Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:0945-1
Release Date:	2025-03-19T12:13:45Z
Rating:	important
References:	bsc#1208995 bsc#1220946 bsc#1224700 bsc#1225742 bsc#1232905 bsc#1232919 bsc#1234154 bsc#1234853 bsc#1234891 bsc#1234963 bsc#1235054 bsc#1235061 bsc#1235073 bsc#1236661 bsc#1236675 bsc#1236677 bsc#1236757 bsc#1236758 bsc#1236760 bsc#1236761 bsc#1237025 bsc#1237028 bsc#1237139 bsc#1237316 bsc#1237693 bsc#1238033
Cross-References:	CVE-2022-49080 CVE-2023-1192 CVE-2023-52572 CVE-2024-35949 CVE-2024-50115 CVE-2024-50128 CVE-2024-53135 CVE-2024-53173 CVE-2024-53239 CVE-2024-56539 CVE-2024-56548 CVE-2024-56605 CVE-2024-57948 CVE-2025-21690 CVE-2025-21692 CVE-2025-21699
CVSS scores:	CVE-2022-49080 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52572 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2023-52572 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50128 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-50128 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2024-50128 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-53135 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-53135 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-56548 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-57948 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-57948 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-21690 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21692 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21699 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21699 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21699 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves 16 vulnerabilities and has 10 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).

The following non-security bugs were fixed:

idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
net: mana: Enable debugfs files for MANA device (bsc#1236758).
net: netvsc: Update default VMBus channels (bsc#1236757).
scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
x86/kvm: fix is_stale_page_fault() (bsc#1236675).
x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-945=1
SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-945=1
SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-945=1
SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-945=1

Package List:

SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.112.1
- kernel-rt-debuginfo-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro 5.3 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.112.1
- kernel-rt-debuginfo-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.112.1
- kernel-rt-debuginfo-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro 5.4 (x86_64)
- kernel-rt-debugsource-5.14.21-150400.15.112.1
- kernel-rt-debuginfo-5.14.21-150400.15.112.1
SUSE Linux Enterprise Micro 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.112.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: