SUSE-IU-2025:2526-1: Security update of suse/sle-micro/rt-5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Sep 22 14:59:49 UTC 2025 

SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2526-1
Image Tags        : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.491 , suse/sle-micro/rt-5.5:latest
Image Release     : 4.5.491
Severity          : important
Type              : security
References        : 1229334 1233640 1234896 1235873 1240375 1242780 1244824 1245110
                        1245956 1245970 1246211 1246473 1246911 1247143 1247374 1247518
                        1247976 1248223 1248297 1248306 1248312 1248338 1248511 1248614
                        1248621 1248748 CVE-2022-49980 CVE-2022-50116 CVE-2023-53117
                        CVE-2024-42265 CVE-2024-53093 CVE-2024-53177 CVE-2024-58239 CVE-2025-38180
                        CVE-2025-38184 CVE-2025-38323 CVE-2025-38352 CVE-2025-38460 CVE-2025-38498
                        CVE-2025-38499 CVE-2025-38546 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563
                        CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644 
-----------------------------------------------------------------

The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3283-1
Released:    Fri Sep 19 19:49:41 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1229334,1233640,1234896,1240375,1242780,1244824,1245110,1245956,1245970,1246211,1246473,1246911,1247143,1247374,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,CVE-2022-49980,CVE-2022-50116,CVE-2023-53117,CVE-2024-42265,CVE-2024-53093,CVE-2024-53177,CVE-2024-58239,CVE-2025-38180,CVE-2025-38184,CVE-2025-38323,CVE-2025-38352,CVE-2025-38460,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#122824 bsc#1233640).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).

The following non-security bugs were fixed:

- Disable N_GSM (jsc#PED-8240, bsc#1244824).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3288-1
Released:    Mon Sep 22 12:13:27 2025
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1235873
This update for permissions fixes the following issues:

- permissions: remove unnecessary static dirs and devices (bsc#1235873)


The following package changes have been done:

- permissions-20201225-150400.5.22.1 updated
- kernel-rt-5.14.21-150500.13.106.1 updated
- container:suse-sle-micro-5.5-latest-2.0.4-5.5.372 updated

More information about the sle-container-updates mailing list