.21-150500.55.103.1
* kernel-devel-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* kernel-default-devel-5.14.21-150500.55.103.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-obs-build-5.14.21-150500.55.103.1
* ocfs2-kmp-default-5.14.21-150500.55.103.1
* cluster-md-kmp-default-5.14.21-150500.55.103.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.103.1
* gfs2-kmp-default-5.14.21-150500.55.103.1
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* kernel-syms-5.14.21-150500.55.103.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-5.14.21-150500.55.103.1
* kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1
* kernel-obs-build-debugsource-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.103.1
* kernel-64kb-debugsource-5.14.21-150500.55.103.1
* kernel-64kb-devel-5.14.21-150500.55.103.1
* kernel-64kb-debuginfo-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* kernel-source-5.14.21-150500.55.103.1
* kernel-macros-5.14.21-150500.55.103.1
* kernel-devel-5.14.21-150500.55.103.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.103.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-obs-build-5.14.21-150500.55.103.1
* ocfs2-kmp-default-5.14.21-150500.55.103.1
* cluster-md-kmp-default-5.14.21-150500.55.103.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.103.1
* gfs2-kmp-default-5.14.21-150500.55.103.1
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-5.14.21-150500.55.103.1
* kernel-syms-5.14.21-150500.55.103.1
* reiserfs-kmp-default-5.14.21-150500.55.103.1
* kernel-obs-build-debugsource-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.103.1
* kernel-64kb-debugsource-5.14.21-150500.55.103.1
* kernel-64kb-devel-5.14.21-150500.55.103.1
* kernel-64kb-debuginfo-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* kernel-source-5.14.21-150500.55.103.1
* kernel-macros-5.14.21-150500.55.103.1
* kernel-devel-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.103.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* kernel-default-devel-5.14.21-150500.55.103.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-obs-build-5.14.21-150500.55.103.1
* ocfs2-kmp-default-5.14.21-150500.55.103.1
* cluster-md-kmp-default-5.14.21-150500.55.103.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.103.1
* gfs2-kmp-default-5.14.21-150500.55.103.1
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* kernel-syms-5.14.21-150500.55.103.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-5.14.21-150500.55.103.1
* kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1
* reiserfs-kmp-default-5.14.21-150500.55.103.1
* kernel-obs-build-debugsource-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* kernel-source-5.14.21-150500.55.103.1
* kernel-macros-5.14.21-150500.55.103.1
* kernel-devel-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (noarch)
* kernel-devel-5.14.21-150500.55.103.1
* kernel-macros-5.14.21-150500.55.103.1
* kernel-source-5.14.21-150500.55.103.1
* kernel-docs-html-5.14.21-150500.55.103.1
* kernel-source-vanilla-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.14.21-150500.55.103.1
* kernel-debug-debugsource-5.14.21-150500.55.103.1
* kernel-debug-devel-5.14.21-150500.55.103.1
* kernel-debug-debuginfo-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (x86_64)
* kernel-debug-vdso-5.14.21-150500.55.103.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.103.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.103.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.103.1
* kernel-default-vdso-5.14.21-150500.55.103.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debugsource-5.14.21-150500.55.103.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.103.1
* kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1
* kernel-default-base-rebuild-5.14.21-150500.55.103.1.150500.6.49.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.103.1
* kernel-kvmsmall-devel-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.103.1
* ocfs2-kmp-default-5.14.21-150500.55.103.1
* kernel-default-optional-5.14.21-150500.55.103.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.103.1
* gfs2-kmp-default-5.14.21-150500.55.103.1
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-default-5.14.21-150500.55.103.1
* cluster-md-kmp-default-5.14.21-150500.55.103.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.103.1
* kernel-default-extra-5.14.21-150500.55.103.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-syms-5.14.21-150500.55.103.1
* kernel-obs-build-debugsource-5.14.21-150500.55.103.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.103.1
* kernel-obs-build-5.14.21-150500.55.103.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-obs-qa-5.14.21-150500.55.103.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-livepatch-5.14.21-150500.55.103.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.103.1
* kselftests-kmp-default-5.14.21-150500.55.103.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.103.1
* reiserfs-kmp-default-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_103-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-1-150500.11.3.1
* kernel-default-livepatch-devel-5.14.21-150500.55.103.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-1-150500.11.3.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.103.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (aarch64)
* dtb-mediatek-5.14.21-150500.55.103.1
* gfs2-kmp-64kb-5.14.21-150500.55.103.1
* dtb-freescale-5.14.21-150500.55.103.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.103.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.103.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.103.1
* dtb-qcom-5.14.21-150500.55.103.1
* dtb-sprd-5.14.21-150500.55.103.1
* dtb-altera-5.14.21-150500.55.103.1
* dtb-xilinx-5.14.21-150500.55.103.1
* kernel-64kb-extra-5.14.21-150500.55.103.1
* dtb-apm-5.14.21-150500.55.103.1
* dtb-cavium-5.14.21-150500.55.103.1
* dtb-rockchip-5.14.21-150500.55.103.1
* ocfs2-kmp-64kb-5.14.21-150500.55.103.1
* dtb-amd-5.14.21-150500.55.103.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.103.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.103.1
* dtb-amlogic-5.14.21-150500.55.103.1
* dtb-arm-5.14.21-150500.55.103.1
* kernel-64kb-optional-5.14.21-150500.55.103.1
* dtb-apple-5.14.21-150500.55.103.1
* dtb-renesas-5.14.21-150500.55.103.1
* dtb-lg-5.14.21-150500.55.103.1
* dtb-broadcom-5.14.21-150500.55.103.1
* kernel-64kb-devel-5.14.21-150500.55.103.1
* reiserfs-kmp-64kb-5.14.21-150500.55.103.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.103.1
* kselftests-kmp-64kb-5.14.21-150500.55.103.1
* dlm-kmp-64kb-5.14.21-150500.55.103.1
* dtb-hisilicon-5.14.21-150500.55.103.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.103.1
* dtb-marvell-5.14.21-150500.55.103.1
* dtb-socionext-5.14.21-150500.55.103.1
* dtb-exynos-5.14.21-150500.55.103.1
* dtb-nvidia-5.14.21-150500.55.103.1
* dtb-allwinner-5.14.21-150500.55.103.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.103.1
* dtb-amazon-5.14.21-150500.55.103.1
* kernel-64kb-debugsource-5.14.21-150500.55.103.1
* cluster-md-kmp-64kb-5.14.21-150500.55.103.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.103.1
* kernel-64kb-debuginfo-5.14.21-150500.55.103.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.103.1
* kernel-default-debugsource-5.14.21-150500.55.103.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-macros-5.14.21-150500.55.103.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47671.html
* https://www.suse.com/security/cve/CVE-2022-48933.html
* https://www.suse.com/security/cve/CVE-2022-49110.html
* https://www.suse.com/security/cve/CVE-2022-49139.html
* https://www.suse.com/security/cve/CVE-2022-49741.html
* https://www.suse.com/security/cve/CVE-2022-49745.html
* https://www.suse.com/security/cve/CVE-2022-49767.html
* https://www.suse.com/security/cve/CVE-2023-52928.html
* https://www.suse.com/security/cve/CVE-2023-52931.html
* https://www.suse.com/security/cve/CVE-2023-52936.html
* https://www.suse.com/security/cve/CVE-2023-52937.html
* https://www.suse.com/security/cve/CVE-2023-52938.html
* https://www.suse.com/security/cve/CVE-2023-52981.html
* https://www.suse.com/security/cve/CVE-2023-52982.html
* https://www.suse.com/security/cve/CVE-2023-52986.html
* https://www.suse.com/security/cve/CVE-2023-52994.html
* https://www.suse.com/security/cve/CVE-2023-53001.html
* https://www.suse.com/security/cve/CVE-2023-53002.html
* https://www.suse.com/security/cve/CVE-2023-53009.html
* https://www.suse.com/security/cve/CVE-2023-53014.html
* https://www.suse.com/security/cve/CVE-2023-53018.html
* https://www.suse.com/security/cve/CVE-2023-53031.html
* https://www.suse.com/security/cve/CVE-2023-53051.html
* https://www.suse.com/security/cve/CVE-2024-42307.html
* https://www.suse.com/security/cve/CVE-2024-46763.html
* https://www.suse.com/security/cve/CVE-2024-46865.html
* https://www.suse.com/security/cve/CVE-2024-50038.html
* https://www.suse.com/security/cve/CVE-2025-21726.html
* https://www.suse.com/security/cve/CVE-2025-21785.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-21812.html
* https://www.suse.com/security/cve/CVE-2025-21839.html
* https://www.suse.com/security/cve/CVE-2025-22004.html
* https://www.suse.com/security/cve/CVE-2025-22020.html
* https://www.suse.com/security/cve/CVE-2025-22045.html
* https://www.suse.com/security/cve/CVE-2025-22055.html
* https://www.suse.com/security/cve/CVE-2025-22097.html
* https://www.suse.com/security/cve/CVE-2025-2312.html
* https://www.suse.com/security/cve/CVE-2025-23138.html
* https://www.suse.com/security/cve/CVE-2025-39735.html
* https://bugzilla.suse.com/show_bug.cgi?id=1054914
* https://bugzilla.suse.com/show_bug.cgi?id=1206843
* https://bugzilla.suse.com/show_bug.cgi?id=1210409
* https://bugzilla.suse.com/show_bug.cgi?id=1225903
* https://bugzilla.suse.com/show_bug.cgi?id=1229361
* https://bugzilla.suse.com/show_bug.cgi?id=1229621
* https://bugzilla.suse.com/show_bug.cgi?id=1230764
* https://bugzilla.suse.com/show_bug.cgi?id=1231103
* https://bugzilla.suse.com/show_bug.cgi?id=1231910
* https://bugzilla.suse.com/show_bug.cgi?id=1236777
* https://bugzilla.suse.com/show_bug.cgi?id=1237981
* https://bugzilla.suse.com/show_bug.cgi?id=1238032
* https://bugzilla.suse.com/show_bug.cgi?id=1238471
* https://bugzilla.suse.com/show_bug.cgi?id=1238512
* https://bugzilla.suse.com/show_bug.cgi?id=1238747
* https://bugzilla.suse.com/show_bug.cgi?id=1238865
* https://bugzilla.suse.com/show_bug.cgi?id=1239061
* https://bugzilla.suse.com/show_bug.cgi?id=1239684
* https://bugzilla.suse.com/show_bug.cgi?id=1239968
* https://bugzilla.suse.com/show_bug.cgi?id=1240209
* https://bugzilla.suse.com/show_bug.cgi?id=1240211
* https://bugzilla.suse.com/show_bug.cgi?id=1240214
* https://bugzilla.suse.com/show_bug.cgi?id=1240228
* https://bugzilla.suse.com/show_bug.cgi?id=1240230
* https://bugzilla.suse.com/show_bug.cgi?id=1240246
* https://bugzilla.suse.com/show_bug.cgi?id=1240248
* https://bugzilla.suse.com/show_bug.cgi?id=1240269
* https://bugzilla.suse.com/show_bug.cgi?id=1240271
* https://bugzilla.suse.com/show_bug.cgi?id=1240274
* https://bugzilla.suse.com/show_bug.cgi?id=1240285
* https://bugzilla.suse.com/show_bug.cgi?id=1240295
* https://bugzilla.suse.com/show_bug.cgi?id=1240306
* https://bugzilla.suse.com/show_bug.cgi?id=1240314
* https://bugzilla.suse.com/show_bug.cgi?id=1240315
* https://bugzilla.suse.com/show_bug.cgi?id=1240321
* https://bugzilla.suse.com/show_bug.cgi?id=1240747
* https://bugzilla.suse.com/show_bug.cgi?id=1240835
* https://bugzilla.suse.com/show_bug.cgi?id=1241280
* https://bugzilla.suse.com/show_bug.cgi?id=1241371
* https://bugzilla.suse.com/show_bug.cgi?id=1241421
* https://bugzilla.suse.com/show_bug.cgi?id=1241433
* https://bugzilla.suse.com/show_bug.cgi?id=1241541
* https://bugzilla.suse.com/show_bug.cgi?id=1241625
* https://bugzilla.suse.com/show_bug.cgi?id=1241648
* https://bugzilla.suse.com/show_bug.cgi?id=1242284
* https://bugzilla.suse.com/show_bug.cgi?id=1242493
* https://bugzilla.suse.com/show_bug.cgi?id=1242778

SUSE-SU-2025:01627-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:01627-1
Release Date: 2025-05-21T10:02:18Z
Rating: important
References:

* bsc#1201855
* bsc#1230771
* bsc#1238471
* bsc#1238512
* bsc#1238747
* bsc#1238865
* bsc#1239968
* bsc#1240188
* bsc#1240195
* bsc#1240553
* bsc#1240747
* bsc#1240835
* bsc#1241280
* bsc#1241371
* bsc#1241421
* bsc#1241433
* bsc#1241541

Cross-References:

* CVE-2021-47671
* CVE-2022-49741
* CVE-2024-46784
* CVE-2025-21726
* CVE-2025-21785
* CVE-2025-21791
* CVE-2025-21812
* CVE-2025-21886
* CVE-2025-22004
* CVE-2025-22020
* CVE-2025-22045
* CVE-2025-22055
* CVE-2025-22097

CVSS scores:

* CVE-2021-47671 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47671 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-49741 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49741 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49741 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21726 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21726 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21785 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22004 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22045 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22055 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-22097 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22097 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-22097 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves 13 vulnerabilities and has four security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
* CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo
array (bsc#1238747).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
* CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
* CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
* CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280).
* CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal
PMDs (bsc#1241433).
* CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
* CVE-2025-22097: drm/vkms: Fix use after free and double free on init error
(bsc#1241541).

The following non-security bugs were fixed:

* scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557,
bsc#1201855, bsc#1240553).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1627=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1627=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1627=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1627=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1627=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1627=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2025-1627=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1627=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1627=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1627=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1627=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1627=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-1627=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1627=1

## Package List:

* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (noarch)
* kernel-docs-html-5.14.21-150400.24.164.1
* kernel-source-vanilla-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-source-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150400.24.164.1
* kernel-debug-devel-5.14.21-150400.24.164.1
* kernel-debug-debuginfo-5.14.21-150400.24.164.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150400.24.164.1.150400.24.82.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.164.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.164.1
* kernel-kvmsmall-devel-5.14.21-150400.24.164.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.164.1
* kernel-default-livepatch-5.14.21-150400.24.164.1
* kernel-obs-build-5.14.21-150400.24.164.1
* dlm-kmp-default-5.14.21-150400.24.164.1
* kernel-obs-build-debugsource-5.14.21-150400.24.164.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.164.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.164.1
* kernel-default-extra-5.14.21-150400.24.164.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.164.1
* kselftests-kmp-default-5.14.21-150400.24.164.1
* gfs2-kmp-default-5.14.21-150400.24.164.1
* reiserfs-kmp-default-5.14.21-150400.24.164.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.164.1
* kernel-obs-qa-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* cluster-md-kmp-default-5.14.21-150400.24.164.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.164.1
* ocfs2-kmp-default-5.14.21-150400.24.164.1
* kernel-default-optional-5.14.21-150400.24.164.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.164.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_164-default-1-150400.9.3.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-1-150400.9.3.1
* kernel-default-livepatch-devel-5.14.21-150400.24.164.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-1-150400.9.3.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.164.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (aarch64)
* dtb-xilinx-5.14.21-150400.24.164.1
* kernel-64kb-extra-5.14.21-150400.24.164.1
* dtb-hisilicon-5.14.21-150400.24.164.1
* cluster-md-kmp-64kb-5.14.21-150400.24.164.1
* dtb-rockchip-5.14.21-150400.24.164.1
* ocfs2-kmp-64kb-5.14.21-150400.24.164.1
* dtb-broadcom-5.14.21-150400.24.164.1
* dtb-lg-5.14.21-150400.24.164.1
* dtb-nvidia-5.14.21-150400.24.164.1
* dtb-socionext-5.14.21-150400.24.164.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.164.1
* dtb-freescale-5.14.21-150400.24.164.1
* dtb-arm-5.14.21-150400.24.164.1
* dtb-renesas-5.14.21-150400.24.164.1
* dlm-kmp-64kb-5.14.21-150400.24.164.1
* gfs2-kmp-64kb-5.14.21-150400.24.164.1
* kernel-64kb-debugsource-5.14.21-150400.24.164.1
* dtb-apple-5.14.21-150400.24.164.1
* dtb-apm-5.14.21-150400.24.164.1
* dtb-allwinner-5.14.21-150400.24.164.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.164.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.164.1
* kernel-64kb-devel-5.14.21-150400.24.164.1
* dtb-cavium-5.14.21-150400.24.164.1
* dtb-exynos-5.14.21-150400.24.164.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.164.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.164.1
* kernel-64kb-debuginfo-5.14.21-150400.24.164.1
* dtb-amlogic-5.14.21-150400.24.164.1
* reiserfs-kmp-64kb-5.14.21-150400.24.164.1
* dtb-qcom-5.14.21-150400.24.164.1
* kselftests-kmp-64kb-5.14.21-150400.24.164.1
* dtb-sprd-5.14.21-150400.24.164.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.164.1
* dtb-amazon-5.14.21-150400.24.164.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.164.1
* dtb-mediatek-5.14.21-150400.24.164.1
* dtb-altera-5.14.21-150400.24.164.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.164.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.164.1
* kernel-64kb-optional-5.14.21-150400.24.164.1
* dtb-amd-5.14.21-150400.24.164.1
* dtb-marvell-5.14.21-150400.24.164.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150400.24.164.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-1-150400.9.3.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-default-livepatch-devel-5.14.21-150400.24.164.1
* kernel-livepatch-5_14_21-150400_24_164-default-1-150400.9.3.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-1-150400.9.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.14.21-150400.24.164.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.164.1
* ocfs2-kmp-default-5.14.21-150400.24.164.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* dlm-kmp-default-5.14.21-150400.24.164.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.164.1
* gfs2-kmp-default-5.14.21-150400.24.164.1
* cluster-md-kmp-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
nosrc)
* kernel-64kb-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150400.24.164.1
* kernel-64kb-debugsource-5.14.21-150400.24.164.1
* kernel-64kb-devel-5.14.21-150400.24.164.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-5.14.21-150400.24.164.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-obs-build-5.14.21-150400.24.164.1
* kernel-obs-build-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150400.24.164.1
* kernel-64kb-debugsource-5.14.21-150400.24.164.1
* kernel-64kb-devel-5.14.21-150400.24.164.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-5.14.21-150400.24.164.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-obs-build-5.14.21-150400.24.164.1
* kernel-obs-build-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
* kernel-64kb-debuginfo-5.14.21-150400.24.164.1
* kernel-64kb-debugsource-5.14.21-150400.24.164.1
* kernel-64kb-devel-5.14.21-150400.24.164.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150400.24.164.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-obs-build-5.14.21-150400.24.164.1
* kernel-obs-build-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* kernel-source-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.164.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* reiserfs-kmp-default-5.14.21-150400.24.164.1
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-obs-build-5.14.21-150400.24.164.1
* kernel-obs-build-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.164.1
* SUSE Manager Proxy 4.3 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Manager Proxy 4.3 (x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Manager Proxy 4.3 (noarch)
* kernel-source-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64)
* kernel-default-5.14.21-150400.24.164.1
* SUSE Manager Server 4.3 (ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.164.1.150400.24.82.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.164.1
* kernel-syms-5.14.21-150400.24.164.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.164.1
* kernel-default-devel-5.14.21-150400.24.164.1
* kernel-default-debuginfo-5.14.21-150400.24.164.1
* SUSE Manager Server 4.3 (noarch)
* kernel-source-5.14.21-150400.24.164.1
* kernel-macros-5.14.21-150400.24.164.1
* kernel-devel-5.14.21-150400.24.164.1
* SUSE Manager Server 4.3 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.164.1
* SUSE Manager Server 4.3 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.164.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.164.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47671.html
* https://www.suse.com/security/cve/CVE-2022-49741.html
* https://www.suse.com/security/cve/CVE-2024-46784.html
* https://www.suse.com/security/cve/CVE-2025-21726.html
* https://www.suse.com/security/cve/CVE-2025-21785.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-21812.html
* https://www.suse.com/security/cve/CVE-2025-21886.html
* https://www.suse.com/security/cve/CVE-2025-22004.html
* https://www.suse.com/security/cve/CVE-2025-22020.html
* https://www.suse.com/security/cve/CVE-2025-22045.html
* https://www.suse.com/security/cve/CVE-2025-22055.html
* https://www.suse.com/security/cve/CVE-2025-22097.html
* https://bugzilla.suse.com/show_bug.cgi?id=1201855
* https://bugzilla.suse.com/show_bug.cgi?id=1230771
* https://bugzilla.suse.com/show_bug.cgi?id=1238471
* https://bugzilla.suse.com/show_bug.cgi?id=1238512
* https://bugzilla.suse.com/show_bug.cgi?id=1238747
* https://bugzilla.suse.com/show_bug.cgi?id=1238865
* https://bugzilla.suse.com/show_bug.cgi?id=1239968
* https://bugzilla.suse.com/show_bug.cgi?id=1240188
* https://bugzilla.suse.com/show_bug.cgi?id=1240195
* https://bugzilla.suse.com/show_bug.cgi?id=1240553
* https://bugzilla.suse.com/show_bug.cgi?id=1240747
* https://bugzilla.suse.com/show_bug.cgi?id=1240835
* https://bugzilla.suse.com/show_bug.cgi?id=1241280
* https://bugzilla.suse.com/show_bug.cgi?id=1241371
* https://bugzilla.suse.com/show_bug.cgi?id=1241421
* https://bugzilla.suse.com/show_bug.cgi?id=1241433
* https://bugzilla.suse.com/show_bug.cgi?id=1241541

