SUSE-IU-2025:2559-1: Security update of suse/sle-micro/base-5.5
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Sep 25 07:04:52 UTC 2025
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2559-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.209 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.209
Severity : important
Type : security
References : 1229334 1233640 1234896 1236333 1237164 1240799 1242414 1242780
1244309 1244824 1245110 1245506 1245711 1245956 1245970 1245986
1246211 1246473 1246781 1246911 1247143 1247314 1247347 1247348
1247349 1247374 1247437 1247518 1247976 1248223 1248297 1248306
1248312 1248338 1248511 1248614 1248621 1248748 1249353 CVE-2022-49980
CVE-2022-50116 CVE-2023-53117 CVE-2024-42265 CVE-2024-53093 CVE-2024-53177
CVE-2024-57947 CVE-2024-58239 CVE-2025-21701 CVE-2025-21971 CVE-2025-37798
CVE-2025-38088 CVE-2025-38120 CVE-2025-38177 CVE-2025-38180 CVE-2025-38184
CVE-2025-38323 CVE-2025-38350 CVE-2025-38352 CVE-2025-38460 CVE-2025-38468
CVE-2025-38477 CVE-2025-38494 CVE-2025-38495 CVE-2025-38497 CVE-2025-38498
CVE-2025-38499 CVE-2025-38546 CVE-2025-38555 CVE-2025-38560 CVE-2025-38563
CVE-2025-38608 CVE-2025-38617 CVE-2025-38618 CVE-2025-38644
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3344-1
Released: Wed Sep 24 15:34:13 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1229334,1233640,1234896,1236333,1237164,1240799,1242414,1242780,1244309,1244824,1245110,1245506,1245711,1245956,1245970,1245986,1246211,1246473,1246781,1246911,1247143,1247314,1247347,1247348,1247349,1247374,1247437,1247518,1247976,1248223,1248297,1248306,1248312,1248338,1248511,1248614,1248621,1248748,1249353,CVE-2022-49980,CVE-2022-50116,CVE-2023-53117,CVE-2024-42265,CVE-2024-53093,CVE-2024-53177,CVE-2024-57947,CVE-2024-58239,CVE-2025-21701,CVE-2025-21971,CVE-2025-37798,CVE-2025-38088,CVE-2025-38120,CVE-2025-38177,CVE-2025-38180,CVE-2025-38184,CVE-2025-38323,CVE-2025-38350,CVE-2025-38352,CVE-2025-38460,CVE-2025-38468,CVE-2025-38477,CVE-2025-38494,CVE-2025-38495,CVE-2025-38497,CVE-2025-38498,CVE-2025-38499,CVE-2025-38546,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38608,CVE-2025-38617,CVE-2025-38618,CVE-2025-38644
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- Disable N_GSM (jsc#PED-8240).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
The following package changes have been done:
- kernel-default-5.14.21-150500.55.121.2 updated
More information about the sle-container-updates
mailing list