SUSE-SU-2025:03422-1: moderate: Security update for apache2-mod_security2
SUSE-SU-2025:03424-1: important: Security update for nvidia-open-driver-G06-signed
SUSE-SU-2025:03392-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)
SUSE-SU-2025:03389-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
SUSE-SU-2025:03391-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
SUSE-SU-2025:03396-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
SUSE-SU-2025:03393-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
SUSE-SU-2025:03395-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)
SUSE-SU-2025:03387-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
SUSE-SU-2025:03397-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
SUSE-SU-2025:03400-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
SUSE-SU-2025:03408-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
SUSE-SU-2025:03403-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
SUSE-SU-2025:03410-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
SUSE-SU-2025:03406-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
SUSE-SU-2025:03411-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
SUSE-SU-2025:03414-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
SUSE-SU-2025:03418-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
SUSE-SU-2025:03419-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
SUSE-SU-2025:03416-1: important: Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
openSUSE-SU-2025:0379-1: important: Security update for chromium
openSUSE-SU-2025:0377-1: important: Security update for afterburn
openSUSE-SU-2025:0378-1: important: Security update for chromium
SUSE-SU-2025:03422-1: moderate: Security update for apache2-mod_security2
# Security update for apache2-mod_security2
Announcement ID: SUSE-SU-2025:03422-1
Release Date: 2025-09-29T08:50:39Z
Rating: moderate
References:
* bsc#1247674
Cross-References:
* CVE-2025-54571
CVSS scores:
* CVE-2025-54571 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-54571 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-54571 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for apache2-mod_security2 fixes the following issues:
* CVE-2025-54571: Fixed insufficient return value handling on modsecurity
leads to xss and source code disclosure (bsc#1247674)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3422=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-3422=1
* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-3422=1
* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-3422=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* apache2-mod_security2-debugsource-2.9.4-150400.3.12.1
* apache2-mod_security2-debuginfo-2.9.4-150400.3.12.1
* apache2-mod_security2-2.9.4-150400.3.12.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* apache2-mod_security2-debugsource-2.9.4-150400.3.12.1
* apache2-mod_security2-debuginfo-2.9.4-150400.3.12.1
* apache2-mod_security2-2.9.4-150400.3.12.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-mod_security2-debugsource-2.9.4-150400.3.12.1
* apache2-mod_security2-debuginfo-2.9.4-150400.3.12.1
* apache2-mod_security2-2.9.4-150400.3.12.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* apache2-mod_security2-debugsource-2.9.4-150400.3.12.1
* apache2-mod_security2-debuginfo-2.9.4-150400.3.12.1
* apache2-mod_security2-2.9.4-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2025-54571.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247674
SUSE-SU-2025:03424-1: important: Security update for nvidia-open-driver-G06-signed
# Security update for nvidia-open-driver-G06-signed
Announcement ID: SUSE-SU-2025:03424-1
Release Date: 2025-09-29T09:02:01Z
Rating: important
References:
* bsc#1236658
* bsc#1236746
* bsc#1237208
* bsc#1237308
* bsc#1237585
* bsc#1239139
* bsc#1239653
* bsc#1241231
* bsc#1242054
* bsc#1243192
* bsc#1244614
* bsc#1246010
* bsc#1246327
* bsc#1247528
* bsc#1247529
* bsc#1247530
* bsc#1247531
* bsc#1247532
* bsc#1247907
* bsc#1247923
* bsc#1249235
* jsc#PED-13295
Cross-References:
* CVE-2025-23277
* CVE-2025-23278
* CVE-2025-23279
* CVE-2025-23283
* CVE-2025-23286
CVSS scores:
* CVE-2025-23277 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-23277 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-23278 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-23278 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-23279 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23279 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23283 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-23286 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-23286 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS
An update that solves five vulnerabilities, contains one feature and has 16
security fixes can now be installed.
## Description:
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
* CVE-2025-23277: Fixed access memory outside bounds permitted under normal
use cases in NVIDIA Display Driver (bsc#1247528).
* CVE-2025-23278: Fixed improper index validation by issuing a call with
crafted parameters in NVIDIA Display Driver (bsc#1247529).
* CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver
(bsc#1247530).
* CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest
in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
* CVE-2025-23279: Fixed race condition that lead to privileges escalations in
NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
* Added Requires to be provided by special versions of nvidia-modprobe and
nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
* Get rid of rule of older KMPs not to load nvidia_drm module, which are still
installed in parallel and therefore still active (bsc#1247923).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3424=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3424=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-3424=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3424=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-3424=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3424=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3424=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3424=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3424=1
* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3424=1
* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-3424=1
* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3424=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* openSUSE Leap 15.4 (aarch64)
* nvidia-open-driver-G06-signed-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* nvidia-open-driver-G06-signed-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* nvidia-open-driver-G06-signed-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
* nvidia-open-driver-G06-signed-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-64kb-devel-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
* SUSE Manager Server 4.3 LTS (x86_64)
* nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-debugsource-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-cuda-default-devel-580.82.07-150400.98.1
* nv-prefer-signed-open-driver-580.82.07-150400.98.1
* nvidia-open-driver-G06-signed-kmp-default-580.82.07_k5.14.21_150400.24.173-150400.98.1
* nvidia-open-driver-G06-signed-default-devel-580.82.07-150400.98.1
## References:
* https://www.suse.com/security/cve/CVE-2025-23277.html
* https://www.suse.com/security/cve/CVE-2025-23278.html
* https://www.suse.com/security/cve/CVE-2025-23279.html
* https://www.suse.com/security/cve/CVE-2025-23283.html
* https://www.suse.com/security/cve/CVE-2025-23286.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236658
* https://bugzilla.suse.com/show_bug.cgi?id=1236746
* https://bugzilla.suse.com/show_bug.cgi?id=1237208
* https://bugzilla.suse.com/show_bug.cgi?id=1237308
* https://bugzilla.suse.com/show_bug.cgi?id=1237585
* https://bugzilla.suse.com/show_bug.cgi?id=1239139
* https://bugzilla.suse.com/show_bug.cgi?id=1239653
* https://bugzilla.suse.com/show_bug.cgi?id=1241231
* https://bugzilla.suse.com/show_bug.cgi?id=1242054
* https://bugzilla.suse.com/show_bug.cgi?id=1243192
* https://bugzilla.suse.com/show_bug.cgi?id=1244614
* https://bugzilla.suse.com/show_bug.cgi?id=1246010
* https://bugzilla.suse.com/show_bug.cgi?id=1246327
* https://bugzilla.suse.com/show_bug.cgi?id=1247528
* https://bugzilla.suse.com/show_bug.cgi?id=1247529
* https://bugzilla.suse.com/show_bug.cgi?id=1247530
* https://bugzilla.suse.com/show_bug.cgi?id=1247531
* https://bugzilla.suse.com/show_bug.cgi?id=1247532
* https://bugzilla.suse.com/show_bug.cgi?id=1247907
* https://bugzilla.suse.com/show_bug.cgi?id=1247923
* https://bugzilla.suse.com/show_bug.cgi?id=1249235
* https://jira.suse.com/browse/PED-13295
SUSE-SU-2025:03392-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03392-1
Release Date: 2025-09-27T11:33:26Z
Rating: important
References:
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_173 fixes several issues.
The following security issues were fixed:
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3392=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3392=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-2-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-2-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03389-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03389-1
Release Date: 2025-09-26T22:04:12Z
Rating: important
References:
* bsc#1246001
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_170 fixes several issues.
The following security issues were fixed:
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3389=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3389=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-4-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03391-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03391-1
Release Date: 2025-09-27T09:33:34Z
Rating: important
References:
* bsc#1245772
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2024-26808
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2024-26808 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26808 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_164 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (bsc#1245772).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3390=1 SUSE-2025-3391=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3390=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3391=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-12-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_35-debugsource-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_147-default-debuginfo-12-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-26808.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245772
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03396-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03396-1
Release Date: 2025-09-27T15:33:27Z
Rating: important
References:
* bsc#1246001
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues.
The following security issues were fixed:
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3396=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3396=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-5-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03393-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03393-1
Release Date: 2025-09-27T11:33:32Z
Rating: important
References:
* bsc#1231862
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2024-49860
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2024-49860 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49860 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49860 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_80 fixes several issues.
The following security issues were fixed:
* CVE-2024-49860: ACPI: sysfs: validate return type of _STR method
(bsc#1231862).