SUSE-SU-2025:01631-1: moderate: Security update for s390-tools

# Security update for s390-tools

Announcement ID: SUSE-SU-2025:01631-1
Release Date: 2025-05-21T10:03:45Z
Rating: moderate
References:

* bsc#1242622
* jsc#PED-12028

Cross-References:

* CVE-2025-3416

CVSS scores:

* CVE-2025-3416 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Manager Server 4.3

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for s390-tools rebuilds the existing package with the new 4k RSA
secure boot key.

Security issues fixed:

* CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-
openssl crate. (bsc#1242622)

Other issues:

* Added the new IBM z17 (9175) processor type

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1631=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1631=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-1631=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1631=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-1631=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1631=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1631=1

## Package List:

* openSUSE Leap 15.4 (s390x x86_64)
* s390-tools-debugsource-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* openSUSE Leap 15.4 (s390x)
* s390-tools-hmcdrvfs-debuginfo-2.31.0-150400.7.31.1
* osasnmpd-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-zdsfs-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-devel-2.31.0-150400.7.31.1
* s390-tools-hmcdrvfs-2.31.0-150400.7.31.1
* osasnmpd-2.31.0-150400.7.31.1
* s390-tools-zdsfs-debuginfo-2.31.0-150400.7.31.1
* s390-tools-chreipl-fcp-mpath-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* libkmipclient1-devel-2.31.0-150400.7.31.1
* openSUSE Leap 15.4 (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (s390x)
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* s390-tools-debugsource-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro 5.3 (s390x)
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* s390-tools-debugsource-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (s390x)
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* s390-tools-debugsource-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro 5.4 (s390x)
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* s390-tools-debugsource-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (s390x)
* s390-tools-hmcdrvfs-debuginfo-2.31.0-150400.7.31.1
* osasnmpd-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-zdsfs-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-devel-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* osasnmpd-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* s390-tools-hmcdrvfs-2.31.0-150400.7.31.1
* s390-tools-zdsfs-debuginfo-2.31.0-150400.7.31.1
* s390-tools-chreipl-fcp-mpath-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* s390-tools-debugsource-2.31.0-150400.7.31.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1
* SUSE Manager Server 4.3 (s390x)
* s390-tools-hmcdrvfs-debuginfo-2.31.0-150400.7.31.1
* osasnmpd-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-debuginfo-2.31.0-150400.7.31.1
* s390-tools-zdsfs-2.31.0-150400.7.31.1
* libkmipclient1-debuginfo-2.31.0-150400.7.31.1
* libekmfweb1-devel-2.31.0-150400.7.31.1
* s390-tools-2.31.0-150400.7.31.1
* osasnmpd-2.31.0-150400.7.31.1
* s390-tools-debuginfo-2.31.0-150400.7.31.1
* s390-tools-hmcdrvfs-2.31.0-150400.7.31.1
* s390-tools-zdsfs-debuginfo-2.31.0-150400.7.31.1
* s390-tools-chreipl-fcp-mpath-2.31.0-150400.7.31.1
* libekmfweb1-2.31.0-150400.7.31.1
* libkmipclient1-2.31.0-150400.7.31.1
* s390-tools-debugsource-2.31.0-150400.7.31.1
* SUSE Manager Server 4.3 (noarch)
* s390-tools-genprotimg-data-2.31.0-150400.7.31.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242622
* https://jira.suse.com/browse/PED-12028

SUSE-SU-2025:01633-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:01633-1
Release Date: 2025-05-21T10:09:50Z
Rating: important
References:

* bsc#1207034
* bsc#1207878
* bsc#1221980
* bsc#1234931
* bsc#1235433
* bsc#1237984
* bsc#1238512
* bsc#1238747
* bsc#1238865
* bsc#1240210
* bsc#1240308
* bsc#1240835
* bsc#1241280
* bsc#1241371
* bsc#1241404
* bsc#1241405
* bsc#1241407
* bsc#1241408

Cross-References:

* CVE-2020-36789
* CVE-2021-47163
* CVE-2021-47668
* CVE-2021-47669
* CVE-2021-47670
* CVE-2022-49111
* CVE-2023-0179
* CVE-2023-53026
* CVE-2023-53033
* CVE-2024-56642
* CVE-2024-56661
* CVE-2025-21726
* CVE-2025-21785
* CVE-2025-21791
* CVE-2025-22004
* CVE-2025-22020
* CVE-2025-22055

CVSS scores:

* CVE-2020-36789 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2020-36789 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-36789 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47163 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47163 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47668 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47668 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47668 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47669 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47669 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47669 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47670 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49111 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-53026 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53026 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56642 ( SUSE ): 7.5
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56642 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56642 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56642 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56661 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56661 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21726 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21726 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21785 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22004 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22055 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves 17 vulnerabilities and has one security fix can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2022-49111: Bluetooth: Fix use after free in hci_send_acl (bsc#1237984).
* CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
* CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo
array (bsc#1238747).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
* CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
* CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280).
* CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-1633=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1633=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-1633=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1633=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1633=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1633=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1633=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1633=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1633=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1633=1

## Package List:

* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (noarch)
* kernel-docs-html-5.3.18-150300.59.204.1
* kernel-source-5.3.18-150300.59.204.1
* kernel-source-vanilla-5.3.18-150300.59.204.1
* kernel-macros-5.3.18-150300.59.204.1
* kernel-devel-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-debug-5.3.18-150300.59.204.1
* kernel-kvmsmall-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-devel-5.3.18-150300.59.204.1
* kernel-debug-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-kvmsmall-debugsource-5.3.18-150300.59.204.1
* kernel-debug-devel-5.3.18-150300.59.204.1
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.204.1
* kernel-debug-debuginfo-5.3.18-150300.59.204.1
* kernel-debug-debugsource-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kernel-obs-qa-5.3.18-150300.59.204.1
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.204.1
* dlm-kmp-default-5.3.18-150300.59.204.1
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* kernel-default-devel-5.3.18-150300.59.204.1
* kernel-default-extra-5.3.18-150300.59.204.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kselftests-kmp-default-5.3.18-150300.59.204.1
* kernel-obs-build-debugsource-5.3.18-150300.59.204.1
* gfs2-kmp-default-5.3.18-150300.59.204.1
* kernel-default-optional-5.3.18-150300.59.204.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-extra-debuginfo-5.3.18-150300.59.204.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-default-optional-debuginfo-5.3.18-150300.59.204.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-syms-5.3.18-150300.59.204.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-base-rebuild-5.3.18-150300.59.204.1.150300.18.122.1
* cluster-md-kmp-default-5.3.18-150300.59.204.1
* kernel-default-livepatch-5.3.18-150300.59.204.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-obs-build-5.3.18-150300.59.204.1
* reiserfs-kmp-default-5.3.18-150300.59.204.1
* ocfs2-kmp-default-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_204-default-1-150300.7.3.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-1-150300.7.3.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-1-150300.7.3.1
* kernel-default-livepatch-devel-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_204-preempt-debuginfo-1-150300.7.3.1
* kernel-livepatch-5_3_18-150300_59_204-preempt-1-150300.7.3.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* ocfs2-kmp-preempt-5.3.18-150300.59.204.1
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.204.1
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.204.1
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.204.1
* dlm-kmp-preempt-5.3.18-150300.59.204.1
* reiserfs-kmp-preempt-5.3.18-150300.59.204.1
* kernel-preempt-extra-5.3.18-150300.59.204.1
* kernel-preempt-debugsource-5.3.18-150300.59.204.1
* cluster-md-kmp-preempt-5.3.18-150300.59.204.1
* kernel-preempt-optional-5.3.18-150300.59.204.1
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.204.1
* kselftests-kmp-preempt-5.3.18-150300.59.204.1
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-devel-5.3.18-150300.59.204.1
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.204.1
* gfs2-kmp-preempt-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.204.1
* kernel-zfcpdump-debugsource-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (aarch64)
* dtb-rockchip-5.3.18-150300.59.204.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.204.1
* dtb-broadcom-5.3.18-150300.59.204.1
* dtb-xilinx-5.3.18-150300.59.204.1
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.204.1
* dtb-lg-5.3.18-150300.59.204.1
* kernel-64kb-debugsource-5.3.18-150300.59.204.1
* ocfs2-kmp-64kb-5.3.18-150300.59.204.1
* dtb-renesas-5.3.18-150300.59.204.1
* kernel-64kb-optional-5.3.18-150300.59.204.1
* dtb-freescale-5.3.18-150300.59.204.1
* kernel-64kb-debuginfo-5.3.18-150300.59.204.1
* dtb-socionext-5.3.18-150300.59.204.1
* kernel-64kb-devel-5.3.18-150300.59.204.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.204.1
* reiserfs-kmp-64kb-5.3.18-150300.59.204.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.204.1
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.204.1
* dtb-allwinner-5.3.18-150300.59.204.1
* dtb-cavium-5.3.18-150300.59.204.1
* dtb-amlogic-5.3.18-150300.59.204.1
* dtb-nvidia-5.3.18-150300.59.204.1
* dtb-marvell-5.3.18-150300.59.204.1
* kernel-64kb-extra-5.3.18-150300.59.204.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.204.1
* dlm-kmp-64kb-5.3.18-150300.59.204.1
* dtb-arm-5.3.18-150300.59.204.1
* dtb-qcom-5.3.18-150300.59.204.1
* dtb-al-5.3.18-150300.59.204.1
* dtb-mediatek-5.3.18-150300.59.204.1
* gfs2-kmp-64kb-5.3.18-150300.59.204.1
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.204.1
* dtb-amd-5.3.18-150300.59.204.1
* dtb-hisilicon-5.3.18-150300.59.204.1
* dtb-altera-5.3.18-150300.59.204.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.204.1
* cluster-md-kmp-64kb-5.3.18-150300.59.204.1
* dtb-sprd-5.3.18-150300.59.204.1
* kselftests-kmp-64kb-5.3.18-150300.59.204.1
* dtb-apm-5.3.18-150300.59.204.1
* dtb-zte-5.3.18-150300.59.204.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.204.1
* dtb-exynos-5.3.18-150300.59.204.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_204-default-1-150300.7.3.1
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-livepatch-SLE15-SP3_Update_57-debugsource-1-150300.7.3.1
* kernel-default-livepatch-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-livepatch-5_3_18-150300_59_204-default-debuginfo-1-150300.7.3.1
* kernel-default-livepatch-devel-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.204.1
* cluster-md-kmp-default-5.3.18-150300.59.204.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* gfs2-kmp-default-5.3.18-150300.59.204.1
* dlm-kmp-default-5.3.18-150300.59.204.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.204.1
* ocfs2-kmp-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.204.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-64kb-debuginfo-5.3.18-150300.59.204.1
* kernel-64kb-debugsource-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.204.1
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* kernel-default-devel-5.3.18-150300.59.204.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debugsource-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-obs-build-debugsource-5.3.18-150300.59.204.1
* reiserfs-kmp-default-5.3.18-150300.59.204.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-devel-5.3.18-150300.59.204.1
* kernel-obs-build-5.3.18-150300.59.204.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-syms-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.204.1
* kernel-macros-5.3.18-150300.59.204.1
* kernel-devel-5.3.18-150300.59.204.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.204.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-64kb-debuginfo-5.3.18-150300.59.204.1
* kernel-64kb-debugsource-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* kernel-default-devel-5.3.18-150300.59.204.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-obs-build-debugsource-5.3.18-150300.59.204.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-obs-build-5.3.18-150300.59.204.1
* reiserfs-kmp-default-5.3.18-150300.59.204.1
* kernel-syms-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* kernel-source-5.3.18-150300.59.204.1
* kernel-macros-5.3.18-150300.59.204.1
* kernel-devel-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch nosrc)
* kernel-docs-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64)
* kernel-preempt-devel-5.3.18-150300.59.204.1
* kernel-preempt-debugsource-5.3.18-150300.59.204.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debuginfo-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.204.1
* kernel-zfcpdump-debugsource-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* kernel-default-devel-5.3.18-150300.59.204.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-obs-build-debugsource-5.3.18-150300.59.204.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-obs-build-5.3.18-150300.59.204.1
* reiserfs-kmp-default-5.3.18-150300.59.204.1
* kernel-syms-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.204.1
* kernel-macros-5.3.18-150300.59.204.1
* kernel-devel-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-devel-5.3.18-150300.59.204.1
* kernel-preempt-debugsource-5.3.18-150300.59.204.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debuginfo-5.3.18-150300.59.204.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.204.1
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.204.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-64kb-debuginfo-5.3.18-150300.59.204.1
* kernel-64kb-debugsource-5.3.18-150300.59.204.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.204.1
* kernel-default-5.3.18-150300.59.204.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* kernel-default-devel-5.3.18-150300.59.204.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debugsource-5.3.18-150300.59.204.1
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-obs-build-debugsource-5.3.18-150300.59.204.1
* reiserfs-kmp-default-5.3.18-150300.59.204.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-debuginfo-5.3.18-150300.59.204.1
* kernel-preempt-devel-5.3.18-150300.59.204.1
* kernel-obs-build-5.3.18-150300.59.204.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.204.1
* kernel-syms-5.3.18-150300.59.204.1
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-source-5.3.18-150300.59.204.1
* kernel-macros-5.3.18-150300.59.204.1
* kernel-devel-5.3.18-150300.59.204.1
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-default-debuginfo-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.204.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.204.1.150300.18.122.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.204.1
* kernel-default-debuginfo-5.3.18-150300.59.204.1

## References:

* https://www.suse.com/security/cve/CVE-2020-36789.html
* https://www.suse.com/security/cve/CVE-2021-47163.html
* https://www.suse.com/security/cve/CVE-2021-47668.html
* https://www.suse.com/security/cve/CVE-2021-47669.html
* https://www.suse.com/security/cve/CVE-2021-47670.html
* https://www.suse.com/security/cve/CVE-2022-49111.html
* https://www.suse.com/security/cve/CVE-2023-0179.html
* https://www.suse.com/security/cve/CVE-2023-53026.html
* https://www.suse.com/security/cve/CVE-2023-53033.html
* https://www.suse.com/security/cve/CVE-2024-56642.html
* https://www.suse.com/security/cve/CVE-2024-56661.html
* https://www.suse.com/security/cve/CVE-2025-21726.html
* https://www.suse.com/security/cve/CVE-2025-21785.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-22004.html
* https://www.suse.com/security/cve/CVE-2025-22020.html
* https://www.suse.com/security/cve/CVE-2025-22055.html
* https://bugzilla.suse.com/show_bug.cgi?id=1207034
* https://bugzilla.suse.com/show_bug.cgi?id=1207878
* https://bugzilla.suse.com/show_bug.cgi?id=1221980
* https://bugzilla.suse.com/show_bug.cgi?id=1234931
* https://bugzilla.suse.com/show_bug.cgi?id=1235433
* https://bugzilla.suse.com/show_bug.cgi?id=1237984
* https://bugzilla.suse.com/show_bug.cgi?id=1238512
* https://bugzilla.suse.com/show_bug.cgi?id=1238747
* https://bugzilla.suse.com/show_bug.cgi?id=1238865
* https://bugzilla.suse.com/show_bug.cgi?id=1240210
* https://bugzilla.suse.com/show_bug.cgi?id=1240308
* https://bugzilla.suse.com/show_bug.cgi?id=1240835
* https://bugzilla.suse.com/show_bug.cgi?id=1241280
* https://bugzilla.suse.com/show_bug.cgi?id=1241371
* https://bugzilla.suse.com/show_bug.cgi?id=1241404
* https://bugzilla.suse.com/show_bug.cgi?id=1241405
* https://bugzilla.suse.com/show_bug.cgi?id=1241407
* https://bugzilla.suse.com/show_bug.cgi?id=1241408

SUSE-SU-2025:01638-1: moderate: Security update for openssh

# Security update for openssh

Announcement ID: SUSE-SU-2025:01638-1
Release Date: 2025-05-21T10:48:47Z
Rating: moderate
References:

* bsc#1236826
* bsc#1239671
* bsc#1241012

Cross-References:

* CVE-2025-32728

CVSS scores:

* CVE-2025-32728 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
* CVE-2025-32728 ( SUSE ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-32728 ( NVD ): 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has two security fixes can now be
installed.

