SUSE Linux has released several security updates, including important updates for the Linux Kernel, Kubernetes, iputils, rmt-server, libgcrypt, python-oslo.utils, libxml2, lemon, python, openjdk, libexslt, busybox, and apache:

SUSE-SU-2025:02398-1: important: Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)
SUSE-SU-2025:02393-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)
SUSE-SU-2025:02399-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)
SUSE-SU-2025:02400-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)
SUSE-SU-2025:02401-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
SUSE-SU-2025:02411-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)
SUSE-SU-2025:02403-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
SUSE-SU-2025:02410-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)
SUSE-SU-2025:02424-1: moderate: Security update for kubernetes1.24
SUSE-SU-2025:02423-1: moderate: Security update for kubernetes1.23
SUSE-SU-2025:02431-1: moderate: Security update for iputils
SUSE-SU-2025:02430-1: moderate: Security update for iputils
SUSE-SU-2025:02429-1: important: Security update for rmt-server
SUSE-SU-2025:02418-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)
SUSE-SU-2025:02416-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)
SUSE-SU-2025:02428-1: important: Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)
SUSE-SU-2025:02419-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)
SUSE-SU-2025:02421-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
SUSE-SU-2025:02433-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:02447-1: moderate: Security update for libgcrypt
SUSE-SU-2025:02448-1: moderate: Security update for python-oslo.utils
SUSE-SU-2025:02434-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)
SUSE-SU-2025:02440-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)
SUSE-SU-2025:02437-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
SUSE-SU-2025:02436-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
SUSE-SU-2025:02438-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)
SUSE-SU-2025:02444-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)
SUSE-SU-2025:02442-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)
SUSE-SU-2025:02449-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
SUSE-SU-2025:02445-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)
SUSE-SU-2025:02446-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
openSUSE-SU-2025:15363-1: moderate: libxml2-2-2.13.8-3.1 on GA media
openSUSE-SU-2025:15368-1: moderate: lemon-3.50.3-1.1 on GA media
openSUSE-SU-2025:15367-1: moderate: python313-3.13.5-3.1 on GA media
openSUSE-SU-2025:15365-1: moderate: python311-3.11.13-3.1 on GA media
openSUSE-SU-2025:15362-1: moderate: java-21-openjdk-21.0.8.0-1.1 on GA media
openSUSE-SU-2025:15366-1: moderate: python312-3.12.11-3.1 on GA media
openSUSE-SU-2025:15364-1: moderate: libexslt0-1.1.43-2.1 on GA media
openSUSE-SU-2025:15361-1: moderate: busybox-1.37.0-5.1 on GA media
openSUSE-SU-2025:15360-1: moderate: apache2-2.4.64-1.1 on GA media
SUSE-SU-2025:02451-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
SUSE-SU-2025:02454-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
SUSE-SU-2025:02455-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

SUSE-SU-2025:02398-1: important: Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02398-1
Release Date: 2025-07-21T07:33:40Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1234854
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_170 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2398=1 SUSE-2025-2407=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2398=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-2407=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_170-default-14-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_46-debugsource-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-16-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-14-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_167-preempt-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-preempt-debuginfo-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-14-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_47-debugsource-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-14-150300.2.1
* kernel-livepatch-5_3_18-150300_59_167-default-16-150300.2.1
* kernel-livepatch-5_3_18-150300_59_170-default-14-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02393-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02393-1
Release Date: 2025-07-19T18:03:51Z
Rating: important
References:

* bsc#1238912

Cross-References:

* CVE-2025-21772

CVSS scores:

* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_94 fixes one issue.

The following security issue was fixed:

* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2393=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2393=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_94-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-3-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238912

SUSE-SU-2025:02399-1: important: Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 52 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02399-1
Release Date: 2025-07-21T06:33:56Z
Rating: important
References:

* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_188 fixes several issues.

The following security issues were fixed:

* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2399=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2399=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_188-default-7-150300.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_52-debugsource-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-default-debuginfo-7-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_188-preempt-debuginfo-7-150300.2.1
* kernel-livepatch-5_3_18-150300_59_188-preempt-7-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02400-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02400-1
Release Date: 2025-07-21T06:34:04Z
Rating: important
References:

* bsc#1233118
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2400=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2400=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-11-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_136-default-11-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_32-debugsource-11-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02401-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02401-1
Release Date: 2025-07-21T07:33:49Z
Rating: important
References:

* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2401=1 SUSE-2025-2408=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2401=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-2408=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-9-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_144-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_144-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_34-debugsource-9-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02411-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02411-1
Release Date: 2025-07-21T07:34:29Z
Rating: important
References:

* bsc#1233118
* bsc#1233227
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235769
* bsc#1235921
* bsc#1238912
* bsc#1241579
* bsc#1243648
* bsc#1244337

Cross-References:

* CVE-2024-50208
* CVE-2024-50250
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772
* CVE-2025-22115

CVSS scores:

* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50250 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-50250 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-50250 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 11 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks
(bsc#1233227).
* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241579).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2411=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2404=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2414=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2404=1 SUSE-2025-2414=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_14-rt-12-150600.2.1
* kernel-livepatch-6_4_0-150600_10_14-rt-debuginfo-12-150600.2.1
* kernel-livepatch-SLE15-SP6-RT_Update_4-debugsource-12-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_17-default-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-12-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_17-default-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_3-debugsource-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-12-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-50250.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1233227
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1241579
* https://bugzilla.suse.com/show_bug.cgi?id=1243648
* https://bugzilla.suse.com/show_bug.cgi?id=1244337

SUSE-SU-2025:02403-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02403-1
Release Date: 2025-07-21T07:07:03Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235769
* bsc#1235921
* bsc#1238912
* bsc#1243648

Cross-References:

* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_68 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2403=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2403=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_68-default-18-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-18-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-18-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_68-default-18-150500.2.1
* kernel-livepatch-5_14_21-150500_55_68-default-debuginfo-18-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_15-debugsource-18-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02410-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02410-1
Release Date: 2025-07-21T07:34:05Z
Rating: important
References:

* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235769
* bsc#1235921
* bsc#1238912
* bsc#1243648

Cross-References:

* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_88 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2410=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2410=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-7-150500.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_88-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-7-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02424-1: moderate: Security update for kubernetes1.24

# Security update for kubernetes1.24

Announcement ID: SUSE-SU-2025:02424-1
Release Date: 2025-07-21T08:37:13Z
Rating: moderate
References:

* bsc#1241865

Cross-References:

* CVE-2025-22872

CVSS scores:

* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for kubernetes1.24 fixes the following issues:

* CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value
in foreign content (bsc#1241865).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2424=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-kubeadm-1.24.17-150400.9.22.1
* kubernetes1.24-kubelet-common-1.24.17-150400.9.22.1
* kubernetes1.24-controller-manager-1.24.17-150400.9.22.1
* kubernetes1.24-kubelet-1.24.17-150400.9.22.1
* kubernetes1.24-client-1.24.17-150400.9.22.1
* kubernetes1.24-client-common-1.24.17-150400.9.22.1
* kubernetes1.24-apiserver-1.24.17-150400.9.22.1
* kubernetes1.24-proxy-1.24.17-150400.9.22.1
* kubernetes1.24-scheduler-1.24.17-150400.9.22.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.24-client-fish-completion-1.24.17-150400.9.22.1
* kubernetes1.24-client-bash-completion-1.24.17-150400.9.22.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241865

SUSE-SU-2025:02423-1: moderate: Security update for kubernetes1.23

# Security update for kubernetes1.23

Announcement ID: SUSE-SU-2025:02423-1
Release Date: 2025-07-21T08:36:42Z
Rating: moderate
References:

* bsc#1194400
* bsc#1212493
* bsc#1219964
* bsc#1222539
* bsc#1229008
* bsc#1241865

Cross-References:

* CVE-2021-25743
* CVE-2023-2431
* CVE-2024-0793
* CVE-2024-3177
* CVE-2025-22872

CVSS scores:

* CVE-2021-25743 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-25743 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
* CVE-2023-2431 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-2431 ( NVD ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-2431 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-0793 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0793 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-3177 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-3177 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-22872 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected Products:

* openSUSE Leap 15.3

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for kubernetes1.23 fixes the following issues:

* CVE-2021-25743: Escape terminal special characters in kubectl output
(bsc#1194400).
* CVE-2023-2431: Prevent pods to bypass the seccomp profile enforcement
(bsc#1212493).
* CVE-2024-0793: Advance autoscaling v2 as the preferred API version
(bsc#1219964).
* CVE-2024-3177: Prevent bypassing mountable secrets policy imposed by the
ServiceAccount admission plugin (bsc#1222539).
* CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value
in foreign content (bsc#1241865).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2423=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kubernetes1.23-scheduler-1.23.17-150300.7.12.1
* kubernetes1.23-client-1.23.17-150300.7.12.1
* kubernetes1.23-kubelet-common-1.23.17-150300.7.12.1
* kubernetes1.23-controller-manager-1.23.17-150300.7.12.1
* kubernetes1.23-apiserver-1.23.17-150300.7.12.1
* kubernetes1.23-proxy-1.23.17-150300.7.12.1
* kubernetes1.23-kubelet-1.23.17-150300.7.12.1
* kubernetes1.23-client-common-1.23.17-150300.7.12.1
* kubernetes1.23-kubeadm-1.23.17-150300.7.12.1
* openSUSE Leap 15.3 (noarch)
* kubernetes1.23-client-fish-completion-1.23.17-150300.7.12.1
* kubernetes1.23-client-bash-completion-1.23.17-150300.7.12.1
* openSUSE Leap 15.3 (ppc64le)
* kubernetes1.23-controller-manager-debuginfo-1.23.17-150300.7.12.1
* kubernetes1.23-kubelet-debuginfo-1.23.17-150300.7.12.1
* kubernetes1.23-proxy-debuginfo-1.23.17-150300.7.12.1
* kubernetes1.23-kubeadm-debuginfo-1.23.17-150300.7.12.1
* kubernetes1.23-apiserver-debuginfo-1.23.17-150300.7.12.1
* kubernetes1.23-scheduler-debuginfo-1.23.17-150300.7.12.1
* kubernetes1.23-client-debuginfo-1.23.17-150300.7.12.1