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3393=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3393=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-15-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_19-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_80-default-debuginfo-15-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-49860.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231862
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03395-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03395-1
Release Date: 2025-09-27T14:03:45Z
Rating: important
References:
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_97 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3394=1 SUSE-2025-3395=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3394=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3395=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-11-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-7-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_21-debugsource-11-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_24-debugsource-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_88-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_97-default-7-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03387-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
# Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
Announcement ID: SUSE-SU-2025:03387-1
Release Date: 2025-09-26T22:04:05Z
Rating: important
References:
* bsc#1245772
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2024-26808
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2024-26808 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26808 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_161 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (bsc#1245772).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-3387=1 SUSE-2025-3388=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-3387=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2025-3388=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-6-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_33-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_141-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_39-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_161-default-6-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-26808.html
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245772
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03397-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03397-1
Release Date: 2025-09-27T18:03:46Z
Rating: important
References:
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_103 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3399=1 SUSE-2025-3397=1 SUSE-2025-3398=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3399=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3397=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-3398=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-15-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-15-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_22-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_91-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_20-debugsource-15-150500.2.1
* kernel-livepatch-5_14_21-150500_55_83-default-15-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03400-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03400-1
Release Date: 2025-09-27T22:03:56Z
Rating: important
References:
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-21755
* CVE-2025-21756
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-21755 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21755 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_110 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1245795).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3400=1 SUSE-2025-3401=1 SUSE-2025-3402=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3400=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2025-3401=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2025-3402=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-5-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_23-debugsource-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-6-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_25-debugsource-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-5-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_94-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_100-default-6-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-5-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21755.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03408-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03408-1
Release Date: 2025-09-28T03:03:51Z
Rating: important
References:
* bsc#1245685
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-21756
* CVE-2025-38109
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38109 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves six vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow
(bsc#1245685).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3408=1 SUSE-2025-3409=1 SUSE-2025-3404=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3408=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3409=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-3404=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-12-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_25-default-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_33-default-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_5-debugsource-16-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_7-debugsource-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_6-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_30-default-12-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38109.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245685
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03403-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
# Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)
Announcement ID: SUSE-SU-2025:03403-1
Release Date: 2025-09-27T22:04:03Z
Rating: important
References:
* bsc#1245805
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-21701
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-21701 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_116 fixes several issues.
The following security issues were fixed:
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
* CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
(bsc#1245805).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-3403=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-3403=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-3-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-21701.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245805
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03410-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03410-1
Release Date: 2025-09-28T05:35:32Z
Rating: important
References:
* bsc#1245685
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38109
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38109 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow
(bsc#1245685).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3410=1 SUSE-2025-3407=1 SUSE-2025-3405=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3410=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2025-3407=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2025-3405=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_38-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_38-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_10-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_8-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_42-default-7-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38109.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245685
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03406-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03406-1
Release Date: 2025-09-28T01:04:01Z
Rating: important
References:
* bsc#1231862
* bsc#1245685
* bsc#1245795
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2024-49860
* CVE-2025-21756
* CVE-2025-38109
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2024-49860 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-49860 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49860 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21756 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21756 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38109 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.
The following security issues were fixed:
* CVE-2024-49860: ACPI: sysfs: validate return type of _STR method
(bsc#1231862).
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow
(bsc#1245685).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-21756: vsock: Keep the binding until socket destruction
(bsc#1245795).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3406=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3406=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-17-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-17-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_4-debugsource-17-150600.2.1
* kernel-livepatch-6_4_0-150600_23_22-default-17-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-49860.html
* https://www.suse.com/security/cve/CVE-2025-21756.html
* https://www.suse.com/security/cve/CVE-2025-38109.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231862
* https://bugzilla.suse.com/show_bug.cgi?id=1245685
* https://bugzilla.suse.com/show_bug.cgi?id=1245795
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03411-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03411-1
Release Date: 2025-09-28T06:04:46Z
Rating: important
References:
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_60 fixes several issues.
The following security issues were fixed:
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3411=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3411=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-4-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03414-1: important: Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 56 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:03414-1
Release Date: 2025-09-28T15:33:39Z
Rating: important
References:
* bsc#1246001
* bsc#1246356
* bsc#1247499
Cross-References:
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
CVSS scores:
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_201 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3414=1 SUSE-2025-3415=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3414=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2025-3415=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-8-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-8-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_201-preempt-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-8-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-preempt-6-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_56-debugsource-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_201-default-debuginfo-6-150300.2.1
* kernel-livepatch-5_3_18-150300_59_198-default-8-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
SUSE-SU-2025:03418-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03418-1
Release Date: 2025-09-28T23:04:01Z
Rating: important
References:
* bsc#1245685
* bsc#1246001
* bsc#1246356
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38109
* CVE-2025-38177
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38109 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_50 fixes several issues.
The following security issues were fixed:
* CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1246356).
* CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow
(bsc#1245685).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3418=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3417=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3417=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_0-debugsource-4-150700.3.9.2
* kernel-livepatch-6_4_0-150700_51-default-4-150700.3.9.2
* kernel-livepatch-6_4_0-150700_51-default-debuginfo-4-150700.3.9.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-5-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-5-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38109.html
* https://www.suse.com/security/cve/CVE-2025-38177.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245685
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1246356
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03419-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
# Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)
Announcement ID: SUSE-SU-2025:03419-1
Release Date: 2025-09-28T23:04:07Z
Rating: important
References:
* bsc#1245685
* bsc#1246001
* bsc#1247499
* bsc#1248298
Cross-References:
* CVE-2025-38109
* CVE-2025-38181
* CVE-2025-38498
* CVE-2025-38555
CVSS scores:
* CVE-2025-38109 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38109 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38181 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38181 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38555 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38555 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.