## Description:

This update for openssh fixes the following issue:

Security fixes:

* CVE-2025-32728: Fixed logic error in DisableForwarding option (bsc#1241012)

Other fixes: \- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2
due to gssapi proposal not being correctly initialized (bsc#1236826). The
problem was introduced in the rebase of the patch for 9.6p1 \- Enable --with-
logind to call the SetTTY dbus method in systemd. This allows "wall" to print
messages in ssh ttys (bsc#1239671)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1638=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1638=1 openSUSE-SLE-15.6-2025-1638=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1638=1

## Package List:

* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssh-askpass-gnome-9.6p1-150600.6.26.1
* openssh-askpass-gnome-debugsource-9.6p1-150600.6.26.1
* openssh-askpass-gnome-debuginfo-9.6p1-150600.6.26.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openssh-helpers-9.6p1-150600.6.26.1
* openssh-clients-9.6p1-150600.6.26.1
* openssh-helpers-debuginfo-9.6p1-150600.6.26.1
* openssh-cavs-9.6p1-150600.6.26.1
* openssh-debugsource-9.6p1-150600.6.26.1
* openssh-server-debuginfo-9.6p1-150600.6.26.1
* openssh-9.6p1-150600.6.26.1
* openssh-debuginfo-9.6p1-150600.6.26.1
* openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
* openssh-askpass-gnome-debugsource-9.6p1-150600.6.26.1
* openssh-fips-9.6p1-150600.6.26.1
* openssh-cavs-debuginfo-9.6p1-150600.6.26.1
* openssh-server-9.6p1-150600.6.26.1
* openssh-common-9.6p1-150600.6.26.1
* openssh-clients-debuginfo-9.6p1-150600.6.26.1
* openssh-askpass-gnome-9.6p1-150600.6.26.1
* openssh-common-debuginfo-9.6p1-150600.6.26.1
* openssh-askpass-gnome-debuginfo-9.6p1-150600.6.26.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssh-helpers-9.6p1-150600.6.26.1
* openssh-clients-9.6p1-150600.6.26.1
* openssh-helpers-debuginfo-9.6p1-150600.6.26.1
* openssh-debugsource-9.6p1-150600.6.26.1
* openssh-9.6p1-150600.6.26.1
* openssh-debuginfo-9.6p1-150600.6.26.1
* openssh-server-config-disallow-rootlogin-9.6p1-150600.6.26.1
* openssh-fips-9.6p1-150600.6.26.1
* openssh-server-9.6p1-150600.6.26.1
* openssh-common-9.6p1-150600.6.26.1
* openssh-clients-debuginfo-9.6p1-150600.6.26.1
* openssh-server-debuginfo-9.6p1-150600.6.26.1
* openssh-common-debuginfo-9.6p1-150600.6.26.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32728.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236826
* https://bugzilla.suse.com/show_bug.cgi?id=1239671
* https://bugzilla.suse.com/show_bug.cgi?id=1241012

SUSE-SU-2025:01640-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:01640-1
Release Date: 2025-05-21T11:52:09Z
Rating: important
References:

* bsc#1054914
* bsc#1206843
* bsc#1210409
* bsc#1225903
* bsc#1229361
* bsc#1229621
* bsc#1230764
* bsc#1231103
* bsc#1231910
* bsc#1236777
* bsc#1237981
* bsc#1238032
* bsc#1238471
* bsc#1238512
* bsc#1238747
* bsc#1238865
* bsc#1239061
* bsc#1239684
* bsc#1239968
* bsc#1240209
* bsc#1240211
* bsc#1240214
* bsc#1240228
* bsc#1240230
* bsc#1240246
* bsc#1240248
* bsc#1240269
* bsc#1240271
* bsc#1240274
* bsc#1240285
* bsc#1240295
* bsc#1240306
* bsc#1240314
* bsc#1240315
* bsc#1240321
* bsc#1240747
* bsc#1240835
* bsc#1241280
* bsc#1241371
* bsc#1241421
* bsc#1241433
* bsc#1241541
* bsc#1241625
* bsc#1241648
* bsc#1242284
* bsc#1242493
* bsc#1242778

Cross-References:

* CVE-2021-47671
* CVE-2022-48933
* CVE-2022-49110
* CVE-2022-49139
* CVE-2022-49741
* CVE-2022-49745
* CVE-2022-49767
* CVE-2023-52928
* CVE-2023-52931
* CVE-2023-52936
* CVE-2023-52937
* CVE-2023-52938
* CVE-2023-52981
* CVE-2023-52982
* CVE-2023-52986
* CVE-2023-52994
* CVE-2023-53001
* CVE-2023-53002
* CVE-2023-53009
* CVE-2023-53014
* CVE-2023-53018
* CVE-2023-53031
* CVE-2023-53051
* CVE-2024-42307
* CVE-2024-46763
* CVE-2024-46865
* CVE-2024-50038
* CVE-2025-21726
* CVE-2025-21785
* CVE-2025-21791
* CVE-2025-21812
* CVE-2025-21839
* CVE-2025-22004
* CVE-2025-22020
* CVE-2025-22045
* CVE-2025-22055
* CVE-2025-22097
* CVE-2025-2312
* CVE-2025-23138
* CVE-2025-39735

CVSS scores:

* CVE-2021-47671 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47671 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-48933 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-48933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49110 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49139 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49139 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49741 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49741 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49741 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49745 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49745 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-49767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52928 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52928 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52931 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52936 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52937 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52937 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52938 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52938 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52994 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52994 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53001 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53002 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53002 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53009 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53014 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-42307 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-42307 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46763 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46763 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46865 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46865 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-50038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50038 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21726 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21726 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21726 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21785 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21785 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21791 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22004 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22045 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22055 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-22097 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22097 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-22097 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-2312 ( SUSE ): 6.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-2312 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-2312 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-23138 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39735 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39735 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39735 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves 40 vulnerabilities and has seven security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.

The following security bugs were fixed:

* CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj
update (bsc#1229621).
* CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
* CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1238032).
* CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
* CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
* CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed
(bsc#1231910).
* CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
* CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo
array (bsc#1238747).
* CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
* CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
* CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering
.vcpu_run() loop (bsc#1239061).
* CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
* CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280).
* CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal
PMDs (bsc#1241433).
* CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
* CVE-2025-22097: drm/vkms: Fix use after free and double free on init error
(bsc#1241541).
* CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution
(bsc#1239684).
* CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
* CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).

The following non-security bugs were fixed:

* cpufreq: ACPI: Mark boost policy as enabled when setting boost
(bsc#1236777).
* cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
* cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw()
(bsc#1236777).
* cpufreq: Support per-policy performance boost (bsc#1236777).
* x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
* x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
* x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-1640=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-1640=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.94.1
* kernel-devel-rt-5.14.21-150500.13.94.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt_debug-debugsource-5.14.21-150500.13.94.1
* kernel-rt_debug-devel-5.14.21-150500.13.94.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.94.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.94.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-extra-5.14.21-150500.13.94.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.94.1
* dlm-kmp-rt-5.14.21-150500.13.94.1
* kernel-rt-debugsource-5.14.21-150500.13.94.1
* kernel-rt-vdso-5.14.21-150500.13.94.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.94.1
* reiserfs-kmp-rt-5.14.21-150500.13.94.1
* kselftests-kmp-rt-5.14.21-150500.13.94.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-optional-5.14.21-150500.13.94.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.94.1
* ocfs2-kmp-rt-5.14.21-150500.13.94.1
* cluster-md-kmp-rt-5.14.21-150500.13.94.1
* kernel-rt-livepatch-5.14.21-150500.13.94.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.94.1
* kernel-rt_debug-vdso-5.14.21-150500.13.94.1
* kernel-rt-devel-5.14.21-150500.13.94.1
* kernel-syms-rt-5.14.21-150500.13.94.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-debuginfo-5.14.21-150500.13.94.1
* gfs2-kmp-rt-5.14.21-150500.13.94.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.94.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.94.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.94.1
* kernel-rt_debug-5.14.21-150500.13.94.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.94.1
* kernel-devel-rt-5.14.21-150500.13.94.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.94.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debugsource-5.14.21-150500.13.94.1
* kernel-rt-debuginfo-5.14.21-150500.13.94.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47671.html
* https://www.suse.com/security/cve/CVE-2022-48933.html
* https://www.suse.com/security/cve/CVE-2022-49110.html
* https://www.suse.com/security/cve/CVE-2022-49139.html
* https://www.suse.com/security/cve/CVE-2022-49741.html
* https://www.suse.com/security/cve/CVE-2022-49745.html
* https://www.suse.com/security/cve/CVE-2022-49767.html
* https://www.suse.com/security/cve/CVE-2023-52928.html
* https://www.suse.com/security/cve/CVE-2023-52931.html
* https://www.suse.com/security/cve/CVE-2023-52936.html
* https://www.suse.com/security/cve/CVE-2023-52937.html
* https://www.suse.com/security/cve/CVE-2023-52938.html
* https://www.suse.com/security/cve/CVE-2023-52981.html
* https://www.suse.com/security/cve/CVE-2023-52982.html
* https://www.suse.com/security/cve/CVE-2023-52986.html
* https://www.suse.com/security/cve/CVE-2023-52994.html
* https://www.suse.com/security/cve/CVE-2023-53001.html
* https://www.suse.com/security/cve/CVE-2023-53002.html
* https://www.suse.com/security/cve/CVE-2023-53009.html
* https://www.suse.com/security/cve/CVE-2023-53014.html
* https://www.suse.com/security/cve/CVE-2023-53018.html
* https://www.suse.com/security/cve/CVE-2023-53031.html
* https://www.suse.com/security/cve/CVE-2023-53051.html
* https://www.suse.com/security/cve/CVE-2024-42307.html
* https://www.suse.com/security/cve/CVE-2024-46763.html
* https://www.suse.com/security/cve/CVE-2024-46865.html
* https://www.suse.com/security/cve/CVE-2024-50038.html
* https://www.suse.com/security/cve/CVE-2025-21726.html
* https://www.suse.com/security/cve/CVE-2025-21785.html
* https://www.suse.com/security/cve/CVE-2025-21791.html
* https://www.suse.com/security/cve/CVE-2025-21812.html
* https://www.suse.com/security/cve/CVE-2025-21839.html
* https://www.suse.com/security/cve/CVE-2025-22004.html
* https://www.suse.com/security/cve/CVE-2025-22020.html
* https://www.suse.com/security/cve/CVE-2025-22045.html
* https://www.suse.com/security/cve/CVE-2025-22055.html
* https://www.suse.com/security/cve/CVE-2025-22097.html
* https://www.suse.com/security/cve/CVE-2025-2312.html
* https://www.suse.com/security/cve/CVE-2025-23138.html
* https://www.suse.com/security/cve/CVE-2025-39735.html
* https://bugzilla.suse.com/show_bug.cgi?id=1054914
* https://bugzilla.suse.com/show_bug.cgi?id=1206843
* https://bugzilla.suse.com/show_bug.cgi?id=1210409
* https://bugzilla.suse.com/show_bug.cgi?id=1225903
* https://bugzilla.suse.com/show_bug.cgi?id=1229361
* https://bugzilla.suse.com/show_bug.cgi?id=1229621
* https://bugzilla.suse.com/show_bug.cgi?id=1230764
* https://bugzilla.suse.com/show_bug.cgi?id=1231103
* https://bugzilla.suse.com/show_bug.cgi?id=1231910
* https://bugzilla.suse.com/show_bug.cgi?id=1236777
* https://bugzilla.suse.com/show_bug.cgi?id=1237981
* https://bugzilla.suse.com/show_bug.cgi?id=1238032
* https://bugzilla.suse.com/show_bug.cgi?id=1238471
* https://bugzilla.suse.com/show_bug.cgi?id=1238512
* https://bugzilla.suse.com/show_bug.cgi?id=1238747
* https://bugzilla.suse.com/show_bug.cgi?id=1238865
* https://bugzilla.suse.com/show_bug.cgi?id=1239061
* https://bugzilla.suse.com/show_bug.cgi?id=1239684
* https://bugzilla.suse.com/show_bug.cgi?id=1239968
* https://bugzilla.suse.com/show_bug.cgi?id=1240209
* https://bugzilla.suse.com/show_bug.cgi?id=1240211
* https://bugzilla.suse.com/show_bug.cgi?id=1240214
* https://bugzilla.suse.com/show_bug.cgi?id=1240228
* https://bugzilla.suse.com/show_bug.cgi?id=1240230
* https://bugzilla.suse.com/show_bug.cgi?id=1240246
* https://bugzilla.suse.com/show_bug.cgi?id=1240248
* https://bugzilla.suse.com/show_bug.cgi?id=1240269
* https://bugzilla.suse.com/show_bug.cgi?id=1240271
* https://bugzilla.suse.com/show_bug.cgi?id=1240274
* https://bugzilla.suse.com/show_bug.cgi?id=1240285
* https://bugzilla.suse.com/show_bug.cgi?id=1240295
* https://bugzilla.suse.com/show_bug.cgi?id=1240306
* https://bugzilla.suse.com/show_bug.cgi?id=1240314
* https://bugzilla.suse.com/show_bug.cgi?id=1240315
* https://bugzilla.suse.com/show_bug.cgi?id=1240321
* https://bugzilla.suse.com/show_bug.cgi?id=1240747
* https://bugzilla.suse.com/show_bug.cgi?id=1240835
* https://bugzilla.suse.com/show_bug.cgi?id=1241280
* https://bugzilla.suse.com/show_bug.cgi?id=1241371
* https://bugzilla.suse.com/show_bug.cgi?id=1241421
* https://bugzilla.suse.com/show_bug.cgi?id=1241433
* https://bugzilla.suse.com/show_bug.cgi?id=1241541
* https://bugzilla.suse.com/show_bug.cgi?id=1241625
* https://bugzilla.suse.com/show_bug.cgi?id=1241648
* https://bugzilla.suse.com/show_bug.cgi?id=1242284
* https://bugzilla.suse.com/show_bug.cgi?id=1242493
* https://bugzilla.suse.com/show_bug.cgi?id=1242778

SUSE-SU-2025:01611-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:01611-1
Release Date: 2025-05-21T08:03:50Z
Rating: important
References:

* bsc#1234847

Cross-References:

* CVE-2024-53156

CVSS scores:

* CVE-2024-53156 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53156 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_144 fixes one issue.

The following security issue was fixed:

* CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (bsc#1234847).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-1611=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1611=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-6-150400.2.2
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-6-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-6-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-6-150400.2.2
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-6-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-6-150400.2.2

## References:

* https://www.suse.com/security/cve/CVE-2024-53156.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234847

SUSE-SU-2025:01644-1: moderate: Security update for postgresql17

# Security update for postgresql17

Announcement ID: SUSE-SU-2025:01644-1
Release Date: 2025-05-21T14:35:27Z
Rating: moderate
References:

* bsc#1242931

Cross-References:

* CVE-2025-4207

CVSS scores:

* CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for postgresql17 fixes the following issues:

Upgrade to 17.5:

* CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one
byte past end of allocation for text that fails validation (bsc#1242931)

Changelog:

https://www.postgresql.org/docs/release/17.5/

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1644=1 openSUSE-SLE-15.6-2025-1644=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1644=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1644=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1644=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql17-pltcl-debuginfo-17.5-150600.13.13.1
* postgresql17-contrib-17.5-150600.13.13.1
* postgresql17-pltcl-17.5-150600.13.13.1
* postgresql17-llvmjit-devel-17.5-150600.13.13.1
* postgresql17-devel-mini-debuginfo-17.5-150600.13.13.1
* postgresql17-llvmjit-debuginfo-17.5-150600.13.13.1
* postgresql17-plpython-17.5-150600.13.13.1
* postgresql17-server-devel-17.5-150600.13.13.1
* postgresql17-devel-debuginfo-17.5-150600.13.13.1
* postgresql17-mini-debugsource-17.5-150600.13.13.1
* postgresql17-test-17.5-150600.13.13.1
* postgresql17-devel-17.5-150600.13.13.1
* postgresql17-debuginfo-17.5-150600.13.13.1
* postgresql17-plperl-17.5-150600.13.13.1
* libecpg6-17.5-150600.13.13.1
* postgresql17-server-devel-debuginfo-17.5-150600.13.13.1
* postgresql17-plpython-debuginfo-17.5-150600.13.13.1
* postgresql17-llvmjit-17.5-150600.13.13.1
* libpq5-17.5-150600.13.13.1
* postgresql17-contrib-debuginfo-17.5-150600.13.13.1
* postgresql17-17.5-150600.13.13.1
* postgresql17-server-debuginfo-17.5-150600.13.13.1
* libecpg6-debuginfo-17.5-150600.13.13.1
* libpq5-debuginfo-17.5-150600.13.13.1
* postgresql17-debugsource-17.5-150600.13.13.1
* postgresql17-server-17.5-150600.13.13.1
* postgresql17-plperl-debuginfo-17.5-150600.13.13.1
* postgresql17-devel-mini-17.5-150600.13.13.1
* openSUSE Leap 15.6 (x86_64)
* libpq5-32bit-debuginfo-17.5-150600.13.13.1
* libecpg6-32bit-debuginfo-17.5-150600.13.13.1
* libecpg6-32bit-17.5-150600.13.13.1
* libpq5-32bit-17.5-150600.13.13.1
* openSUSE Leap 15.6 (noarch)
* postgresql17-docs-17.5-150600.13.13.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpq5-64bit-debuginfo-17.5-150600.13.13.1
* libecpg6-64bit-17.5-150600.13.13.1
* libpq5-64bit-17.5-150600.13.13.1
* libecpg6-64bit-debuginfo-17.5-150600.13.13.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpq5-debuginfo-17.5-150600.13.13.1
* postgresql17-debugsource-17.5-150600.13.13.1
* libpq5-17.5-150600.13.13.1
* postgresql17-17.5-150600.13.13.1
* postgresql17-debuginfo-17.5-150600.13.13.1
* Basesystem Module 15-SP6 (x86_64)
* libpq5-32bit-17.5-150600.13.13.1
* libpq5-32bit-debuginfo-17.5-150600.13.13.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-debugsource-17.5-150600.13.13.1
* postgresql17-llvmjit-17.5-150600.13.13.1
* postgresql17-llvmjit-debuginfo-17.5-150600.13.13.1
* postgresql17-llvmjit-devel-17.5-150600.13.13.1
* postgresql17-test-17.5-150600.13.13.1
* postgresql17-debuginfo-17.5-150600.13.13.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-server-debuginfo-17.5-150600.13.13.1
* libecpg6-debuginfo-17.5-150600.13.13.1
* postgresql17-server-17.5-150600.13.13.1
* postgresql17-debugsource-17.5-150600.13.13.1
* postgresql17-plperl-17.5-150600.13.13.1
* libecpg6-17.5-150600.13.13.1
* postgresql17-pltcl-debuginfo-17.5-150600.13.13.1
* postgresql17-plpython-debuginfo-17.5-150600.13.13.1
* postgresql17-server-devel-debuginfo-17.5-150600.13.13.1
* postgresql17-contrib-17.5-150600.13.13.1
* postgresql17-plperl-debuginfo-17.5-150600.13.13.1
* postgresql17-plpython-17.5-150600.13.13.1
* postgresql17-devel-17.5-150600.13.13.1
* postgresql17-pltcl-17.5-150600.13.13.1
* postgresql17-server-devel-17.5-150600.13.13.1
* postgresql17-devel-debuginfo-17.5-150600.13.13.1
* postgresql17-contrib-debuginfo-17.5-150600.13.13.1
* postgresql17-debuginfo-17.5-150600.13.13.1
* Server Applications Module 15-SP6 (noarch)
* postgresql17-docs-17.5-150600.13.13.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4207.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242931

openSUSE-SU-2025:15134-1: moderate: gnuplot-6.0.2-3.1 on GA media

# gnuplot-6.0.2-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15134-1
Rating: moderate

Cross-References:

* CVE-2025-31176
* CVE-2025-31177
* CVE-2025-31178
* CVE-2025-31179
* CVE-2025-31180
* CVE-2025-31181
* CVE-2025-3359

CVSS scores:

* CVE-2025-31176 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-31178 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-31179 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-31180 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-31181 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3359 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-3359 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the gnuplot-6.0.2-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gnuplot 6.0.2-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-31176.html
* https://www.suse.com/security/cve/CVE-2025-31177.html
* https://www.suse.com/security/cve/CVE-2025-31178.html
* https://www.suse.com/security/cve/CVE-2025-31179.html
* https://www.suse.com/security/cve/CVE-2025-31180.html
* https://www.suse.com/security/cve/CVE-2025-31181.html
* https://www.suse.com/security/cve/CVE-2025-3359.html

openSUSE-SU-2025:15140-1: moderate: postgresql16-16.9-1.1 on GA media

# postgresql16-16.9-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15140-1
Rating: moderate

Cross-References:

* CVE-2025-4207

CVSS scores:

* CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the postgresql16-16.9-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql16 16.9-1.1
* postgresql16-contrib 16.9-1.1
* postgresql16-devel 16.9-1.1
* postgresql16-docs 16.9-1.1
* postgresql16-llvmjit 16.9-1.1
* postgresql16-llvmjit-devel 16.9-1.1
* postgresql16-plperl 16.9-1.1
* postgresql16-plpython 16.9-1.1
* postgresql16-pltcl 16.9-1.1
* postgresql16-server 16.9-1.1
* postgresql16-server-devel 16.9-1.1
* postgresql16-test 16.9-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4207.html

openSUSE-SU-2025:15142-1: moderate: xen-4.20.0_12-1.1 on GA media

# xen-4.20.0_12-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15142-1
Rating: moderate

Cross-References:

* CVE-2024-28956

CVSS scores:

* CVE-2024-28956 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-28956 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the xen-4.20.0_12-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* xen 4.20.0_12-1.1
* xen-devel 4.20.0_12-1.1
* xen-doc-html 4.20.0_12-1.1
* xen-libs 4.20.0_12-1.1
* xen-tools 4.20.0_12-1.1
* xen-tools-domU 4.20.0_12-1.1
* xen-tools-xendomains-wait-disk 4.20.0_12-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-28956.html

openSUSE-SU-2025:15139-1: moderate: postgresql15-15.13-1.1 on GA media

# postgresql15-15.13-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15139-1
Rating: moderate

Cross-References:

* CVE-2025-4207

CVSS scores:

* CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the postgresql15-15.13-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql15 15.13-1.1
* postgresql15-contrib 15.13-1.1
* postgresql15-devel 15.13-1.1
* postgresql15-docs 15.13-1.1
* postgresql15-llvmjit 15.13-1.1
* postgresql15-llvmjit-devel 15.13-1.1
* postgresql15-plperl 15.13-1.1
* postgresql15-plpython 15.13-1.1
* postgresql15-pltcl 15.13-1.1
* postgresql15-server 15.13-1.1
* postgresql15-server-devel 15.13-1.1
* postgresql15-test 15.13-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4207.html

openSUSE-SU-2025:15141-1: moderate: python314-3.14.0~b1-3.1 on GA media

# python314-3.14.0~b1-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15141-1
Rating: moderate

Cross-References:

* CVE-2025-4516

CVSS scores:

* CVE-2025-4516 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-4516 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python314-3.14.0~b1-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python314 3.14.0~b1-3.1
* python314-curses 3.14.0~b1-3.1
* python314-dbm 3.14.0~b1-3.1
* python314-idle 3.14.0~b1-3.1
* python314-tk 3.14.0~b1-3.1
* python314-x86-64-v3 3.14.0~b1-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4516.html

openSUSE-SU-2025:15138-1: moderate: postgresql14-14.18-1.1 on GA media

# postgresql14-14.18-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15138-1
Rating: moderate

Cross-References:

* CVE-2025-4207

CVSS scores:

* CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the postgresql14-14.18-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql14 14.18-1.1
* postgresql14-contrib 14.18-1.1
* postgresql14-devel 14.18-1.1
* postgresql14-docs 14.18-1.1
* postgresql14-llvmjit 14.18-1.1
* postgresql14-llvmjit-devel 14.18-1.1
* postgresql14-plperl 14.18-1.1
* postgresql14-plpython 14.18-1.1
* postgresql14-pltcl 14.18-1.1
* postgresql14-server 14.18-1.1
* postgresql14-server-devel 14.18-1.1
* postgresql14-test 14.18-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4207.html

openSUSE-SU-2025:15135-1: moderate: govulncheck-vulndb-0.0.20250515T200012-1.1 on GA media

# govulncheck-vulndb-0.0.20250515T200012-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15135-1
Rating: moderate

Cross-References:

* CVE-2024-52290
* CVE-2024-8063
* CVE-2025-3757
* CVE-2025-3931
* CVE-2025-4432
* CVE-2025-46331
* CVE-2025-4658
* CVE-2025-46721
* CVE-2025-46735
* CVE-2025-46815
* CVE-2025-46816

Affected Products:

* openSUSE Tumbleweed

An update that solves 11 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the govulncheck-vulndb-0.0.20250515T200012-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20250515T200012-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-52290.html
* https://www.suse.com/security/cve/CVE-2024-8063.html
* https://www.suse.com/security/cve/CVE-2025-3757.html
* https://www.suse.com/security/cve/CVE-2025-3931.html
* https://www.suse.com/security/cve/CVE-2025-4432.html
* https://www.suse.com/security/cve/CVE-2025-46331.html
* https://www.suse.com/security/cve/CVE-2025-4658.html
* https://www.suse.com/security/cve/CVE-2025-46721.html
* https://www.suse.com/security/cve/CVE-2025-46735.html
* https://www.suse.com/security/cve/CVE-2025-46815.html
* https://www.suse.com/security/cve/CVE-2025-46816.html

openSUSE-SU-2025:15137-1: moderate: postgresql13-13.21-1.1 on GA media

# postgresql13-13.21-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15137-1
Rating: moderate

Cross-References:

* CVE-2025-4207

CVSS scores:

* CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the postgresql13-13.21-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* postgresql13 13.21-1.1
* postgresql13-contrib 13.21-1.1
* postgresql13-devel 13.21-1.1
* postgresql13-docs 13.21-1.1
* postgresql13-llvmjit 13.21-1.1
* postgresql13-llvmjit-devel 13.21-1.1
* postgresql13-plperl 13.21-1.1
* postgresql13-plpython 13.21-1.1
* postgresql13-pltcl 13.21-1.1
* postgresql13-server 13.21-1.1
* postgresql13-server-devel 13.21-1.1
* postgresql13-test 13.21-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4207.html

openSUSE-SU-2025:15132-1: moderate: dante-1.4.4-1.1 on GA media

# dante-1.4.4-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15132-1
Rating: moderate

Cross-References:

* CVE-2024-54662

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the dante-1.4.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dante 1.4.4-1.1
* dante-devel 1.4.4-1.1
* dante-server 1.4.4-1.1
* libsocks0 1.4.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-54662.html

openSUSE-SU-2025:15136-1: moderate: grype-0.92.1-1.1 on GA media

# grype-0.92.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15136-1
Rating: moderate

Cross-References:

* CVE-2021-3711
* CVE-2022-2068

CVSS scores:

* CVE-2021-3711 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-2068 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the grype-0.92.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* grype 0.92.1-1.1
* grype-bash-completion 0.92.1-1.1
* grype-fish-completion 0.92.1-1.1
* grype-zsh-completion 0.92.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2021-3711.html
* https://www.suse.com/security/cve/CVE-2022-2068.html

openSUSE-SU-2025:15131-1: moderate: MozillaThunderbird-128.10.1-1.1 on GA media

# MozillaThunderbird-128.10.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15131-1
Rating: moderate

Cross-References:

* CVE-2025-3875
* CVE-2025-3877
* CVE-2025-3909
* CVE-2025-3932

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaThunderbird-128.10.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaThunderbird 128.10.1-1.1
* MozillaThunderbird-openpgp-librnp 128.10.1-1.1
* MozillaThunderbird-translations-common 128.10.1-1.1
* MozillaThunderbird-translations-other 128.10.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3875.html
* https://www.suse.com/security/cve/CVE-2025-3877.html
* https://www.suse.com/security/cve/CVE-2025-3909.html
* https://www.suse.com/security/cve/CVE-2025-3932.html

openSUSE-SU-2025:15133-1: moderate: firefox-esr-128.10.1-1.1 on GA media

# firefox-esr-128.10.1-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15133-1
Rating: moderate

Cross-References:

* CVE-2025-4918
* CVE-2025-4919

CVSS scores:

* CVE-2025-4918 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4918 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4919 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-4919 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the firefox-esr-128.10.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* firefox-esr 128.10.1-1.1
* firefox-esr-branding-upstream 128.10.1-1.1
* firefox-esr-translations-common 128.10.1-1.1
* firefox-esr-translations-other 128.10.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4918.html
* https://www.suse.com/security/cve/CVE-2025-4919.html

SUSE-SU-2025:01614-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2025:01614-1
Release Date: 2025-05-21T09:52:56Z
Rating: important
References:

* bsc#1215199
* bsc#1223809
* bsc#1224013
* bsc#1224597
* bsc#1224757
* bsc#1228659
* bsc#1230764
* bsc#1231103
* bsc#1231910
* bsc#1232493
* bsc#1233075
* bsc#1233098
* bsc#1234074
* bsc#1234157
* bsc#1234698
* bsc#1235501
* bsc#1235526
* bsc#1235550
* bsc#1235870
* bsc#1236086
* bsc#1236704
* bsc#1237111
* bsc#1237874
* bsc#1237882
* bsc#1238052
* bsc#1238212
* bsc#1238471
* bsc#1238527
* bsc#1238565
* bsc#1238714
* bsc#1238737
* bsc#1238742
* bsc#1238745
* bsc#1238746
* bsc#1238862
* bsc#1238961
* bsc#1238970
* bsc#1238983
* bsc#1238990
* bsc#1239066
* bsc#1239079
* bsc#1239108
* bsc#1239470
* bsc#1239475
* bsc#1239476
* bsc#1239487
* bsc#1239510
* bsc#1239684
* bsc#1239906
* bsc#1239925
* bsc#1239997
* bsc#1240167
* bsc#1240168
* bsc#1240171
* bsc#1240176
* bsc#1240181
* bsc#1240184
* bsc#1240185
* bsc#1240375
* bsc#1240557
* bsc#1240575
* bsc#1240576
* bsc#1240581
* bsc#1240582
* bsc#1240583
* bsc#1240584
* bsc#1240585
* bsc#1240587
* bsc#1240590
* bsc#1240591
* bsc#1240592
* bsc#1240594
* bsc#1240595
* bsc#1240596
* bsc#1240600
* bsc#1240612
* bsc#1240616
* bsc#1240639
* bsc#1240643
* bsc#1240647
* bsc#1240655
* bsc#1240691
* bsc#1240700
* bsc#1240701
* bsc#1240703
* bsc#1240708
* bsc#1240709
* bsc#1240712
* bsc#1240713
* bsc#1240714
* bsc#1240715
* bsc#1240716
* bsc#1240717
* bsc#1240718
* bsc#1240719
* bsc#1240720
* bsc#1240722
* bsc#1240727
* bsc#1240739
* bsc#1240740
* bsc#1240742
* bsc#1240779
* bsc#1240783
* bsc#1240784
* bsc#1240785
* bsc#1240795
* bsc#1240796
* bsc#1240797
* bsc#1240799
* bsc#1240801
* bsc#1240802
* bsc#1240806
* bsc#1240808
* bsc#1240809
* bsc#1240811
* bsc#1240812
* bsc#1240813
* bsc#1240815
* bsc#1240816
* bsc#1240819
* bsc#1240821
* bsc#1240825
* bsc#1240829
* bsc#1240835
* bsc#1240873
* bsc#1240934
* bsc#1240936
* bsc#1240937
* bsc#1240938
* bsc#1240940
* bsc#1240942
* bsc#1240943
* bsc#1240944
* bsc#1240978
* bsc#1240979
* bsc#1241010
* bsc#1241038
* bsc#1241051
* bsc#1241123
* bsc#1241151
* bsc#1241167
* bsc#1241175
* bsc#1241204
* bsc#1241250
* bsc#1241265
* bsc#1241266
* bsc#1241280
* bsc#1241332
* bsc#1241333
* bsc#1241341
* bsc#1241343
* bsc#1241344
* bsc#1241347
* bsc#1241357
* bsc#1241361
* bsc#1241369
* bsc#1241371
* bsc#1241373
* bsc#1241378
* bsc#1241394
* bsc#1241402
* bsc#1241412
* bsc#1241413
* bsc#1241416
* bsc#1241424
* bsc#1241426
* bsc#1241433
* bsc#1241436
* bsc#1241441
* bsc#1241442
* bsc#1241443
* bsc#1241451
* bsc#1241452
* bsc#1241456
* bsc#1241458
* bsc#1241459
* bsc#1241526
* bsc#1241528
* bsc#1241537
* bsc#1241541
* bsc#1241545
* bsc#1241547
* bsc#1241548
* bsc#1241550
* bsc#1241573
* bsc#1241574
* bsc#1241575
* bsc#1241578
* bsc#1241590
* bsc#1241593
* bsc#1241598
* bsc#1241599
* bsc#1241601
* bsc#1241626
* bsc#1241640
* bsc#1241648
* bsc#1242006
* bsc#1242044
* bsc#1242172
* bsc#1242283
* bsc#1242307
* bsc#1242313
* bsc#1242314
* bsc#1242315
* bsc#1242321
* bsc#1242326
* bsc#1242327
* bsc#1242328
* bsc#1242332
* bsc#1242333
* bsc#1242335
* bsc#1242336
* bsc#1242342
* bsc#1242343
* bsc#1242344
* bsc#1242345
* bsc#1242346
* bsc#1242347
* bsc#1242348
* bsc#1242414
* bsc#1242526
* bsc#1242528
* bsc#1242534
* bsc#1242535
* bsc#1242536
* bsc#1242537
* bsc#1242538
* bsc#1242539
* bsc#1242540
* bsc#1242546
* bsc#1242556
* bsc#1242596
* bsc#1242710
* bsc#1242778
* bsc#1242831
* bsc#1242985
* jsc#PED-12309

Cross-References:

* CVE-2023-53034
* CVE-2024-27018
* CVE-2024-27415
* CVE-2024-28956
* CVE-2024-35840
* CVE-2024-46763
* CVE-2024-46865
* CVE-2024-50038
* CVE-2024-50083
* CVE-2024-50162
* CVE-2024-50163
* CVE-2024-53124
* CVE-2024-53139
* CVE-2024-56641
* CVE-2024-56702
* CVE-2024-57924
* CVE-2024-57998
* CVE-2024-58001
* CVE-2024-58018
* CVE-2024-58068
* CVE-2024-58070
* CVE-2024-58071
* CVE-2024-58088
* CVE-2024-58093
* CVE-2024-58094
* CVE-2024-58095
* CVE-2024-58096
* CVE-2024-58097
* CVE-2025-21683
* CVE-2025-21696
* CVE-2025-21707
* CVE-2025-21729
* CVE-2025-21755
* CVE-2025-21758
* CVE-2025-21768
* CVE-2025-21792
* CVE-2025-21806
* CVE-2025-21808
* CVE-2025-21812
* CVE-2025-21833
* CVE-2025-21836
* CVE-2025-21852
* CVE-2025-21853
* CVE-2025-21854
* CVE-2025-21863
* CVE-2025-21867
* CVE-2025-21873
* CVE-2025-21875
* CVE-2025-21881
* CVE-2025-21884
* CVE-2025-21887
* CVE-2025-21889
* CVE-2025-21894
* CVE-2025-21895
* CVE-2025-21904
* CVE-2025-21905
* CVE-2025-21906
* CVE-2025-21908
* CVE-2025-21909
* CVE-2025-21910
* CVE-2025-21912
* CVE-2025-21913
* CVE-2025-21914
* CVE-2025-21915
* CVE-2025-21916
* CVE-2025-21917
* CVE-2025-21918
* CVE-2025-21922
* CVE-2025-21923
* CVE-2025-21924
* CVE-2025-21925
* CVE-2025-21926
* CVE-2025-21927
* CVE-2025-21928
* CVE-2025-21930
* CVE-2025-21931
* CVE-2025-21934
* CVE-2025-21935
* CVE-2025-21936
* CVE-2025-21937
* CVE-2025-21941
* CVE-2025-21943
* CVE-2025-21948
* CVE-2025-21950
* CVE-2025-21951
* CVE-2025-21953
* CVE-2025-21956
* CVE-2025-21957
* CVE-2025-21960
* CVE-2025-21961
* CVE-2025-21962
* CVE-2025-21963
* CVE-2025-21964
* CVE-2025-21966
* CVE-2025-21968
* CVE-2025-21969
* CVE-2025-21970
* CVE-2025-21971
* CVE-2025-21972
* CVE-2025-21975
* CVE-2025-21978
* CVE-2025-21979
* CVE-2025-21980
* CVE-2025-21981
* CVE-2025-21985
* CVE-2025-21991
* CVE-2025-21992
* CVE-2025-21993
* CVE-2025-21995
* CVE-2025-21996
* CVE-2025-21999
* CVE-2025-22001
* CVE-2025-22003
* CVE-2025-22004
* CVE-2025-22007
* CVE-2025-22008
* CVE-2025-22009
* CVE-2025-22010
* CVE-2025-22013
* CVE-2025-22014
* CVE-2025-22015
* CVE-2025-22016
* CVE-2025-22017
* CVE-2025-22018
* CVE-2025-22020
* CVE-2025-22025
* CVE-2025-22027
* CVE-2025-22029
* CVE-2025-22033
* CVE-2025-22036
* CVE-2025-22044
* CVE-2025-22045
* CVE-2025-22050
* CVE-2025-22053
* CVE-2025-22055
* CVE-2025-22058
* CVE-2025-22060
* CVE-2025-22062
* CVE-2025-22064
* CVE-2025-22065
* CVE-2025-22075
* CVE-2025-22080
* CVE-2025-22086
* CVE-2025-22088
* CVE-2025-22090
* CVE-2025-22093
* CVE-2025-22097
* CVE-2025-22102
* CVE-2025-22104
* CVE-2025-22105
* CVE-2025-22106
* CVE-2025-22107
* CVE-2025-22108
* CVE-2025-22109
* CVE-2025-22115
* CVE-2025-22116
* CVE-2025-22121
* CVE-2025-22128
* CVE-2025-2312
* CVE-2025-23129
* CVE-2025-23131
* CVE-2025-23133
* CVE-2025-23136
* CVE-2025-23138
* CVE-2025-23145
* CVE-2025-37785
* CVE-2025-37798
* CVE-2025-37799
* CVE-2025-37860
* CVE-2025-39728

CVSS scores:

* CVE-2023-53034 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53034 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-27018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-27018 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-27415 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2024-28956 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-28956 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-28956 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-28956 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-35840 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46763 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46763 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46865 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-46865 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-50038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50038 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50083 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50162 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50162 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50163 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50163 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50163 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53124 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53124 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53139 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53139 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56641 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56641 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56702 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56702 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57924 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57924 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58001 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-58001 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-58018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58068 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58068 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58071 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58088 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58088 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58093 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58093 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58094 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58094 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58095 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58096 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58096 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-58097 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-58097 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-58097 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21683 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-21683 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-21683 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21696 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21696 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21707 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21707 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21729 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21729 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21758 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21768 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21792 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21806 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21808 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21812 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21833 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21833 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21833 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21836 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21852 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21852 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21854 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21863 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21867 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21867 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21873 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21875 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21887 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21887 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21894 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21894 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21895 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21895 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21904 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21904 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21905 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21905 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21906 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21908 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21909 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21909 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21910 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21910 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21912 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21913 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21914 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21915 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21915 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21915 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21916 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21917 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21917 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21917 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21918 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21918 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21918 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21922 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21922 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-21922 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21923 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21923 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21923 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21923 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21924 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21924 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21925 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21925 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21926 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21926 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21927 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21927 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21927 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21928 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21928 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21928 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21928 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21930 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21930 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21931 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21931 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21934 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21934 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21934 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21935 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21936 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21937 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21937 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21937 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21941 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21941 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21943 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21943 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21943 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21948 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21950 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21951 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21951 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21953 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21953 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21956 ( SUSE ): 0.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21956 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2025-21957 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21957 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21957 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21960 ( SUSE ): 0.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21960 ( SUSE ): 0.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
* CVE-2025-21961 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21961 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21962 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21962 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-21962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21963 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21963 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21963 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21964 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21964 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21964 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21966 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21966 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21966 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21968 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21968 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21968 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21969 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21969 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21970 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21971 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21971 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21972 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21975 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21975 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21978 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21978 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21979 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21979 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21980 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21980 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21980 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21981 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-21981 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-21981 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21985 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21991 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21991 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21992 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21992 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21993 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21993 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21993 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21995 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21995 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21995 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21996 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21996 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21996 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21999 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21999 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22001 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22001 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-22001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22003 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22003 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22004 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22007 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22007 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22007 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22008 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22008 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22009 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22009 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22010 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22010 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22010 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22013 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22014 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22014 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22015 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22016 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22017 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22018 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22018 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22020 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22020 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22020 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22025 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22025 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-22027 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22027 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22027 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22029 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22029 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22033 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22033 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22033 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22036 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22044 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22044 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22045 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22050 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22053 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22053 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22055 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22055 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-22058 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-22060 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22060 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22062 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22062 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22064 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22065 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22065 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22065 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22075 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22080 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22080 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22086 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22086 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22088 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22088 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22090 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22090 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22093 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22093 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22097 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22097 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-22097 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22102 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22102 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22104 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2025-22105 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22105 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22106 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22106 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22107 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22107 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-22108 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22108 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-22109 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22116 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22116 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-22121 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22121 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22128 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22128 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-2312 ( SUSE ): 6.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-2312 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-2312 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-23129 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23131 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23133 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23133 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-23136 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23138 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-23145 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-23145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-37785 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-37785 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-37785 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-37798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-37799 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-37860 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-37860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-37860 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39728 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39728 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6

An update that solves 170 vulnerabilities, contains one feature and has 66
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching
(bsc#1242006).
* CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in
subflow_finish_connect() (bsc#1224597).
* CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to
load on IPv6 (bsc#1231910).
* CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP
(bsc#1233075).
* CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not
overlap (bsc#1233098).
* CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc
(bsc#1234074).
* CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
* CVE-2024-57924: fs: relax assertions on failure to encode file handles
(bsc#1236086).
* CVE-2024-58018: nvkm: correctly calculate the available space of the GSP
cmdq buffer (bsc#1238990).
* CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not
initialized (bsc#1238961).
* CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in
PREEMPT_RT (bsc#1238983).
* CVE-2024-58071: team: prevent adding a device which is already a team device
lower (bsc#1238970).
* CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
* CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak
(bsc#1236704).
* CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
* CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
* CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan
completion (bsc#1237874).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
* CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack()
(bsc#1238737).
* CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6
lwtunnels (bsc#1238714).
* CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE
sockopt (bsc#1238745).
* CVE-2025-21806: net: let net.core.dev_weight always be non-zero
(bsc#1238746).
* CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in
generic mode (bsc#1238742).
* CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
* CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
(bsc#1239108).
* CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade
(bsc#1239066).
* CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting
unconnected (bsc#1239470).
* CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
* CVE-2025-21867: bpf, test_run: Fix use-after-free issue in
eth_skb_pkt_type() (bsc#1240181).
* CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails
(bsc#1240184).
* CVE-2025-21875: mptcp: always handle address removal under msk socket lock
(bsc#1240168).
* CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode()
(bsc#1240185).
* CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
* CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in
ovl_link_up (bsc#1240176).
* CVE-2025-21889: perf/core: Add RCU read lock protection to
perf_iterate_ctx() (bsc#1240167).
* CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
(bsc#1240581).
* CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered
pmu_ctx_list (bsc#1240585).
* CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe()
(bsc#1240576).
* CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
* CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd
writeback (bsc#1240600).
* CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
(bsc#1240591).
* CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
* CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if
hclge_ptp_get_cycle returns an error (bsc#1240720).
* CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit()
(bsc#1240713).
* CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).
* CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned
folio (bsc#1240709).
* CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2
(bsc#1240742).
* CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
(bsc#1240815).
* CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
* CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount
option (bsc#1240655).
* CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount
option (bsc#1240717).
* CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount
option (bsc#1240740).
* CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
* CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check
(bsc#1240819).
* CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
* CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table()
(bsc#1240812).
* CVE-2025-21980: sched: address a potential NULL pointer dereference in the
GRED scheduler (bsc#1240809).
* CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
* CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).
* CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-
less NUMA nodes (bsc#1240795).
* CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in
ibft_attr_show_nic() (bsc#1240797).
* CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
* CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
* CVE-2025-22015: mm/migrate: fix shmem xarray update during migration
(bsc#1240944).
* CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).
* CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).
* CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).
* CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec
(bsc#1241378).
* CVE-2025-22036: exfat: fix random stack corruption after get_block
(bsc#1241426).
* CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal
PMDs (bsc#1241433).
* CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging
(bsc#1241373).
* CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
* CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
* CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption
(bsc#1241526).
* CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is
dormant (bsc#1241413).
* CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de()
(bsc#1241416).
* CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements
(bsc#1241537).
* CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release
(bsc#1241456).
* CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
* CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452
bsc#1241548).
* CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in
sja1105_table_delete_entry() (bsc#1241575).
* CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).
* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241578).
* CVE-2025-22121: ext4: fix out-of-bound read in
ext4_xattr_inode_dec_ref_all() (bsc#1241593).
* CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution
(bsc#1239684).
* CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead
reg worker (bsc#1241451).
* CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
* CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow
(bsc#1242596).
* CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
* CVE-2025-37798: codel: remove sch->q.qlen check before
qdisc_tree_reduce_backlog() (bsc#1242414).
* CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
(bsc#1242283).
* CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init()
(bsc#1241626).

The following non-security bugs were fixed:

* ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).
* ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).
* ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-
fixes).
* ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
(git-fixes).
* ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).
* ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
* ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-
fixes).
* ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-
fixes).
* ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-
fixes).
* ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).
* ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).
* ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
(bsc#1242044).
* ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).
* ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).
* ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-
fixes).
* ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).
* ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).
* ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).
* ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).
* ASoC: fsl_audmix: register card device depends on 'dais' property (stable-
fixes).
* ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
* ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).
* ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
* ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
* ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-
fixes).
* ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).
* Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).
* Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-
fixes).
* Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
(git-fixes).
* Bluetooth: hci_uart: Fix another race during initialization (git-fixes).
* Bluetooth: hci_uart: fix race during initialization (stable-fixes).
* Bluetooth: l2cap: Check encryption key size on incoming connection (git-
fixes).
* Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).
* Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).
* HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-
fixes).
* HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
* Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-
fixes).
* Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
* OPP: add index check to assert to avoid buffer overflow in _read_freq()
(bsc#1238961)
* PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-
fixes).
* PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
* PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
* PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
* PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).
* RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)
* RDMA/core: Silence oversized kvmalloc() warning (git-fixes)
* RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)
* RDMA/mana_ib: Ensure variable err is initialized (git-fixes).
* RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)
* Reapply "Merge remote-tracking branch 'origin/users/sjaeckel/SLE15-SP6/for-
next' into SLE15-SP6".
* Require zstd in kernel-default-devel when module compression is zstd To use
ksym-provides tool modules need to be uncompressed. Without zstd at least
kernel-default-base does not have provides. Link:
https://github.com/openSUSE/rpm-config-SUSE/pull/82
* Revert "drivers: core: synchronize really_probe() and dev_uevent()" (stable-
fixes).
* Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" (git-
fixes).
* Revert "tcp: Fix bind() regression for v6-only wildcard and".
* Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()" (git-fixes).
* Test the correct macro to detect RT kernel build Fixes: 470cd1a41502
("kernel-binary: Support livepatch_rt with merged RT branch")
* USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).
* USB: VLI disk crashes if LPM is used (stable-fixes).
* USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
(stable-fixes).
* USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).
* USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-
fixes).
* USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).
* USB: wdm: add annotation (git-fixes).
* USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).
* USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).
* USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).
* acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
* affs: do not write overlarge OFS data block size fields (git-fixes).
* affs: generate OFS sequence numbers starting at 1 (git-fixes).
* ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).
* arch_topology: Make register_cpu_capacity_sysctl() tolerant to late
(bsc#1238052)
* arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
* arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
* arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
* arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
* arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
* arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
* arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
* arm64: mm: Correct the update of max_pfn (git-fixes)
* asus-laptop: Fix an uninitialized variable (git-fixes).
* ata: libata-sata: Save all fields from sense data descriptor (git-fixes).
* ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-
fixes).
* ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).
* ata: libata-scsi: Improve CDL control (git-fixes).
* ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
(git-fixes).
* ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).
* auxdisplay: hd44780: Convert to platform remove callback returning void
(stable-fixes).
* auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).
* badblocks: Fix error shitf ops (git-fixes).
* badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).
* badblocks: fix missing bad blocks on retry in _badblocks_check() (git-
fixes).
* badblocks: fix the using of MAX_BADBLOCKS (git-fixes).
* badblocks: return error directly when setting badblocks exceeds 512 (git-
fixes).
* badblocks: return error if any badblock set fails (git-fixes).
* blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).
* block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).
* block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes).
* block: fix conversion of GPT partition name to 7-bit (git-fixes).
* block: fix resource leak in blk_register_queue() error path (git-fixes).
* block: integrity: Do not call set_page_dirty_lock() (git-fixes).
* block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone
(git-fixes).
* bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).
* bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).
* bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).
* bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).
* bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
* bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
* bpf: add find_containing_subprog() utility function (bsc#1241590).
* bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
* bpf: check changes_pkt_data property for extension programs (bsc#1241590).
* bpf: consider that tail calls invalidate packet pointers (bsc#1241590).
* bpf: fix null dereference when computing changes_pkt_data of prog w/o
subprogs (bsc#1241590).
* bpf: fix potential error return (git-fixes).
* bpf: refactor bpf_helper_changes_pkt_data to use helper number
(bsc#1241590).
* bpf: track changes_pkt_data property for global functions (bsc#1241590).
* bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
* btrfs: add and use helper to verify the calling task has locked the inode
(bsc#1241204).
* btrfs: always fallback to buffered write if the inode requires checksum
(bsc#1242831 bsc#1242710).
* btrfs: fix hole expansion when writing at an offset beyond EOF
(bsc#1241151).
* btrfs: fix missing snapshot drew unlock when root is dead during swap
activation (bsc#1241204).
* btrfs: fix race with memory mapped writes when activating swap file
(bsc#1241204).
* btrfs: fix swap file activation failure due to extents that used to be
shared (bsc#1241204).
* cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).
* char: misc: register chrdev region with all possible minors (git-fixes).
* cifs: Fix integer overflow while processing actimeo mount option (git-
fixes).
* counter: fix privdata alignment (git-fixes).
* counter: microchip-tcb-capture: Fix undefined counter channel state on probe
(git-fixes).
* counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
* cpufreq/cppc: Set the frequency used for computing the capacity
(bsc#1238052)
* cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
* cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
* crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).
* crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).
* crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).
* cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-
fixes).
* dm-bufio: do not schedule in atomic context (git-fixes).
* dm-ebs: fix prefetch-vs-suspend race (git-fixes).
* dm-integrity: set ti->error on memory allocation failure (git-fixes).
* dm-verity: fix prefetch-vs-suspend race (git-fixes).
* dm: add missing unlock on in dm_keyslot_evict() (git-fixes).
* dm: always update the array size in realloc_argv on success (git-fixes).
* dm: fix copying after src array boundaries (git-fixes).
* dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-
fixes).
* drivers: base: devres: Allow to release group on device release (stable-
fixes).
* drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).
* drm/amd/display: Force full update in gpu reset (stable-fixes).
* drm/amd/display: add workaround flag to link to force FFE preset (stable-
fixes).
* drm/amd/pm/smu11: Prevent division by zero (git-fixes).
* drm/amd/pm: Prevent division by zero (git-fixes).
* drm/amd: Handle being compiled without SI or CIK support better (stable-
fixes).
* drm/amd: Keep display off while going into S4 (stable-fixes).
* drm/amdgpu/dma_buf: fix page_link check (git-fixes).
* drm/amdgpu/gfx11: fix num_mec (git-fixes).
* drm/amdgpu: handle amdgpu_cgs_create_device() errors in
amd_powerplay_create() (stable-fixes).
* drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).
* drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).
* drm/amdkfd: clamp queue size to minimum (stable-fixes).
* drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).
* drm/bridge: panel: forbid initializing a panel with unknown connector type
(stable-fixes).
* drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
* drm/dp_mst: Factor out function to queue a topology probe work (stable-
fixes).
* drm/fdinfo: Protect against driver unbind (git-fixes).
* drm/i915/dg2: wait for HuC load completion before running selftests (stable-
fixes).
* drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).
* drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
* drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions' (git-fixes).
* drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).
* drm/i915: Disable RPG during live selftest (git-fixes).
* drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-
fixes).
* drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-
fixes).
* drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).
* drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
* drm/sti: remove duplicate object names (git-fixes).
* drm/tests: Add helper to create mock crtc (stable-fixes).
* drm/tests: Add helper to create mock plane (stable-fixes).
* drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-
fixes).
* drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).
* drm/tests: helpers: Add atomic helpers (stable-fixes).
* drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-
fixes).
* drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
(stable-fixes).
* drm/tests: helpers: Fix compiler warning (git-fixes).
* drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).
* drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).
* drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).
* drm: allow encoder mode_set even when connectors change for crtc (stable-
fixes).
* drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).
* drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).
* drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
(stable-fixes).
* drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
(stable-fixes).
* drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).
* e1000e: change k1 configuration on MTP and later platforms (git-fixes).
* eth: bnxt: fix missing ring index trim on error path (git-fixes).
* ethtool: Fix context creation with no parameters (git-fixes).
* ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).
* ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-
fixes).
* ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).
* ethtool: fix setting key and resetting indir at once (git-fixes).
* ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).
* ethtool: netlink: do not return SQI value if link is down (git-fixes).
* ethtool: plca: fix plca enable data type while parsing the value (git-
fixes).
* ethtool: rss: echo the context number back (git-fixes).
* exfat: do not fallback to buffered write (git-fixes).
* exfat: drop ->i_size_ondisk (git-fixes).
* exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).
* exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
* exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).
* ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).
* ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).
* ext4: do not over-report free space or inodes in statvfs (bsc#1242345).
* ext4: do not treat fhandle lookup of ea_inode as FS corruption
(bsc#1242347).
* ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).
* ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556).
* ext4: make block validity check resistent to sb bh corruption (bsc#1242348).
* ext4: partial zero eof block on unaligned inode size extension
(bsc#1242336).
* ext4: protect ext4_release_dquot against freezing (bsc#1242335).
* ext4: replace the traditional ternary conditional operator with with
max()/min() (bsc#1242536).
* ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).
* ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).
* fbdev: omapfb: Add 'plane' value check (stable-fixes).
* firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-
fixes).
* firmware: arm_scmi: Balance device refcount when destroying devices (git-
fixes).
* firmware: cs_dsp: Ensure cs_dsp_load_coeff returns 0 on success (git-fixes).
* fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).
* fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).
* fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).
* fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).
* fs: consistently deref the files table with rcu_dereference_raw()
(bsc#1242535).
* fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
(bsc#1242526).
* fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).
* gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
* gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).
* gve: handle overflow when reporting TX consumed descriptors (git-fixes).
* gve: set xdp redirect target only when it is available (git-fixes).
* hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).
* hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-
fixes).
* i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).
* i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).
* ice: Add check for devm_kzalloc() (git-fixes).
* ice: fix reservation of resources for RDMA when disabled (git-fixes).
* ice: stop truncating queue ids when checking (git-fixes).
* idpf: check error for register_netdev() on init (git-fixes).
* idpf: fix adapter NULL pointer dereference on reboot (git-fixes).
* igb: reject invalid external timestamp requests for 82580-based HW (git-
fixes).
* igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).
* igc: cleanup PTP module if probe fails (git-fixes).
* igc: fix PTM cycle trigger logic (git-fixes).
* igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).
* igc: increase wait time before retrying PTM (git-fixes).
* igc: move ktime snapshot into PTM retry loop (git-fixes).
* iio: adc: ad7768-1: Fix conversion result sign (git-fixes).
* iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check (stable-fixes).
* iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).
* ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-
fixes).
* irqchip/davinci: Remove leftover header (git-fixes).
* irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).
* isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).
* jbd2: add a missing data flush during file and fs synchronization
(bsc#1242346).
* jbd2: fix off-by-one while erasing journal (bsc#1242344).
* jbd2: flush filesystem device before updating tail sequence (bsc#1242333).
* jbd2: increase IO priority for writing revoke records (bsc#1242332).
* jbd2: increase the journal IO's priority (bsc#1242537).
* jbd2: remove wrong sb->s_sequence check (bsc#1242343).
* jfs: Fix uninit-value access of imap allocated in the diMount() function
(git-fixes).
* jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).
* jfs: add sanity check for agwidth in dbMount (git-fixes).
* kABI fix for sctp: detect and prevent references to a freed transport in
sendmsg (git-fixes).
* kABI workaround for powercap update (bsc#1241010).
* kernel-binary: Support livepatch_rt with merged RT branch
* kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94
("kernel-source: Also replace bin/env"
* ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).
* kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).
* lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
(git-fixes).
* libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698
jsc#PED-12309).
* libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698
jsc#PED-12309).
* libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698
jsc#PED-12309).
* libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698
jsc#PED-12309).
* libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698
jsc#PED-12309).
* libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
* libperf cpumap: Rename perf_cpu_map__dummy_new() to
perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
* libperf cpumap: Rename perf_cpu_map__empty() to
perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
* loop: LOOP_SET_FD: send uevents for partitions (git-fixes).
* loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).
* loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).
* md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
(bsc#1238212)
* media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).
* mei: me: add panther lake H DID (stable-fixes).
* misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration
(git-fixes).
* misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack
(git-fixes).
* mm/readahead: fix large folio support in async readahead (bsc#1242321).
* mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT
(bsc#1242326).
* mm: fix filemap_get_folios_contig returning batches of identical folios
(bsc#1242327).
* mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).
* mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-
fixes).
* mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).
* mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
* mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).
* mptcp: refine opt_mp_capable determination (git-fixes).
* mptcp: relax check on MPC passive fallback (git-fixes).
* mptcp: strict validation before using mp_opt->hmac (git-fixes).
* mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).
* mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
* mtd: rawnand: Add status chack in r852_ready() (git-fixes).
* net/mlx5: Fill out devlink dev info only for PFs (git-fixes).
* net/mlx5: IRQ, Fix null string in debug print (git-fixes).
* net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-
fixes).
* net/mlx5: Start health poll after enable hca (git-fixes).
* net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).
* net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
(git-fixes).
* net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).
* net/tcp: refactor tcp_inet6_sk() (git-fixes).
* net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes).
* net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes).
* net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).
* net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).
* net: ethtool: Fix RSS setting (git-fixes).
* net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).
* net: mana: Switch to page pool for jumbo frames (git-fixes).
* net: mark racy access on sk->sk_rcvbuf (git-fixes).
* net: phy: leds: fix memory leak (git-fixes).
* net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).
* net: sctp: fix skb leak in sctp_inq_free() (git-fixes).
* net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).
* net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).
* net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
* net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
* net_sched: drr: Fix double list add in class with netem as child qdisc (git-
fixes).
* net_sched: ets: Fix double list add in class with netem as child qdisc (git-
fixes).
* net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
(git-fixes).
* net_sched: qfq: Fix double list add in class with netem as child qdisc (git-
fixes).
* netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).
* nfs: add missing selections of CONFIG_CRC32 (git-fixes).
* nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
* nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
* nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).
* nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
* ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
* ntb: intel: Fix using link status DB's (git-fixes).
* ntb: reduce stack usage in idt_scan_mws (stable-fixes).
* ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
* ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).
* ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
(git-fixes).
* ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
(git-fixes).
* ntb_perf: Fix printk format (git-fixes).
* nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).
* nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).
* nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).
* nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
* nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).
* nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-
fixes).
* nvmet-fcloop: swap list_add_tail arguments (git-fixes).
* objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-
fixes).
* objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
(git-fixes).
* objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
* perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS
(bsc#1234698 jsc#PED-12309).
* perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
* perf tools: annotate asm_pure_loop.S (bsc#1239906).
* perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
* perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)
* perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)
* perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)
* perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)
* phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-
fixes).
* pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-
fixes).
* platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug
(git-fixes).
* platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
* platform/x86: ISST: Correct command storage data length (git-fixes).
* platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
(stable-fixes).
* pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-
fixes).
* powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request()
(git-fixes).
* powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).
* powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).
* powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
* powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
* powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
* powerpc/boot: Check for ld-option support (bsc#1215199).
* powerpc/boot: Fix dash warning (bsc#1215199).
* powerpc: Do not use --- in kernel logs (git-fixes).
* pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).
* pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).
* pwm: rcar: Improve register calculation (git-fixes).
* rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
* rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE We now have
LD_CAN_USE_KEEP_IN_OVERLAY since commit: e7607f7d6d81 ARM: 9443/1: Require
linker to support KEEP within OVERLAY for DCE
* rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is
dynamically enabled to build-test different configurations. This makes
run_oldconfig.sh complain sporadically for arm64.
* rpm/kernel-binary.spec.in: Also order against update-bootloader
(boo#1228659, boo#1240785, boo#1241038).
* rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package
to inform the order of installation of other package without hard requiring
that package. This means our kernel-binary packages no longer need to hard
require perl-Bootloader or dracut, resolving the long-commented issue there.
This is also needed for udev & systemd-boot to ensure those packages are
installed before being called by dracut (boo#1228659)
* rpm/kernel-binary.spec.in: revert the revert change with OrderWithRequires
The recent change using OrderWithRequires addresses the known issues, but
also caused regressions for the existing image or package builds. For
SLE15-SPx, better to be conservative and stick with the older way.
* rpm/package-descriptions: Add rt and rt_debug descriptions
* rtc: pcf85063: do a SW reset if POR failed (stable-fixes).
* rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
* s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
* s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
* sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
* scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).
* scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-
fixes).
* scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).
* scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes).
* scsi: mpi3mr: Fix locking in an error path (git-fixes).
* scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).
* scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO
(git-fixes).
* scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).
* sctp: Fix undefined behavior in left shift operation (git-fixes).
* sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).
* sctp: detect and prevent references to a freed transport in sendmsg (git-
fixes).
* sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
(git-fixes).
* sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-
fixes).
* sctp: fix busy polling (git-fixes).
* sctp: prefer struct_size over open coded arithmetic (git-fixes).
* sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).
* security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
* selftests/bpf: Add a few tests to cover (git-fixes).
* selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
* selftests/bpf: extend changes_pkt_data with cases w/o subprograms
(bsc#1241590).
* selftests/bpf: freplace tests for tracking of changes_packet_data
(bsc#1241590).
* selftests/bpf: test for changing packet data from global functions
(bsc#1241590).
* selftests/bpf: validate that tail call invalidates packet pointers
(bsc#1241590).
* selftests/futex: futex_waitv wouldblock test should fail (git-fixes).
* selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-
fixes).
* selinux: Implement mptcp_add_subflow hook (bsc#1240375).
* serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
* serial: msm: Configure correct working mode before starting earlycon (git-
fixes).
* serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).
* smb: client: fix folio leaks and perf improvements (bsc#1239997,
bsc1241265).
* smb: client: fix open_cached_dir retries with 'hard' mount option
(bsc#1240616).
* sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
(stable-fixes).
* spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).
* spi: tegra210-quad: add rate limiting and simplify timeout error message
(stable-fixes).
* spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts
(stable-fixes).
* splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).
* staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
* string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-
fixes).
* tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).
* thunderbolt: Scan retimers after device router has been enumerated (stable-
fixes).
* tools/hv: update route parsing in kvp daemon (git-fixes).
* tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).
* tools/power turbostat: report CoreThr per measurement interval (git-fixes).
* topology: Set capacity_freq_ref in all cases (bsc#1238052)
* tpm, tpm_tis: Workaround failed command reception on Infineon devices
(bsc#1235870).
* tpm: tis: Double the timeout B to 4s (bsc#1235870).
* tpm_tis: Move CRC check to generic send routine (bsc#1235870).
* tpm_tis: Use responseRetry to recover from data transfer errors
(bsc#1235870).
* tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).
* tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
* tty: serial: 8250: Add some more device IDs (stable-fixes).
* tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
registers (git-fixes).
* tty: serial: lpuart: only disable CTS instead of overwriting the whole
UARTMODIR register (git-fixes).
* ublk: set_params: properly check if parameters can be applied (git-fixes).
* ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
* udf: Fix inode_getblk() return value (bsc#1242313).
* udf: Skip parent dir link count update if corrupted (bsc#1242315).
* udf: Verify inode link counts before performing rename (bsc#1242314).
* usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).
* usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-
fixes).
* usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-
fixes).
* usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
* usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
(stable-fixes).
* usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).
* usb: dwc3: gadget: check that event count does not exceed event buffer
length (git-fixes).
* usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).
* usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-
fixes).
* usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).
* usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func
(stable-fixes).
* usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-
fixes).
* usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-
fixes).
* usb: xhci: correct debug message page size calculation (git-fixes).
* usbnet:fix NPE during rx_complete (git-fixes).
* vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).
* vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).
* virtchnl: make proto and filter action count unsigned (git-fixes).
* vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).
* vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).
* wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).
* wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
* wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
(stable-fixes).
* wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-
fixes).
* wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
(git-fixes).
* wifi: brcmfmac: keep power during suspend if board requires it (stable-
fixes).
* wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
* wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
* wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).
* wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
(git-fixes).
* wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
(stable-fixes).
* wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-
fixes).
* wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).
* wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).
* x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
* x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
* x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
* x86/bugs: Add RSB mitigation document (git-fixes).
* x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).
* x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).
* x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-
fixes).
* x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).
* x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
* x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment (git-fixes).
* x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
* x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).
* x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive
(git-fixes).
* x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).
* x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).
* x86/microcode/AMD: Split load_microcode_amd() (git-fixes).
* x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID
(git-fixes).
* x86/microcode/intel: Set new revision only after a successful update (git-
fixes).
* x86/microcode: Remove the driver announcement and version (git-fixes).
* x86/microcode: Rework early revisions reporting (git-fixes).
* x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
* x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-
fixes).
* x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
* x86/uaccess: Improve performance by aligning writes to 8 bytes in
copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).
* xfs: flush inodegc before swapon (git-fixes).
* xhci: Fix null pointer dereference during S4 resume when resetting ep0
(bsc#1235550).
* xhci: Reconfigure endpoint 0 max packet size only during endpoint reset
(bsc#1235550).
* xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
* zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING
(bsc#1241167).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1614=1 openSUSE-SLE-15.6-2025-1614=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1614=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1614=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-1614=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1614=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-1614=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1614=1