## References:

* https://www.suse.com/security/cve/CVE-2021-25743.html
* https://www.suse.com/security/cve/CVE-2023-2431.html
* https://www.suse.com/security/cve/CVE-2024-0793.html
* https://www.suse.com/security/cve/CVE-2024-3177.html
* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194400
* https://bugzilla.suse.com/show_bug.cgi?id=1212493
* https://bugzilla.suse.com/show_bug.cgi?id=1219964
* https://bugzilla.suse.com/show_bug.cgi?id=1222539
* https://bugzilla.suse.com/show_bug.cgi?id=1229008
* https://bugzilla.suse.com/show_bug.cgi?id=1241865

SUSE-SU-2025:02431-1: moderate: Security update for iputils

# Security update for iputils

Announcement ID: SUSE-SU-2025:02431-1
Release Date: 2025-07-21T11:23:49Z
Rating: moderate
References:

* bsc#1243772

Cross-References:

* CVE-2025-48964

CVSS scores:

* CVE-2025-48964 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48964 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Affected Products:

* openSUSE Leap 15.4
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for iputils fixes the following issues:

* CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp
(bsc#1243772).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2431=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2431=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-2431=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2431=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-2431=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2431=1

* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-2431=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* iputils-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* rarpd-20211215-150400.3.22.1
* iputils-debuginfo-20211215-150400.3.22.1
* rarpd-debuginfo-20211215-150400.3.22.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* iputils-debuginfo-20211215-150400.3.22.1
* iputils-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* iputils-debuginfo-20211215-150400.3.22.1
* iputils-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* iputils-debuginfo-20211215-150400.3.22.1
* iputils-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* iputils-debuginfo-20211215-150400.3.22.1
* iputils-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* iputils-debuginfo-20211215-150400.3.22.1
* rarpd-debuginfo-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* rarpd-20211215-150400.3.22.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* iputils-debuginfo-20211215-150400.3.22.1
* rarpd-debuginfo-20211215-150400.3.22.1
* iputils-debugsource-20211215-150400.3.22.1
* rarpd-20211215-150400.3.22.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48964.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243772

SUSE-SU-2025:02430-1: moderate: Security update for iputils

# Security update for iputils

Announcement ID: SUSE-SU-2025:02430-1
Release Date: 2025-07-21T11:23:28Z
Rating: moderate
References:

* bsc#1243772

Cross-References:

* CVE-2025-48964

CVSS scores:

* CVE-2025-48964 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-48964 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Affected Products:

* Basesystem Module 15-SP6
* Basesystem Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for iputils fixes the following issues:

* CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp
(bsc#1243772).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2430=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2430=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-2430=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2430=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2430=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* iputils-20221126-150500.3.14.1
* iputils-debugsource-20221126-150500.3.14.1
* iputils-debuginfo-20221126-150500.3.14.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* iputils-20221126-150500.3.14.1
* iputils-debugsource-20221126-150500.3.14.1
* iputils-debuginfo-20221126-150500.3.14.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* iputils-20221126-150500.3.14.1
* iputils-debugsource-20221126-150500.3.14.1
* iputils-debuginfo-20221126-150500.3.14.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* iputils-20221126-150500.3.14.1
* iputils-debugsource-20221126-150500.3.14.1
* iputils-debuginfo-20221126-150500.3.14.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* iputils-20221126-150500.3.14.1
* iputils-debugsource-20221126-150500.3.14.1
* iputils-debuginfo-20221126-150500.3.14.1

## References:

* https://www.suse.com/security/cve/CVE-2025-48964.html
* https://bugzilla.suse.com/show_bug.cgi?id=1243772

SUSE-SU-2025:02429-1: important: Security update for rmt-server

# Security update for rmt-server

Announcement ID: SUSE-SU-2025:02429-1
Release Date: 2025-07-21T11:04:12Z
Rating: important
References:

* bsc#1236600
* bsc#1236816
* bsc#1236836
* bsc#1237373
* bsc#1242893
* bsc#1242898
* bsc#1244166

Cross-References:

* CVE-2025-32441
* CVE-2025-46727

CVSS scores:

* CVE-2025-32441 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-32441 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-32441 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-32441 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-46727 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-46727 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-46727 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* Public Cloud Module 15-SP3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves two vulnerabilities and has five security fixes can now be
installed.

## Description:

This update for rmt-server fixes the following issues:

* Update to version 2.23
* CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser.
(bsc#1242893)
* CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a
deleted rack session. (bsc#1242898)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2429=1

* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-2429=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2429=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2429=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2429=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-2429=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* rmt-server-pubcloud-2.23-150300.3.54.1
* rmt-server-2.23-150300.3.54.1
* rmt-server-debugsource-2.23-150300.3.54.1
* rmt-server-config-2.23-150300.3.54.1
* rmt-server-debuginfo-2.23-150300.3.54.1
* Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64)
* rmt-server-debugsource-2.23-150300.3.54.1
* rmt-server-pubcloud-2.23-150300.3.54.1
* rmt-server-debuginfo-2.23-150300.3.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* rmt-server-debugsource-2.23-150300.3.54.1
* rmt-server-debuginfo-2.23-150300.3.54.1
* rmt-server-2.23-150300.3.54.1
* rmt-server-config-2.23-150300.3.54.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* rmt-server-debugsource-2.23-150300.3.54.1
* rmt-server-debuginfo-2.23-150300.3.54.1
* rmt-server-2.23-150300.3.54.1
* rmt-server-config-2.23-150300.3.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* rmt-server-debugsource-2.23-150300.3.54.1
* rmt-server-debuginfo-2.23-150300.3.54.1
* rmt-server-2.23-150300.3.54.1
* rmt-server-config-2.23-150300.3.54.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* rmt-server-debugsource-2.23-150300.3.54.1
* rmt-server-debuginfo-2.23-150300.3.54.1
* rmt-server-2.23-150300.3.54.1
* rmt-server-config-2.23-150300.3.54.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32441.html
* https://www.suse.com/security/cve/CVE-2025-46727.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236600
* https://bugzilla.suse.com/show_bug.cgi?id=1236816
* https://bugzilla.suse.com/show_bug.cgi?id=1236836
* https://bugzilla.suse.com/show_bug.cgi?id=1237373
* https://bugzilla.suse.com/show_bug.cgi?id=1242893
* https://bugzilla.suse.com/show_bug.cgi?id=1242898
* https://bugzilla.suse.com/show_bug.cgi?id=1244166

SUSE-SU-2025:02418-1: important: Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02418-1
Release Date: 2025-07-21T08:04:41Z
Rating: important
References:

* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-56558
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_195 fixes several issues.

The following security issues were fixed:

* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2418=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2418=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_54-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-default-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_195-preempt-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_195-preempt-debuginfo-4-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_195-default-4-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02416-1: important: Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02416-1
Release Date: 2025-07-21T08:04:24Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1234854
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2416=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2416=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_45-debugsource-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-default-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-17-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_164-preempt-17-150300.2.1
* kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-17-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_164-default-17-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02428-1: important: Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02428-1
Release Date: 2025-07-21T09:04:15Z
Rating: important
References:

* bsc#1233118
* bsc#1234854
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_182 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2428=1 SUSE-2025-2417=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2428=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-2417=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_48-debugsource-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-debuginfo-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-10-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_50-debugsource-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-13-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_182-preempt-10-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_174-preempt-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-preempt-debuginfo-10-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_174-default-13-150300.2.1
* kernel-livepatch-5_3_18-150300_59_182-default-10-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02419-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02419-1
Release Date: 2025-07-21T08:04:52Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_128 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2419=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2419=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_128-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-13-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_128-default-13-150400.2.1
* kernel-livepatch-5_14_21-150400_24_128-default-debuginfo-13-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_29-debugsource-13-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02421-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02421-1
Release Date: 2025-07-21T08:05:10Z
Rating: important
References:

* bsc#1235769
* bsc#1238912
* bsc#1241579
* bsc#1244337

Cross-References:

* CVE-2024-57793
* CVE-2025-21772
* CVE-2025-22115

CVSS scores:

* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.

The following security issues were fixed:

* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241579).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2421=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2421=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-8-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_33-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-8-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1241579
* https://bugzilla.suse.com/show_bug.cgi?id=1244337

SUSE-SU-2025:02433-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02433-1
Release Date: 2025-07-21T11:33:36Z
Rating: important
References:

* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235769
* bsc#1235921
* bsc#1238912
* bsc#1241579
* bsc#1243648
* bsc#1244337

Cross-References:

* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772
* CVE-2025-22115

CVSS scores:

* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves nine vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241579).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2433=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2433=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-8-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-8-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-8-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-8-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1241579
* https://bugzilla.suse.com/show_bug.cgi?id=1243648
* https://bugzilla.suse.com/show_bug.cgi?id=1244337

SUSE-SU-2025:02447-1: moderate: Security update for libgcrypt

# Security update for libgcrypt

Announcement ID: SUSE-SU-2025:02447-1
Release Date: 2025-07-21T14:45:30Z
Rating: moderate
References:

* bsc#1221107

Cross-References:

* CVE-2024-2236

CVSS scores:

* CVE-2024-2236 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-2236 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for libgcrypt fixes the following issues:

* CVE-2024-2236: Fixed timing based side-channel in RSA implementation.
(bsc#1221107)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2447=1 openSUSE-SLE-15.6-2025-2447=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2447=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgcrypt20-debuginfo-1.10.3-150600.3.9.1
* libgcrypt-devel-1.10.3-150600.3.9.1
* libgcrypt-debugsource-1.10.3-150600.3.9.1
* libgcrypt20-1.10.3-150600.3.9.1
* libgcrypt-devel-debuginfo-1.10.3-150600.3.9.1
* openSUSE Leap 15.6 (x86_64)
* libgcrypt-devel-32bit-1.10.3-150600.3.9.1
* libgcrypt20-32bit-1.10.3-150600.3.9.1
* libgcrypt-devel-32bit-debuginfo-1.10.3-150600.3.9.1
* libgcrypt20-32bit-debuginfo-1.10.3-150600.3.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgcrypt20-64bit-debuginfo-1.10.3-150600.3.9.1
* libgcrypt20-64bit-1.10.3-150600.3.9.1
* libgcrypt-devel-64bit-debuginfo-1.10.3-150600.3.9.1
* libgcrypt-devel-64bit-1.10.3-150600.3.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libgcrypt20-debuginfo-1.10.3-150600.3.9.1
* libgcrypt-devel-1.10.3-150600.3.9.1
* libgcrypt-debugsource-1.10.3-150600.3.9.1
* libgcrypt20-1.10.3-150600.3.9.1
* libgcrypt-devel-debuginfo-1.10.3-150600.3.9.1
* Basesystem Module 15-SP6 (x86_64)
* libgcrypt20-32bit-debuginfo-1.10.3-150600.3.9.1
* libgcrypt20-32bit-1.10.3-150600.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-2236.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221107

SUSE-SU-2025:02448-1: moderate: Security update for python-oslo.utils

# Security update for python-oslo.utils

Announcement ID: SUSE-SU-2025:02448-1
Release Date: 2025-07-21T14:46:27Z
Rating: moderate
References:

* bsc#1196454

Cross-References:

* CVE-2022-0718

CVSS scores:

* CVE-2022-0718 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
* CVE-2022-0718 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* Public Cloud Module 15-SP7
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-oslo.utils fixes the following issues:

* CVE-2022-0718: Fixed incorrect password masking in debug output.
(bsc#1196454)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-2448=1

* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2025-2448=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2448=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2025-2448=1

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2448=1

* Public Cloud Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2025-2448=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python3-oslo.utils-4.1.1-150200.8.7.1
* python-oslo.utils-doc-4.1.1-150200.8.7.1
* Public Cloud Module 15-SP3 (noarch)
* python3-oslo.utils-4.1.1-150200.8.7.1
* Public Cloud Module 15-SP4 (noarch)
* python3-oslo.utils-4.1.1-150200.8.7.1
* Public Cloud Module 15-SP5 (noarch)
* python3-oslo.utils-4.1.1-150200.8.7.1
* Public Cloud Module 15-SP6 (noarch)
* python3-oslo.utils-4.1.1-150200.8.7.1
* Public Cloud Module 15-SP7 (noarch)
* python3-oslo.utils-4.1.1-150200.8.7.1

## References:

* https://www.suse.com/security/cve/CVE-2022-0718.html
* https://bugzilla.suse.com/show_bug.cgi?id=1196454

SUSE-SU-2025:02434-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02434-1
Release Date: 2025-07-21T12:04:27Z
Rating: important
References:

* bsc#1233118
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_133 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2434=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2434=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-11-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_31-debugsource-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-debuginfo-11-150400.2.1
* kernel-livepatch-5_14_21-150400_24_133-default-11-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02440-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02440-1
Release Date: 2025-07-21T13:04:10Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1233227
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235769
* bsc#1235921
* bsc#1238912
* bsc#1241579
* bsc#1243648
* bsc#1244337

Cross-References:

* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-50250
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772
* CVE-2025-22115

CVSS scores:

* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50250 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-50250 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-50250 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 12 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_21 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks
(bsc#1233227).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241579).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2440=1 SUSE-2025-2443=1 SUSE-2025-2435=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2435=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2440=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-2443=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_14-default-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-17-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-19-150600.4.49.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-19-150600.4.49.1
* kernel-livepatch-6_4_0-150600_23_7-default-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-19-150600.4.49.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-17-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_14-default-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_2-debugsource-17-150600.2.1
* kernel-livepatch-6_4_0-150600_21-default-19-150600.4.49.1
* kernel-livepatch-6_4_0-150600_21-default-debuginfo-19-150600.4.49.1
* kernel-livepatch-6_4_0-150600_23_7-default-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_0-debugsource-19-150600.4.49.1
* kernel-livepatch-6_4_0-150600_23_7-default-debuginfo-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_1-debugsource-17-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-50250.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1233227
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1241579
* https://bugzilla.suse.com/show_bug.cgi?id=1243648
* https://bugzilla.suse.com/show_bug.cgi?id=1244337

SUSE-SU-2025:02437-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02437-1
Release Date: 2025-07-21T12:33:50Z
Rating: important
References:

* bsc#1234885
* bsc#1235769
* bsc#1235921
* bsc#1238912

Cross-References:

* CVE-2024-53166
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_91 fixes several issues.

The following security issues were fixed:

* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2437=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2437=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-7-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912

SUSE-SU-2025:02436-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02436-1
Release Date: 2025-07-21T12:33:43Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2436=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2436=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-15-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_28-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_125-default-15-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02438-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)

# Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)

Announcement ID: SUSE-SU-2025:02438-1
Release Date: 2025-07-21T12:33:57Z
Rating: important
References:

* bsc#1238912

Cross-References:

* CVE-2025-21772

CVSS scores:

* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150500_55_97 fixes one issue.

The following security issue was fixed:

* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-2438=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2438=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-3-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238912

SUSE-SU-2025:02444-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02444-1
Release Date: 2025-07-21T13:04:22Z
Rating: important
References:

* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-56558
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_150 fixes several issues.

The following security issues were fixed:

* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2444=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2444=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_36-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_150-default-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02442-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02442-1
Release Date: 2025-07-21T12:34:23Z
Rating: important
References:

* bsc#1238912
* bsc#1241579
* bsc#1244337

Cross-References:

* CVE-2025-21772
* CVE-2025-22115

CVSS scores:

* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_38 fixes several issues.

The following security issues were fixed:

* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241579).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2442=1 SUSE-2025-2441=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2442=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-2441=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-3-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-3-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-3-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-3-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1241579
* https://bugzilla.suse.com/show_bug.cgi?id=1244337

SUSE-SU-2025:02449-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

# Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

Announcement ID: SUSE-SU-2025:02449-1
Release Date: 2025-07-21T15:33:47Z
Rating: important
References:

* bsc#1233118
* bsc#1233227
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235769
* bsc#1235921
* bsc#1238912
* bsc#1241579
* bsc#1243648
* bsc#1244337

Cross-References:

* CVE-2024-50208
* CVE-2024-50250
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57793
* CVE-2024-57893
* CVE-2025-21772
* CVE-2025-22115

CVSS scores:

* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50250 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-50250 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-50250 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57793 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-57793 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22115 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22115 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 11 vulnerabilities and has one security fix can now be
installed.

## Description:

This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks
(bsc#1233227).
* CVE-2025-22115: btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241579).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (bsc#1235769).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2449=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2449=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-13-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-13-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-13-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-13-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-50250.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57793.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://www.suse.com/security/cve/CVE-2025-22115.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1233227
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235769
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1241579
* https://bugzilla.suse.com/show_bug.cgi?id=1243648
* https://bugzilla.suse.com/show_bug.cgi?id=1244337

SUSE-SU-2025:02445-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02445-1
Release Date: 2025-07-21T14:04:06Z
Rating: important
References:

* bsc#1234885
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-53166
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_147 fixes several issues.

The following security issues were fixed:

* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2445=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2445=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-8-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-8-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02446-1: important: Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02446-1
Release Date: 2025-07-21T14:33:47Z
Rating: important
References:

* bsc#1233118
* bsc#1234854
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_179 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2446=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2446=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_179-default-12-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-12-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_179-preempt-debuginfo-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-preempt-12-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_179-default-12-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_49-debugsource-12-150300.2.1
* kernel-livepatch-5_3_18-150300_59_179-default-debuginfo-12-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

openSUSE-SU-2025:15363-1: moderate: libxml2-2-2.13.8-3.1 on GA media

# libxml2-2-2.13.8-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15363-1
Rating: moderate

Cross-References:

* CVE-2025-7425

CVSS scores:

* CVE-2025-7425 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
* CVE-2025-7425 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libxml2-2-2.13.8-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libxml2-2 2.13.8-3.1
* libxml2-2-32bit 2.13.8-3.1
* libxml2-devel 2.13.8-3.1
* libxml2-devel-32bit 2.13.8-3.1
* libxml2-doc 2.13.8-3.1
* libxml2-tools 2.13.8-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7425.html

openSUSE-SU-2025:15368-1: moderate: lemon-3.50.3-1.1 on GA media

# lemon-3.50.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15368-1
Rating: moderate

Cross-References:

