SUSE-IU-2025:2329-1: Security update of suse/sle-micro/rt-5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Aug 19 07:07:28 UTC 2025 

SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2329-1
Image Tags        : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.470 , suse/sle-micro/rt-5.5:latest
Image Release     : 4.5.470
Severity          : important
Type              : security
References        : 1206051 1221829 1233551 1234480 1234863 1236104 1236333 1237164
                        1238160 1239644 1240799 1242414 1242417 1244309 1244523 1245217
                        1245431 1245506 1245711 1245986 1246000 1246029 1246037 1246045
                        1246073 1246186 1246287 1246555 1246781 1247314 1247347 1247348
                        1247349 1247437 CVE-2022-49138 CVE-2022-49770 CVE-2023-52923
                        CVE-2023-52927 CVE-2024-26643 CVE-2024-53057 CVE-2024-53164 CVE-2024-57947
                        CVE-2025-21701 CVE-2025-21971 CVE-2025-37797 CVE-2025-37798 CVE-2025-38079
                        CVE-2025-38088 CVE-2025-38120 CVE-2025-38177 CVE-2025-38181 CVE-2025-38200
                        CVE-2025-38206 CVE-2025-38212 CVE-2025-38213 CVE-2025-38257 CVE-2025-38289
                        CVE-2025-38350 CVE-2025-38468 CVE-2025-38477 CVE-2025-38494 CVE-2025-38495
                        CVE-2025-38497 
-----------------------------------------------------------------

The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2852-1
Released:    Mon Aug 18 17:58:12 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1206051,1221829,1233551,1234480,1234863,1236104,1236333,1237164,1238160,1239644,1240799,1242414,1242417,1244309,1244523,1245217,1245431,1245506,1245711,1245986,1246000,1246029,1246037,1246045,1246073,1246186,1246287,1246555,1246781,1247314,1247347,1247348,1247349,1247437,CVE-2022-49138,CVE-2022-49770,CVE-2023-52923,CVE-2023-52927,CVE-2024-26643,CVE-2024-53057,CVE-2024-53164,CVE-2024-57947,CVE-2025-21701,CVE-2025-21971,CVE-2025-37797,CVE-2025-37798,CVE-2025-38079,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38181,CVE-2025-38200,CVE-2025-38206,CVE-2025-38212,CVE-2025-38213,CVE-2025-38257,CVE-2025-38289,CVE-2025-38350,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous  set with timeout (bsc#1221829).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).

The following non-security bugs were fixed:

- Revert 'hugetlb: unshare some PMDs when splitting VMAs' (bsc#1245431).
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race' 
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before' 
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555).


The following package changes have been done:

- kernel-rt-5.14.21-150500.13.103.2 updated

More information about the sle-container-updates mailing list