## Package List:

* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (noarch)
* kernel-source-6.4.0-150600.23.50.1
* kernel-source-vanilla-6.4.0-150600.23.50.1
* kernel-macros-6.4.0-150600.23.50.1
* kernel-devel-6.4.0-150600.23.50.1
* kernel-docs-html-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-6.4.0-150600.23.50.1
* kernel-debug-debugsource-6.4.0-150600.23.50.1
* kernel-debug-devel-6.4.0-150600.23.50.1
* kernel-debug-debuginfo-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (x86_64)
* kernel-debug-vdso-6.4.0-150600.23.50.1
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.50.1
* kernel-default-vdso-6.4.0-150600.23.50.1
* kernel-default-vdso-debuginfo-6.4.0-150600.23.50.1
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.50.1
* kernel-kvmsmall-vdso-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.50.1
* kernel-kvmsmall-debugsource-6.4.0-150600.23.50.1
* kernel-default-base-6.4.0-150600.23.50.1.150600.12.22.1
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.50.1
* kernel-kvmsmall-devel-6.4.0-150600.23.50.1
* kernel-default-base-rebuild-6.4.0-150600.23.50.1.150600.12.22.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ocfs2-kmp-default-6.4.0-150600.23.50.1
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.50.1
* kernel-default-extra-6.4.0-150600.23.50.1
* kernel-default-debugsource-6.4.0-150600.23.50.1
* kernel-default-optional-debuginfo-6.4.0-150600.23.50.1
* kernel-obs-build-6.4.0-150600.23.50.1
* kernel-obs-build-debugsource-6.4.0-150600.23.50.1
* kernel-default-optional-6.4.0-150600.23.50.1
* cluster-md-kmp-default-6.4.0-150600.23.50.1
* kselftests-kmp-default-6.4.0-150600.23.50.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.50.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.50.1
* kernel-obs-qa-6.4.0-150600.23.50.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.50.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.50.1
* kernel-default-debuginfo-6.4.0-150600.23.50.1
* reiserfs-kmp-default-6.4.0-150600.23.50.1
* kernel-syms-6.4.0-150600.23.50.1
* kernel-default-livepatch-6.4.0-150600.23.50.1
* kernel-default-devel-6.4.0-150600.23.50.1
* gfs2-kmp-default-6.4.0-150600.23.50.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.50.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.50.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.50.1
* dlm-kmp-default-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-1-150600.13.3.1
* kernel-default-livepatch-devel-6.4.0-150600.23.50.1
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_50-default-1-150600.13.3.1
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.50.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (aarch64)
* dtb-broadcom-6.4.0-150600.23.50.1
* dtb-freescale-6.4.0-150600.23.50.1
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.50.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.50.1
* gfs2-kmp-64kb-6.4.0-150600.23.50.1
* dtb-renesas-6.4.0-150600.23.50.1
* kernel-64kb-devel-6.4.0-150600.23.50.1
* dtb-allwinner-6.4.0-150600.23.50.1
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.50.1
* dtb-cavium-6.4.0-150600.23.50.1
* dtb-altera-6.4.0-150600.23.50.1
* kernel-64kb-extra-6.4.0-150600.23.50.1
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.50.1
* dtb-lg-6.4.0-150600.23.50.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.50.1
* reiserfs-kmp-64kb-6.4.0-150600.23.50.1
* dtb-xilinx-6.4.0-150600.23.50.1
* dtb-apple-6.4.0-150600.23.50.1
* ocfs2-kmp-64kb-6.4.0-150600.23.50.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.50.1
* dtb-marvell-6.4.0-150600.23.50.1
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.50.1
* dtb-rockchip-6.4.0-150600.23.50.1
* dlm-kmp-64kb-6.4.0-150600.23.50.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.50.1
* dtb-amd-6.4.0-150600.23.50.1
* dtb-amlogic-6.4.0-150600.23.50.1
* kernel-64kb-debugsource-6.4.0-150600.23.50.1
* kselftests-kmp-64kb-6.4.0-150600.23.50.1
* dtb-exynos-6.4.0-150600.23.50.1
* dtb-amazon-6.4.0-150600.23.50.1
* dtb-mediatek-6.4.0-150600.23.50.1
* kernel-64kb-debuginfo-6.4.0-150600.23.50.1
* dtb-sprd-6.4.0-150600.23.50.1
* dtb-qcom-6.4.0-150600.23.50.1
* dtb-socionext-6.4.0-150600.23.50.1
* dtb-arm-6.4.0-150600.23.50.1
* dtb-hisilicon-6.4.0-150600.23.50.1
* dtb-nvidia-6.4.0-150600.23.50.1
* dtb-apm-6.4.0-150600.23.50.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.50.1
* kernel-64kb-optional-6.4.0-150600.23.50.1
* cluster-md-kmp-64kb-6.4.0-150600.23.50.1
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (aarch64)
* kernel-64kb-debugsource-6.4.0-150600.23.50.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.50.1
* kernel-64kb-devel-6.4.0-150600.23.50.1
* kernel-64kb-debuginfo-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.50.1.150600.12.22.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.50.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.50.1
* kernel-default-devel-6.4.0-150600.23.50.1
* kernel-default-debugsource-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (noarch)
* kernel-macros-6.4.0-150600.23.50.1
* kernel-devel-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.50.1
* Basesystem Module 15-SP6 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.50.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.50.1
* Development Tools Module 15-SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.50.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-6.4.0-150600.23.50.1
* kernel-syms-6.4.0-150600.23.50.1
* kernel-obs-build-6.4.0-150600.23.50.1
* Development Tools Module 15-SP6 (noarch)
* kernel-source-6.4.0-150600.23.50.1
* Legacy Module 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.50.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.50.1
* reiserfs-kmp-default-6.4.0-150600.23.50.1
* kernel-default-debugsource-6.4.0-150600.23.50.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.50.1
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.50.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-1-150600.13.3.1
* kernel-default-livepatch-6.4.0-150600.23.50.1
* kernel-default-debugsource-6.4.0-150600.23.50.1
* kernel-default-debuginfo-6.4.0-150600.23.50.1
* kernel-default-livepatch-devel-6.4.0-150600.23.50.1
* kernel-livepatch-6_4_0-150600_23_50-default-1-150600.13.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-6.4.0-150600.23.50.1
* ocfs2-kmp-default-6.4.0-150600.23.50.1
* cluster-md-kmp-default-6.4.0-150600.23.50.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.50.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.50.1
* kernel-default-debugsource-6.4.0-150600.23.50.1
* kernel-default-debuginfo-6.4.0-150600.23.50.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.50.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.50.1
* dlm-kmp-default-6.4.0-150600.23.50.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.50.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.50.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.50.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.50.1
* kernel-default-extra-6.4.0-150600.23.50.1
* kernel-default-debugsource-6.4.0-150600.23.50.1