* CVE-2025-6965

CVSS scores:

* CVE-2025-6965 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the lemon-3.50.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* lemon 3.50.3-1.1
* libsqlite3-0 3.50.3-1.1
* libsqlite3-0-32bit 3.50.3-1.1
* libsqlite3-0-x86-64-v3 3.50.3-1.1
* sqlite3 3.50.3-1.1
* sqlite3-devel 3.50.3-1.1
* sqlite3-doc 3.50.3-1.1
* sqlite3-tcl 3.50.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6965.html

openSUSE-SU-2025:15367-1: moderate: python313-3.13.5-3.1 on GA media

# python313-3.13.5-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15367-1
Rating: moderate

Cross-References:

* CVE-2025-6069

CVSS scores:

* CVE-2025-6069 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-6069 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python313-3.13.5-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313 3.13.5-3.1
* python313-32bit 3.13.5-3.1
* python313-curses 3.13.5-3.1
* python313-dbm 3.13.5-3.1
* python313-idle 3.13.5-3.1
* python313-tk 3.13.5-3.1
* python313-x86-64-v3 3.13.5-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6069.html

openSUSE-SU-2025:15365-1: moderate: python311-3.11.13-3.1 on GA media

# python311-3.11.13-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15365-1
Rating: moderate

Cross-References:

* CVE-2025-6069

CVSS scores:

* CVE-2025-6069 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-6069 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-3.11.13-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311 3.11.13-3.1
* python311-32bit 3.11.13-3.1
* python311-curses 3.11.13-3.1
* python311-dbm 3.11.13-3.1
* python311-idle 3.11.13-3.1
* python311-tk 3.11.13-3.1
* python311-x86-64-v3 3.11.13-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6069.html

openSUSE-SU-2025:15362-1: moderate: java-21-openjdk-21.0.8.0-1.1 on GA media

# java-21-openjdk-21.0.8.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15362-1
Rating: moderate

Cross-References:

* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-50059
* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-21-openjdk-21.0.8.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-21-openjdk 21.0.8.0-1.1
* java-21-openjdk-demo 21.0.8.0-1.1
* java-21-openjdk-devel 21.0.8.0-1.1
* java-21-openjdk-headless 21.0.8.0-1.1
* java-21-openjdk-javadoc 21.0.8.0-1.1
* java-21-openjdk-jmods 21.0.8.0-1.1
* java-21-openjdk-src 21.0.8.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-50059.html
* https://www.suse.com/security/cve/CVE-2025-50106.html

openSUSE-SU-2025:15366-1: moderate: python312-3.12.11-3.1 on GA media

# python312-3.12.11-3.1 on GA media

Announcement ID: openSUSE-SU-2025:15366-1
Rating: moderate

Cross-References:

* CVE-2025-6069

CVSS scores:

* CVE-2025-6069 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-6069 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python312-3.12.11-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python312 3.12.11-3.1
* python312-32bit 3.12.11-3.1
* python312-curses 3.12.11-3.1
* python312-dbm 3.12.11-3.1
* python312-idle 3.12.11-3.1
* python312-tk 3.12.11-3.1
* python312-x86-64-v3 3.12.11-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-6069.html

openSUSE-SU-2025:15364-1: moderate: libexslt0-1.1.43-2.1 on GA media

# libexslt0-1.1.43-2.1 on GA media

Announcement ID: openSUSE-SU-2025:15364-1
Rating: moderate

Cross-References:

* CVE-2025-7424

CVSS scores:

* CVE-2025-7424 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libexslt0-1.1.43-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libexslt0 1.1.43-2.1
* libxslt-devel 1.1.43-2.1
* libxslt-devel-32bit 1.1.43-2.1
* libxslt-tools 1.1.43-2.1
* libxslt1 1.1.43-2.1
* libxslt1-32bit 1.1.43-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-7424.html

openSUSE-SU-2025:15361-1: moderate: busybox-1.37.0-5.1 on GA media

# busybox-1.37.0-5.1 on GA media

Announcement ID: openSUSE-SU-2025:15361-1
Rating: moderate

Cross-References:

* CVE-2023-42363
* CVE-2023-42364
* CVE-2023-42365

CVSS scores:

* CVE-2023-42363 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-42364 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-42364 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-42365 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the busybox-1.37.0-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* busybox 1.37.0-5.1
* busybox-static 1.37.0-5.1
* busybox-testsuite 1.37.0-5.1
* busybox-warewulf3 1.37.0-5.1