The following security issues were fixed:
* CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow
(bsc#1245685).
* CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(bsc#1246001).
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
* CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup()
(bsc#1248298).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3419=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-3419=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-5-150600.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-5-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-5-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-5-150600.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38109.html
* https://www.suse.com/security/cve/CVE-2025-38181.html
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://www.suse.com/security/cve/CVE-2025-38555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245685
* https://bugzilla.suse.com/show_bug.cgi?id=1246001
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
* https://bugzilla.suse.com/show_bug.cgi?id=1248298
SUSE-SU-2025:03416-1: important: Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
# Security update for the Linux Kernel (Live Patch 60 for SLE 15 SP3)
Announcement ID: SUSE-SU-2025:03416-1
Release Date: 2025-09-28T16:03:58Z
Rating: important
References:
* bsc#1247499
Cross-References:
* CVE-2025-38498
CVSS scores:
* CVE-2025-38498 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38498 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_215 fixes one issue.
The following security issue was fixed:
* CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours
mounts (bsc#1247499).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-3416=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-3416=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-2-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_215-preempt-debuginfo-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-preempt-2-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_60-debugsource-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-debuginfo-2-150300.2.1
* kernel-livepatch-5_3_18-150300_59_215-default-2-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-38498.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247499
openSUSE-SU-2025:0379-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
_______________________________
Announcement ID: openSUSE-SU-2025:0379-1
Rating: important
References: #1250472
Cross-References: CVE-2025-10890 CVE-2025-10891 CVE-2025-10892
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 140.0.7339.207 (boo#1250472)
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2025-379=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 x86_64):
chromedriver-140.0.7339.207-bp157.2.55.1
chromium-140.0.7339.207-bp157.2.55.1
References:
https://www.suse.com/security/cve/CVE-2025-10890.html
https://www.suse.com/security/cve/CVE-2025-10891.html
https://www.suse.com/security/cve/CVE-2025-10892.html
https://bugzilla.suse.com/1250472
openSUSE-SU-2025:0377-1: important: Security update for afterburn
openSUSE Security Update: Security update for afterburn
_______________________________
Announcement ID: openSUSE-SU-2025:0377-1
Rating: important
References: #1244675 #1250471
Cross-References: CVE-2025-5791
CVSS scores:
CVE-2025-5791 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for afterburn fixes the following issues:
- Update to version 5.9.0.git21.a73f509:
* docs/release-notes: update for release 5.10.0
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* docs/release-notes: Add entry for Azure SharedConfig XML parsing fix
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS
as azure stopped providing keys in the old one, fixes boo#1250471
* build(deps): bump the build group with 8 updates
* build(deps): bump slab from 0.4.10 to 0.4.11
* build(deps): bump actions/checkout from 4 to 5
* upcloud: implement UpCloud provider
* build(deps): bump the build group with 4 updates
* Sync repo templates ???
- Update to version 5.9.0:
* cargo: Afterburn release 5.9.0
* docs/release-notes: update for release 5.9.0
* cargo: update dependencies
* Add TMT test structure and basic smoke test
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump reqwest from 0.12.15 to 0.12.18
* docs/release-notes: Update changelog entry
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* build(deps): bump nix from 0.29.0 to 0.30.1
* build(deps): bump zbus from 5.7.0 to 5.7.1
* build(deps): bump serde-xml-rs from 0.6.0 to 0.8.1
* build(deps): bump ipnetwork from 0.20.0 to 0.21.1
* build(deps): bump clap from 4.5.38 to 4.5.39
- Fix Requires in noarch package to not be arch specific (boo#1244675)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2025-377=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
afterburn-5.9.0.git21.a73f509-bp157.2.6.1
- openSUSE Backports SLE-15-SP7 (noarch):
afterburn-dracut-5.9.0.git21.a73f509-bp157.2.6.1
References:
https://www.suse.com/security/cve/CVE-2025-5791.html
https://bugzilla.suse.com/1244675
https://bugzilla.suse.com/1250471
openSUSE-SU-2025:0378-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
_______________________________
Announcement ID: openSUSE-SU-2025:0378-1
Rating: important
References: #1250472
Cross-References: CVE-2025-10890 CVE-2025-10891 CVE-2025-10892
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 140.0.7339.207 (boo#1250472)
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-378=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 x86_64):
chromedriver-140.0.7339.207-bp156.2.173.1
chromium-140.0.7339.207-bp156.2.173.1
References:
https://www.suse.com/security/cve/CVE-2025-10890.html
https://www.suse.com/security/cve/CVE-2025-10891.html
https://www.suse.com/security/cve/CVE-2025-10892.html
https://bugzilla.suse.com/1250472
