SUSE-IU-2025:1382-1: Security update of suse/sle-micro/kvm-5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu May 22 07:06:27 UTC 2025 

SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1382-1
Image Tags        : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.328 , suse/sle-micro/kvm-5.5:latest
Image Release     : 3.5.328
Severity          : important
Type              : security
References        : 1054914 1206843 1210409 1225903 1229361 1229621 1230764 1231103
                        1231910 1236777 1237981 1238032 1238471 1238512 1238747 1238865
                        1239061 1239684 1239968 1240209 1240211 1240214 1240228 1240230
                        1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306
                        1240314 1240315 1240321 1240747 1240835 1241280 1241371 1241421
                        1241433 1241541 1241625 1241648 1242284 1242493 1242778 CVE-2021-47671
                        CVE-2022-48933 CVE-2022-49110 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745
                        CVE-2022-49767 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937
                        CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994
                        CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018
                        CVE-2023-53031 CVE-2023-53051 CVE-2024-42307 CVE-2024-46763 CVE-2024-46865
                        CVE-2024-50038 CVE-2025-21726 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812
                        CVE-2025-21839 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055
                        CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-39735 
-----------------------------------------------------------------

The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1620-1
Released:    Wed May 21 11:58:41 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621).
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
- CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910).
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).

The following non-security bugs were fixed:

- cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777).
- cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
- cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777).
- cpufreq: Support per-policy performance boost (bsc#1236777).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).


The following package changes have been done:

- kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.172 updated

More information about the sle-container-updates mailing list