## References:

* https://www.suse.com/security/cve/CVE-2023-42363.html
* https://www.suse.com/security/cve/CVE-2023-42364.html
* https://www.suse.com/security/cve/CVE-2023-42365.html

openSUSE-SU-2025:15360-1: moderate: apache2-2.4.64-1.1 on GA media

# apache2-2.4.64-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15360-1
Rating: moderate

Cross-References:

* CVE-2024-42516
* CVE-2024-43204
* CVE-2024-43394
* CVE-2024-47252
* CVE-2025-23048
* CVE-2025-49630
* CVE-2025-49812
* CVE-2025-53020

CVSS scores:

* CVE-2024-42516 ( SUSE ): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-42516 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-43204 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-43204 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-43394 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-43394 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-47252 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-47252 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-23048 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23048 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-49630 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-49630 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-49812 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2025-49812 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-53020 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-53020 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 8 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the apache2-2.4.64-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* apache2 2.4.64-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42516.html
* https://www.suse.com/security/cve/CVE-2024-43204.html
* https://www.suse.com/security/cve/CVE-2024-43394.html
* https://www.suse.com/security/cve/CVE-2024-47252.html
* https://www.suse.com/security/cve/CVE-2025-23048.html
* https://www.suse.com/security/cve/CVE-2025-49630.html
* https://www.suse.com/security/cve/CVE-2025-49812.html
* https://www.suse.com/security/cve/CVE-2025-53020.html

SUSE-SU-2025:02451-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02451-1
Release Date: 2025-07-21T17:33:48Z
Rating: important
References:

* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-56558
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_153 fixes several issues.

The following security issues were fixed:

* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2452=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2451=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2451=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2452=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-3-150400.2.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-4-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-4-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-4-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-4-150300.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_37-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_153-default-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02454-1: important: Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

# Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)

Announcement ID: SUSE-SU-2025:02454-1
Release Date: 2025-07-21T19:03:58Z
Rating: important
References:

* bsc#1234854
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-53146
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-2454=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-2454=1

## Package List:

* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_51-debugsource-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-default-debuginfo-8-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_185-preempt-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_185-preempt-8-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_185-default-8-150300.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648

SUSE-SU-2025:02455-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

Announcement ID: SUSE-SU-2025:02455-1
Release Date: 2025-07-21T19:33:42Z
Rating: important
References:

* bsc#1229458
* bsc#1233118
* bsc#1234854
* bsc#1234885
* bsc#1234892
* bsc#1235005
* bsc#1235921
* bsc#1238912
* bsc#1238920
* bsc#1243648

Cross-References:

* CVE-2022-49465
* CVE-2024-42232
* CVE-2024-50208
* CVE-2024-53146
* CVE-2024-53166
* CVE-2024-53173
* CVE-2024-53214
* CVE-2024-56558
* CVE-2024-57893
* CVE-2025-21772

CVSS scores:

* CVE-2022-49465 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-49465 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-42232 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-42232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50208 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50208 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50208 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53146 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53146 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53166 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53166 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53166 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53214 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53214 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56558 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56558 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56558 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57893 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57893 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21772 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21772 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for the Linux Kernel 5.14.21-150400_24_122 fixes several issues.

The following security issues were fixed:

* CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234854).
* CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1238920).
* CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended
capability (bsc#1235005).
* CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous
open() (bsc#1234892).
* CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages
(bsc#1235921).
* CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop().
(bsc#1228959)
* CVE-2025-21772: partitions: mac: fix handling of bogus partition table
(bsc#1238912).
* CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234885).
* CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
(bsc#1233118).
* CVE-2024-56558: nfsd: make sure exp active before svc_export_show
(bsc#1243648).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2455=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2455=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-18-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-18-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_122-default-debuginfo-18-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_27-debugsource-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_122-default-18-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2022-49465.html
* https://www.suse.com/security/cve/CVE-2024-42232.html
* https://www.suse.com/security/cve/CVE-2024-50208.html
* https://www.suse.com/security/cve/CVE-2024-53146.html
* https://www.suse.com/security/cve/CVE-2024-53166.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53214.html
* https://www.suse.com/security/cve/CVE-2024-56558.html
* https://www.suse.com/security/cve/CVE-2024-57893.html
* https://www.suse.com/security/cve/CVE-2025-21772.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229458
* https://bugzilla.suse.com/show_bug.cgi?id=1233118
* https://bugzilla.suse.com/show_bug.cgi?id=1234854
* https://bugzilla.suse.com/show_bug.cgi?id=1234885
* https://bugzilla.suse.com/show_bug.cgi?id=1234892
* https://bugzilla.suse.com/show_bug.cgi?id=1235005
* https://bugzilla.suse.com/show_bug.cgi?id=1235921
* https://bugzilla.suse.com/show_bug.cgi?id=1238912
* https://bugzilla.suse.com/show_bug.cgi?id=1238920
* https://bugzilla.suse.com/show_bug.cgi?id=1243648