## References:

* https://www.suse.com/security/cve/CVE-2023-53034.html
* https://www.suse.com/security/cve/CVE-2024-27018.html
* https://www.suse.com/security/cve/CVE-2024-27415.html
* https://www.suse.com/security/cve/CVE-2024-28956.html
* https://www.suse.com/security/cve/CVE-2024-35840.html
* https://www.suse.com/security/cve/CVE-2024-46763.html
* https://www.suse.com/security/cve/CVE-2024-46865.html
* https://www.suse.com/security/cve/CVE-2024-50038.html
* https://www.suse.com/security/cve/CVE-2024-50083.html
* https://www.suse.com/security/cve/CVE-2024-50162.html
* https://www.suse.com/security/cve/CVE-2024-50163.html
* https://www.suse.com/security/cve/CVE-2024-53124.html
* https://www.suse.com/security/cve/CVE-2024-53139.html
* https://www.suse.com/security/cve/CVE-2024-56641.html
* https://www.suse.com/security/cve/CVE-2024-56702.html
* https://www.suse.com/security/cve/CVE-2024-57924.html
* https://www.suse.com/security/cve/CVE-2024-57998.html
* https://www.suse.com/security/cve/CVE-2024-58001.html
* https://www.suse.com/security/cve/CVE-2024-58018.html
* https://www.suse.com/security/cve/CVE-2024-58068.html
* https://www.suse.com/security/cve/CVE-2024-58070.html
* https://www.suse.com/security/cve/CVE-2024-58071.html
* https://www.suse.com/security/cve/CVE-2024-58088.html
* https://www.suse.com/security/cve/CVE-2024-58093.html
* https://www.suse.com/security/cve/CVE-2024-58094.html
* https://www.suse.com/security/cve/CVE-2024-58095.html
* https://www.suse.com/security/cve/CVE-2024-58096.html
* https://www.suse.com/security/cve/CVE-2024-58097.html
* https://www.suse.com/security/cve/CVE-2025-21683.html
* https://www.suse.com/security/cve/CVE-2025-21696.html
* https://www.suse.com/security/cve/CVE-2025-21707.html
* https://www.suse.com/security/cve/CVE-2025-21729.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21758.html
* https://www.suse.com/security/cve/CVE-2025-21768.html
* https://www.suse.com/security/cve/CVE-2025-21792.html
* https://www.suse.com/security/cve/CVE-2025-21806.html
* https://www.suse.com/security/cve/CVE-2025-21808.html
* https://www.suse.com/security/cve/CVE-2025-21812.html
* https://www.suse.com/security/cve/CVE-2025-21833.html
* https://www.suse.com/security/cve/CVE-2025-21836.html
* https://www.suse.com/security/cve/CVE-2025-21852.html
* https://www.suse.com/security/cve/CVE-2025-21853.html
* https://www.suse.com/security/cve/CVE-2025-21854.html
* https://www.suse.com/security/cve/CVE-2025-21863.html
* https://www.suse.com/security/cve/CVE-2025-21867.html
* https://www.suse.com/security/cve/CVE-2025-21873.html
* https://www.suse.com/security/cve/CVE-2025-21875.html
* https://www.suse.com/security/cve/CVE-2025-21881.html
* https://www.suse.com/security/cve/CVE-2025-21884.html
* https://www.suse.com/security/cve/CVE-2025-21887.html
* https://www.suse.com/security/cve/CVE-2025-21889.html
* https://www.suse.com/security/cve/CVE-2025-21894.html
* https://www.suse.com/security/cve/CVE-2025-21895.html
* https://www.suse.com/security/cve/CVE-2025-21904.html
* https://www.suse.com/security/cve/CVE-2025-21905.html
* https://www.suse.com/security/cve/CVE-2025-21906.html
* https://www.suse.com/security/cve/CVE-2025-21908.html
* https://www.suse.com/security/cve/CVE-2025-21909.html
* https://www.suse.com/security/cve/CVE-2025-21910.html
* https://www.suse.com/security/cve/CVE-2025-21912.html
* https://www.suse.com/security/cve/CVE-2025-21913.html
* https://www.suse.com/security/cve/CVE-2025-21914.html
* https://www.suse.com/security/cve/CVE-2025-21915.html
* https://www.suse.com/security/cve/CVE-2025-21916.html
* https://www.suse.com/security/cve/CVE-2025-21917.html
* https://www.suse.com/security/cve/CVE-2025-21918.html
* https://www.suse.com/security/cve/CVE-2025-21922.html
* https://www.suse.com/security/cve/CVE-2025-21923.html
* https://www.suse.com/security/cve/CVE-2025-21924.html
* https://www.suse.com/security/cve/CVE-2025-21925.html
* https://www.suse.com/security/cve/CVE-2025-21926.html
* https://www.suse.com/security/cve/CVE-2025-21927.html
* https://www.suse.com/security/cve/CVE-2025-21928.html
* https://www.suse.com/security/cve/CVE-2025-21930.html
* https://www.suse.com/security/cve/CVE-2025-21931.html
* https://www.suse.com/security/cve/CVE-2025-21934.html
* https://www.suse.com/security/cve/CVE-2025-21935.html
* https://www.suse.com/security/cve/CVE-2025-21936.html
* https://www.suse.com/security/cve/CVE-2025-21937.html
* https://www.suse.com/security/cve/CVE-2025-21941.html
* https://www.suse.com/security/cve/CVE-2025-21943.html
* https://www.suse.com/security/cve/CVE-2025-21948.html
* https://www.suse.com/security/cve/CVE-2025-21950.html
* https://www.suse.com/security/cve/CVE-2025-21951.html
* https://www.suse.com/security/cve/CVE-2025-21953.html
* https://www.suse.com/security/cve/CVE-2025-21956.html
* https://www.suse.com/security/cve/CVE-2025-21957.html
* https://www.suse.com/security/cve/CVE-2025-21960.html
* https://www.suse.com/security/cve/CVE-2025-21961.html
* https://www.suse.com/security/cve/CVE-2025-21962.html
* https://www.suse.com/security/cve/CVE-2025-21963.html
* https://www.suse.com/security/cve/CVE-2025-21964.html
* https://www.suse.com/security/cve/CVE-2025-21966.html
* https://www.suse.com/security/cve/CVE-2025-21968.html
* https://www.suse.com/security/cve/CVE-2025-21969.html
* https://www.suse.com/security/cve/CVE-2025-21970.html
* https://www.suse.com/security/cve/CVE-2025-21971.html
* https://www.suse.com/security/cve/CVE-2025-21972.html
* https://www.suse.com/security/cve/CVE-2025-21975.html
* https://www.suse.com/security/cve/CVE-2025-21978.html
* https://www.suse.com/security/cve/CVE-2025-21979.html
* https://www.suse.com/security/cve/CVE-2025-21980.html
* https://www.suse.com/security/cve/CVE-2025-21981.html
* https://www.suse.com/security/cve/CVE-2025-21985.html
* https://www.suse.com/security/cve/CVE-2025-21991.html
* https://www.suse.com/security/cve/CVE-2025-21992.html
* https://www.suse.com/security/cve/CVE-2025-21993.html
* https://www.suse.com/security/cve/CVE-2025-21995.html
* https://www.suse.com/security/cve/CVE-2025-21996.html
* https://www.suse.com/security/cve/CVE-2025-21999.html
* https://www.suse.com/security/cve/CVE-2025-22001.html
* https://www.suse.com/security/cve/CVE-2025-22003.html
* https://www.suse.com/security/cve/CVE-2025-22004.html
* https://www.suse.com/security/cve/CVE-2025-22007.html
* https://www.suse.com/security/cve/CVE-2025-22008.html
* https://www.suse.com/security/cve/CVE-2025-22009.html
* https://www.suse.com/security/cve/CVE-2025-22010.html
* https://www.suse.com/security/cve/CVE-2025-22013.html
* https://www.suse.com/security/cve/CVE-2025-22014.html
* https://www.suse.com/security/cve/CVE-2025-22015.html
* https://www.suse.com/security/cve/CVE-2025-22016.html
* https://www.suse.com/security/cve/CVE-2025-22017.html
* https://www.suse.com/security/cve/CVE-2025-22018.html
* https://www.suse.com/security/cve/CVE-2025-22020.html
* https://www.suse.com/security/cve/CVE-2025-22025.html
* https://www.suse.com/security/cve/CVE-2025-22027.html
* https://www.suse.com/security/cve/CVE-2025-22029.html
* https://www.suse.com/security/cve/CVE-2025-22033.html
* https://www.suse.com/security/cve/CVE-2025-22036.html
* https://www.suse.com/security/cve/CVE-2025-22044.html
* https://www.suse.com/security/cve/CVE-2025-22045.html
* https://www.suse.com/security/cve/CVE-2025-22050.html
* https://www.suse.com/security/cve/CVE-2025-22053.html
* https://www.suse.com/security/cve/CVE-2025-22055.html
* https://www.suse.com/security/cve/CVE-2025-22058.html
* https://www.suse.com/security/cve/CVE-2025-22060.html
* https://www.suse.com/security/cve/CVE-2025-22062.html
* https://www.suse.com/security/cve/CVE-2025-22064.html
* https://www.suse.com/security/cve/CVE-2025-22065.html
* https://www.suse.com/security/cve/CVE-2025-22075.html
* https://www.suse.com/security/cve/CVE-2025-22080.html
* https://www.suse.com/security/cve/CVE-2025-22086.html
* https://www.suse.com/security/cve/CVE-2025-22088.html
* https://www.suse.com/security/cve/CVE-2025-22090.html
* https://www.suse.com/security/cve/CVE-2025-22093.html
* https://www.suse.com/security/cve/CVE-2025-22097.html
* https://www.suse.com/security/cve/CVE-2025-22102.html
* https://www.suse.com/security/cve/CVE-2025-22104.html
* https://www.suse.com/security/cve/CVE-2025-22105.html
* https://www.suse.com/security/cve/CVE-2025-22106.html
* https://www.suse.com/security/cve/CVE-2025-22107.html
* https://www.suse.com/security/cve/CVE-2025-22108.html
* https://www.suse.com/security/cve/CVE-2025-22109.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://www.suse.com/security/cve/CVE-2025-22116.html
* https://www.suse.com/security/cve/CVE-2025-22121.html
* https://www.suse.com/security/cve/CVE-2025-22128.html
* https://www.suse.com/security/cve/CVE-2025-2312.html
* https://www.suse.com/security/cve/CVE-2025-23129.html
* https://www.suse.com/security/cve/CVE-2025-23131.html
* https://www.suse.com/security/cve/CVE-2025-23133.html
* https://www.suse.com/security/cve/CVE-2025-23136.html
* https://www.suse.com/security/cve/CVE-2025-23138.html
* https://www.suse.com/security/cve/CVE-2025-23145.html
* https://www.suse.com/security/cve/CVE-2025-37785.html
* https://www.suse.com/security/cve/CVE-2025-37798.html
* https://www.suse.com/security/cve/CVE-2025-37799.html
* https://www.suse.com/security/cve/CVE-2025-37860.html
* https://www.suse.com/security/cve/CVE-2025-39728.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215199
* https://bugzilla.suse.com/show_bug.cgi?id=1223809
* https://bugzilla.suse.com/show_bug.cgi?id=1224013
* https://bugzilla.suse.com/show_bug.cgi?id=1224597
* https://bugzilla.suse.com/show_bug.cgi?id=1224757
* https://bugzilla.suse.com/show_bug.cgi?id=1228659
* https://bugzilla.suse.com/show_bug.cgi?id=1230764
* https://bugzilla.suse.com/show_bug.cgi?id=1231103
* https://bugzilla.suse.com/show_bug.cgi?id=1231910
* https://bugzilla.suse.com/show_bug.cgi?id=1232493
* https://bugzilla.suse.com/show_bug.cgi?id=1233075
* https://bugzilla.suse.com/show_bug.cgi?id=1233098
* https://bugzilla.suse.com/show_bug.cgi?id=1234074
* https://bugzilla.suse.com/show_bug.cgi?id=1234157
* https://bugzilla.suse.com/show_bug.cgi?id=1234698
* https://bugzilla.suse.com/show_bug.cgi?id=1235501
* https://bugzilla.suse.com/show_bug.cgi?id=1235526
* https://bugzilla.suse.com/show_bug.cgi?id=1235550
* https://bugzilla.suse.com/show_bug.cgi?id=1235870
* https://bugzilla.suse.com/show_bug.cgi?id=1236086
* https://bugzilla.suse.com/show_bug.cgi?id=1236704
* https://bugzilla.suse.com/show_bug.cgi?id=1237111
* https://bugzilla.suse.com/show_bug.cgi?id=1237874
* https://bugzilla.suse.com/show_bug.cgi?id=1237882
* https://bugzilla.suse.com/show_bug.cgi?id=1238052
* https://bugzilla.suse.com/show_bug.cgi?id=1238212
* https://bugzilla.suse.com/show_bug.cgi?id=1238471
* https://bugzilla.suse.com/show_bug.cgi?id=1238527
* https://bugzilla.suse.com/show_bug.cgi?id=1238565
* https://bugzilla.suse.com/show_bug.cgi?id=1238714
* https://bugzilla.suse.com/show_bug.cgi?id=1238737
* https://bugzilla.suse.com/show_bug.cgi?id=1238742
* https://bugzilla.suse.com/show_bug.cgi?id=1238745
* https://bugzilla.suse.com/show_bug.cgi?id=1238746
* https://bugzilla.suse.com/show_bug.cgi?id=1238862
* https://bugzilla.suse.com/show_bug.cgi?id=1238961
* https://bugzilla.suse.com/show_bug.cgi?id=1238970
* https://bugzilla.suse.com/show_bug.cgi?id=1238983
* https://bugzilla.suse.com/show_bug.cgi?id=1238990
* https://bugzilla.suse.com/show_bug.cgi?id=1239066
* https://bugzilla.suse.com/show_bug.cgi?id=1239079
* https://bugzilla.suse.com/show_bug.cgi?id=1239108
* https://bugzilla.suse.com/show_bug.cgi?id=1239470
* https://bugzilla.suse.com/show_bug.cgi?id=1239475
* https://bugzilla.suse.com/show_bug.cgi?id=1239476
* https://bugzilla.suse.com/show_bug.cgi?id=1239487
* https://bugzilla.suse.com/show_bug.cgi?id=1239510
* https://bugzilla.suse.com/show_bug.cgi?id=1239684
* https://bugzilla.suse.com/show_bug.cgi?id=1239906
* https://bugzilla.suse.com/show_bug.cgi?id=1239925
* https://bugzilla.suse.com/show_bug.cgi?id=1239997
* https://bugzilla.suse.com/show_bug.cgi?id=1240167
* https://bugzilla.suse.com/show_bug.cgi?id=1240168
* https://bugzilla.suse.com/show_bug.cgi?id=1240171
* https://bugzilla.suse.com/show_bug.cgi?id=1240176
* https://bugzilla.suse.com/show_bug.cgi?id=1240181
* https://bugzilla.suse.com/show_bug.cgi?id=1240184
* https://bugzilla.suse.com/show_bug.cgi?id=1240185
* https://bugzilla.suse.com/show_bug.cgi?id=1240375
* https://bugzilla.suse.com/show_bug.cgi?id=1240557
* https://bugzilla.suse.com/show_bug.cgi?id=1240575
* https://bugzilla.suse.com/show_bug.cgi?id=1240576
* https://bugzilla.suse.com/show_bug.cgi?id=1240581
* https://bugzilla.suse.com/show_bug.cgi?id=1240582
* https://bugzilla.suse.com/show_bug.cgi?id=1240583
* https://bugzilla.suse.com/show_bug.cgi?id=1240584
* https://bugzilla.suse.com/show_bug.cgi?id=1240585
* https://bugzilla.suse.com/show_bug.cgi?id=1240587
* https://bugzilla.suse.com/show_bug.cgi?id=1240590
* https://bugzilla.suse.com/show_bug.cgi?id=1240591
* https://bugzilla.suse.com/show_bug.cgi?id=1240592
* https://bugzilla.suse.com/show_bug.cgi?id=1240594
* https://bugzilla.suse.com/show_bug.cgi?id=1240595
* https://bugzilla.suse.com/show_bug.cgi?id=1240596
* https://bugzilla.suse.com/show_bug.cgi?id=1240600
* https://bugzilla.suse.com/show_bug.cgi?id=1240612
* https://bugzilla.suse.com/show_bug.cgi?id=1240616
* https://bugzilla.suse.com/show_bug.cgi?id=1240639
* https://bugzilla.suse.com/show_bug.cgi?id=1240643
* https://bugzilla.suse.com/show_bug.cgi?id=1240647
* https://bugzilla.suse.com/show_bug.cgi?id=1240655
* https://bugzilla.suse.com/show_bug.cgi?id=1240691
* https://bugzilla.suse.com/show_bug.cgi?id=1240700
* https://bugzilla.suse.com/show_bug.cgi?id=1240701
* https://bugzilla.suse.com/show_bug.cgi?id=1240703
* https://bugzilla.suse.com/show_bug.cgi?id=1240708
* https://bugzilla.suse.com/show_bug.cgi?id=1240709
* https://bugzilla.suse.com/show_bug.cgi?id=1240712
* https://bugzilla.suse.com/show_bug.cgi?id=1240713
* https://bugzilla.suse.com/show_bug.cgi?id=1240714
* https://bugzilla.suse.com/show_bug.cgi?id=1240715
* https://bugzilla.suse.com/show_bug.cgi?id=1240716
* https://bugzilla.suse.com/show_bug.cgi?id=1240717
* https://bugzilla.suse.com/show_bug.cgi?id=1240718
* https://bugzilla.suse.com/show_bug.cgi?id=1240719
* https://bugzilla.suse.com/show_bug.cgi?id=1240720
* https://bugzilla.suse.com/show_bug.cgi?id=1240722
* https://bugzilla.suse.com/show_bug.cgi?id=1240727
* https://bugzilla.suse.com/show_bug.cgi?id=1240739
* https://bugzilla.suse.com/show_bug.cgi?id=1240740
* https://bugzilla.suse.com/show_bug.cgi?id=1240742
* https://bugzilla.suse.com/show_bug.cgi?id=1240779
* https://bugzilla.suse.com/show_bug.cgi?id=1240783
* https://bugzilla.suse.com/show_bug.cgi?id=1240784
* https://bugzilla.suse.com/show_bug.cgi?id=1240785
* https://bugzilla.suse.com/show_bug.cgi?id=1240795
* https://bugzilla.suse.com/show_bug.cgi?id=1240796
* https://bugzilla.suse.com/show_bug.cgi?id=1240797
* https://bugzilla.suse.com/show_bug.cgi?id=1240799
* https://bugzilla.suse.com/show_bug.cgi?id=1240801
* https://bugzilla.suse.com/show_bug.cgi?id=1240802
* https://bugzilla.suse.com/show_bug.cgi?id=1240806
* https://bugzilla.suse.com/show_bug.cgi?id=1240808
* https://bugzilla.suse.com/show_bug.cgi?id=1240809
* https://bugzilla.suse.com/show_bug.cgi?id=1240811
* https://bugzilla.suse.com/show_bug.cgi?id=1240812
* https://bugzilla.suse.com/show_bug.cgi?id=1240813
* https://bugzilla.suse.com/show_bug.cgi?id=1240815
* https://bugzilla.suse.com/show_bug.cgi?id=1240816
* https://bugzilla.suse.com/show_bug.cgi?id=1240819
* https://bugzilla.suse.com/show_bug.cgi?id=1240821
* https://bugzilla.suse.com/show_bug.cgi?id=1240825
* https://bugzilla.suse.com/show_bug.cgi?id=1240829
* https://bugzilla.suse.com/show_bug.cgi?id=1240835
* https://bugzilla.suse.com/show_bug.cgi?id=1240873
* https://bugzilla.suse.com/show_bug.cgi?id=1240934
* https://bugzilla.suse.com/show_bug.cgi?id=1240936
* https://bugzilla.suse.com/show_bug.cgi?id=1240937
* https://bugzilla.suse.com/show_bug.cgi?id=1240938
* https://bugzilla.suse.com/show_bug.cgi?id=1240940
* https://bugzilla.suse.com/show_bug.cgi?id=1240942
* https://bugzilla.suse.com/show_bug.cgi?id=1240943
* https://bugzilla.suse.com/show_bug.cgi?id=1240944
* https://bugzilla.suse.com/show_bug.cgi?id=1240978
* https://bugzilla.suse.com/show_bug.cgi?id=1240979
* https://bugzilla.suse.com/show_bug.cgi?id=1241010
* https://bugzilla.suse.com/show_bug.cgi?id=1241038
* https://bugzilla.suse.com/show_bug.cgi?id=1241051
* https://bugzilla.suse.com/show_bug.cgi?id=1241123
* https://bugzilla.suse.com/show_bug.cgi?id=1241151
* https://bugzilla.suse.com/show_bug.cgi?id=1241167
* https://bugzilla.suse.com/show_bug.cgi?id=1241175
* https://bugzilla.suse.com/show_bug.cgi?id=1241204
* https://bugzilla.suse.com/show_bug.cgi?id=1241250
* https://bugzilla.suse.com/show_bug.cgi?id=1241265
* https://bugzilla.suse.com/show_bug.cgi?id=1241266
* https://bugzilla.suse.com/show_bug.cgi?id=1241280
* https://bugzilla.suse.com/show_bug.cgi?id=1241332
* https://bugzilla.suse.com/show_bug.cgi?id=1241333
* https://bugzilla.suse.com/show_bug.cgi?id=1241341
* https://bugzilla.suse.com/show_bug.cgi?id=1241343
* https://bugzilla.suse.com/show_bug.cgi?id=1241344
* https://bugzilla.suse.com/show_bug.cgi?id=1241347
* https://bugzilla.suse.com/show_bug.cgi?id=1241357
* https://bugzilla.suse.com/show_bug.cgi?id=1241361
* https://bugzilla.suse.com/show_bug.cgi?id=1241369
* https://bugzilla.suse.com/show_bug.cgi?id=1241371
* https://bugzilla.suse.com/show_bug.cgi?id=1241373
* https://bugzilla.suse.com/show_bug.cgi?id=1241378
* https://bugzilla.suse.com/show_bug.cgi?id=1241394
* https://bugzilla.suse.com/show_bug.cgi?id=1241402
* https://bugzilla.suse.com/show_bug.cgi?id=1241412
* https://bugzilla.suse.com/show_bug.cgi?id=1241413
* https://bugzilla.suse.com/show_bug.cgi?id=1241416
* https://bugzilla.suse.com/show_bug.cgi?id=1241424
* https://bugzilla.suse.com/show_bug.cgi?id=1241426
* https://bugzilla.suse.com/show_bug.cgi?id=1241433
* https://bugzilla.suse.com/show_bug.cgi?id=1241436
* https://bugzilla.suse.com/show_bug.cgi?id=1241441
* https://bugzilla.suse.com/show_bug.cgi?id=1241442
* https://bugzilla.suse.com/show_bug.cgi?id=1241443
* https://bugzilla.suse.com/show_bug.cgi?id=1241451
* https://bugzilla.suse.com/show_bug.cgi?id=1241452
* https://bugzilla.suse.com/show_bug.cgi?id=1241456
* https://bugzilla.suse.com/show_bug.cgi?id=1241458
* https://bugzilla.suse.com/show_bug.cgi?id=1241459
* https://bugzilla.suse.com/show_bug.cgi?id=1241526
* https://bugzilla.suse.com/show_bug.cgi?id=1241528
* https://bugzilla.suse.com/show_bug.cgi?id=1241537
* https://bugzilla.suse.com/show_bug.cgi?id=1241541
* https://bugzilla.suse.com/show_bug.cgi?id=1241545
* https://bugzilla.suse.com/show_bug.cgi?id=1241547
* https://bugzilla.suse.com/show_bug.cgi?id=1241548
* https://bugzilla.suse.com/show_bug.cgi?id=1241550
* https://bugzilla.suse.com/show_bug.cgi?id=1241573
* https://bugzilla.suse.com/show_bug.cgi?id=1241574
* https://bugzilla.suse.com/show_bug.cgi?id=1241575
* https://bugzilla.suse.com/show_bug.cgi?id=1241578
* https://bugzilla.suse.com/show_bug.cgi?id=1241590
* https://bugzilla.suse.com/show_bug.cgi?id=1241593
* https://bugzilla.suse.com/show_bug.cgi?id=1241598
* https://bugzilla.suse.com/show_bug.cgi?id=1241599
* https://bugzilla.suse.com/show_bug.cgi?id=1241601
* https://bugzilla.suse.com/show_bug.cgi?id=1241626
* https://bugzilla.suse.com/show_bug.cgi?id=1241640
* https://bugzilla.suse.com/show_bug.cgi?id=1241648
* https://bugzilla.suse.com/show_bug.cgi?id=1242006
* https://bugzilla.suse.com/show_bug.cgi?id=1242044
* https://bugzilla.suse.com/show_bug.cgi?id=1242172
* https://bugzilla.suse.com/show_bug.cgi?id=1242283
* https://bugzilla.suse.com/show_bug.cgi?id=1242307
* https://bugzilla.suse.com/show_bug.cgi?id=1242313
* https://bugzilla.suse.com/show_bug.cgi?id=1242314
* https://bugzilla.suse.com/show_bug.cgi?id=1242315
* https://bugzilla.suse.com/show_bug.cgi?id=1242321
* https://bugzilla.suse.com/show_bug.cgi?id=1242326
* https://bugzilla.suse.com/show_bug.cgi?id=1242327
* https://bugzilla.suse.com/show_bug.cgi?id=1242328
* https://bugzilla.suse.com/show_bug.cgi?id=1242332
* https://bugzilla.suse.com/show_bug.cgi?id=1242333
* https://bugzilla.suse.com/show_bug.cgi?id=1242335
* https://bugzilla.suse.com/show_bug.cgi?id=1242336
* https://bugzilla.suse.com/show_bug.cgi?id=1242342
* https://bugzilla.suse.com/show_bug.cgi?id=1242343
* https://bugzilla.suse.com/show_bug.cgi?id=1242344
* https://bugzilla.suse.com/show_bug.cgi?id=1242345
* https://bugzilla.suse.com/show_bug.cgi?id=1242346
* https://bugzilla.suse.com/show_bug.cgi?id=1242347
* https://bugzilla.suse.com/show_bug.cgi?id=1242348
* https://bugzilla.suse.com/show_bug.cgi?id=1242414
* https://bugzilla.suse.com/show_bug.cgi?id=1242526
* https://bugzilla.suse.com/show_bug.cgi?id=1242528
* https://bugzilla.suse.com/show_bug.cgi?id=1242534
* https://bugzilla.suse.com/show_bug.cgi?id=1242535
* https://bugzilla.suse.com/show_bug.cgi?id=1242536
* https://bugzilla.suse.com/show_bug.cgi?id=1242537
* https://bugzilla.suse.com/show_bug.cgi?id=1242538
* https://bugzilla.suse.com/show_bug.cgi?id=1242539
* https://bugzilla.suse.com/show_bug.cgi?id=1242540
* https://bugzilla.suse.com/show_bug.cgi?id=1242546
* https://bugzilla.suse.com/show_bug.cgi?id=1242556
* https://bugzilla.suse.com/show_bug.cgi?id=1242596
* https://bugzilla.suse.com/show_bug.cgi?id=1242710
* https://bugzilla.suse.com/show_bug.cgi?id=1242778
* https://bugzilla.suse.com/show_bug.cgi?id=1242831
* https://bugzilla.suse.com/show_bug.cgi?id=1242985
* https://jira.suse.com/browse/PED-12309

SUSE-SU-2025:01619-1: moderate: Security update for s390-tools

# Security update for s390-tools

Announcement ID: SUSE-SU-2025:01619-1
Release Date: 2025-05-21T09:57:21Z
Rating: moderate
References:

* bsc#1242622
* jsc#PED-12028

Cross-References:

* CVE-2025-3416

CVSS scores:

* CVE-2025-3416 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and contains one feature can now be
installed.

## Description:

This update for s390-tools rebuilds the existing package with the new 4k RSA
secure boot key.

Security issues fixed:

* CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-
openssl crate. (bsc#1242622)

Other issues:

* Added the new IBM z17 (9175) processor type

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1619=1 openSUSE-SLE-15.6-2025-1619=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1619=1

## Package List:

* openSUSE Leap 15.6 (s390x x86_64)
* s390-tools-2.31.0-150600.8.16.1
* s390-tools-debugsource-2.31.0-150600.8.16.1
* s390-tools-debuginfo-2.31.0-150600.8.16.1
* openSUSE Leap 15.6 (s390x)
* libekmfweb1-devel-2.31.0-150600.8.16.1
* libkmipclient1-2.31.0-150600.8.16.1
* libkmipclient1-debuginfo-2.31.0-150600.8.16.1
* s390-tools-chreipl-fcp-mpath-2.31.0-150600.8.16.1
* s390-tools-zdsfs-2.31.0-150600.8.16.1
* osasnmpd-2.31.0-150600.8.16.1
* s390-tools-hmcdrvfs-debuginfo-2.31.0-150600.8.16.1
* libekmfweb1-debuginfo-2.31.0-150600.8.16.1
* s390-tools-zdsfs-debuginfo-2.31.0-150600.8.16.1
* libekmfweb1-2.31.0-150600.8.16.1
* s390-tools-hmcdrvfs-2.31.0-150600.8.16.1
* libkmipclient1-devel-2.31.0-150600.8.16.1
* osasnmpd-debuginfo-2.31.0-150600.8.16.1
* openSUSE Leap 15.6 (noarch)
* s390-tools-genprotimg-data-2.31.0-150600.8.16.1
* Basesystem Module 15-SP6 (s390x)
* libekmfweb1-devel-2.31.0-150600.8.16.1
* libkmipclient1-2.31.0-150600.8.16.1
* libkmipclient1-debuginfo-2.31.0-150600.8.16.1
* s390-tools-chreipl-fcp-mpath-2.31.0-150600.8.16.1
* s390-tools-zdsfs-2.31.0-150600.8.16.1
* osasnmpd-2.31.0-150600.8.16.1
* s390-tools-hmcdrvfs-debuginfo-2.31.0-150600.8.16.1
* libekmfweb1-debuginfo-2.31.0-150600.8.16.1
* libekmfweb1-2.31.0-150600.8.16.1
* s390-tools-hmcdrvfs-2.31.0-150600.8.16.1
* s390-tools-zdsfs-debuginfo-2.31.0-150600.8.16.1
* osasnmpd-debuginfo-2.31.0-150600.8.16.1
* Basesystem Module 15-SP6 (s390x x86_64)
* s390-tools-2.31.0-150600.8.16.1
* s390-tools-debugsource-2.31.0-150600.8.16.1
* s390-tools-debuginfo-2.31.0-150600.8.16.1
* Basesystem Module 15-SP6 (noarch)
* s390-tools-genprotimg-data-2.31.0-150600.8.16.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3416.html
* https://bugzilla.suse.com/show_bug.cgi?id=1242622
* https://jira.suse.com/browse/PED-12028