SUSE-SU-2025:4393-1: important: Security update for the Linux Kernel
SLE-SECURITY-UPDATES
null at suse.de
Mon Dec 15 12:31:12 UTC 2025
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2025:4393-1
Release Date: 2025-12-15T11:09:12Z
Rating: important
References:
* bsc#1235463
* bsc#1236743
* bsc#1237888
* bsc#1241166
* bsc#1243474
* bsc#1245193
* bsc#1247076
* bsc#1247500
* bsc#1247509
* bsc#1247683
* bsc#1249547
* bsc#1249912
* bsc#1249982
* bsc#1250034
* bsc#1250176
* bsc#1250237
* bsc#1250252
* bsc#1250705
* bsc#1251120
* bsc#1251786
* bsc#1252063
* bsc#1252267
* bsc#1252269
* bsc#1252303
* bsc#1252352
* bsc#1252353
* bsc#1252365
* bsc#1252366
* bsc#1252368
* bsc#1252370
* bsc#1252681
* bsc#1252763
* bsc#1252773
* bsc#1252774
* bsc#1252780
* bsc#1252790
* bsc#1252794
* bsc#1252795
* bsc#1252809
* bsc#1252817
* bsc#1252821
* bsc#1252836
* bsc#1252845
* bsc#1252862
* bsc#1252912
* bsc#1252917
* bsc#1252923
* bsc#1252928
* bsc#1253018
* bsc#1253176
* bsc#1253275
* bsc#1253318
* bsc#1253324
* bsc#1253349
* bsc#1253352
* bsc#1253355
* bsc#1253360
* bsc#1253362
* bsc#1253363
* bsc#1253367
* bsc#1253369
* bsc#1253393
* bsc#1253394
* bsc#1253395
* bsc#1253403
* bsc#1253407
* bsc#1253409
* bsc#1253412
* bsc#1253416
* bsc#1253421
* bsc#1253423
* bsc#1253424
* bsc#1253425
* bsc#1253427
* bsc#1253428
* bsc#1253431
* bsc#1253436
* bsc#1253438
* bsc#1253440
* bsc#1253441
* bsc#1253445
* bsc#1253448
* bsc#1253449
* bsc#1253453
* bsc#1253456
* bsc#1253472
* bsc#1253648
* bsc#1253779
* bsc#1254181
* bsc#1254221
* bsc#1254235
Cross-References:
* CVE-2022-50253
* CVE-2023-53676
* CVE-2025-21710
* CVE-2025-37916
* CVE-2025-38359
* CVE-2025-39788
* CVE-2025-39805
* CVE-2025-39819
* CVE-2025-39822
* CVE-2025-39859
* CVE-2025-39944
* CVE-2025-39980
* CVE-2025-40001
* CVE-2025-40021
* CVE-2025-40027
* CVE-2025-40030
* CVE-2025-40038
* CVE-2025-40040
* CVE-2025-40047
* CVE-2025-40048
* CVE-2025-40055
* CVE-2025-40059
* CVE-2025-40064
* CVE-2025-40070
* CVE-2025-40074
* CVE-2025-40075
* CVE-2025-40080
* CVE-2025-40083
* CVE-2025-40086
* CVE-2025-40098
* CVE-2025-40105
* CVE-2025-40107
* CVE-2025-40109
* CVE-2025-40110
* CVE-2025-40111
* CVE-2025-40115
* CVE-2025-40116
* CVE-2025-40118
* CVE-2025-40120
* CVE-2025-40121
* CVE-2025-40127
* CVE-2025-40129
* CVE-2025-40139
* CVE-2025-40140
* CVE-2025-40141
* CVE-2025-40149
* CVE-2025-40154
* CVE-2025-40156
* CVE-2025-40157
* CVE-2025-40159
* CVE-2025-40164
* CVE-2025-40168
* CVE-2025-40169
* CVE-2025-40171
* CVE-2025-40172
* CVE-2025-40173
* CVE-2025-40176
* CVE-2025-40180
* CVE-2025-40183
* CVE-2025-40185
* CVE-2025-40186
* CVE-2025-40188
* CVE-2025-40194
* CVE-2025-40198
* CVE-2025-40200
* CVE-2025-40204
* CVE-2025-40205
* CVE-2025-40206
* CVE-2025-40207
CVSS scores:
* CVE-2022-50253 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2022-50253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-50253 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-53676 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21710 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-37916 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-37916 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-37916 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-38359 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-38359 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-38359 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39788 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-39788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-39805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39805 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39819 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39822 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39859 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-39980 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39980 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40001 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40001 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40021 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40021 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-40027 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40027 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40030 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40030 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40038 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40040 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40047 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40047 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40055 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40059 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40059 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40064 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40074 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40075 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40083 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40086 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40086 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40098 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40098 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40105 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40107 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40109 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40110 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40110 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40111 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40115 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40116 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40118 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40118 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40120 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40121 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40127 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40127 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40129 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40129 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40139 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40140 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40140 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40141 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40141 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40149 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40149 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40154 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40156 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40156 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40157 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40157 ( SUSE ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40159 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40164 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40164 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40168 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40168 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40169 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40169 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40171 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40172 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40173 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40173 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40176 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40176 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40180 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40180 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-40183 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-40183 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-40185 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40186 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40186 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40188 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40194 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40198 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40200 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40204 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-40205 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40206 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40206 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40207 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* Development Tools Module 15-SP7
* Legacy Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Availability Extension 15 SP7
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
An update that solves 69 vulnerabilities and has 22 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security
issues
The following security issues were fixed:
* CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling
device (bsc#1249912).
* CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786).
* CVE-2025-21710: tcp: correct handling of extreme memory squeeze
(bsc#1237888).
* CVE-2025-37916: pds_core: remove write-after-free of client_id
(bsc#1243474).
* CVE-2025-38359: s390/mm: Fix in_atomic() handling in
do_secure_storage_access() (bsc#1247076).
* CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
(bsc#1249547).
* CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove()
(bsc#1249982).
* CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
* CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation
(bsc#1250034).
* CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by
ptp_ocp_watchdog (bsc#1250252).
* CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()
(bsc#1251120).
* CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a
group (bsc#1252063).
* CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
(bsc#1252303).
* CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent
(bsc#1252681).
* CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
* CVE-2025-40030: pinctrl: check the return value of
pinmux_ops::get_function_name() (bsc#1252773).
* CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP
isn't valid (bsc#1252817).
* CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise
(bsc#1252780).
* CVE-2025-40047: io_uring/waitid: always prune wait queue entry in
io_waitid_wait() (bsc#1252790).
* CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask
(bsc#1252862).
* CVE-2025-40055: ocfs2: fix double free in user_cluster_connect()
(bsc#1252821).
* CVE-2025-40059: coresight: Fix incorrect handling for return value of
devm_kzalloc (bsc#1252809).
* CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev()
(bsc#1252845).
* CVE-2025-40070: pps: fix warning in pps_register_cdev when register device
fail (bsc#1252836).
* CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794).
* CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
* CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
* CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue
(bsc#1252912).
* CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of
VM binds (bsc#1252923).
* CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_get_acpi_mute_state() (bsc#1252917).
* CVE-2025-40105: vfs: Don't leak disconnected dentries on umount
(bsc#1252928).
* CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (bsc#1253409).
* CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (bsc#1253355).
* CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation
(bsc#1253403).
* CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (bsc#1253427).
* CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
* CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth
(bsc#1253421).
* CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold
fails (bsc#1253425).
* CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation
failure (bsc#1253394).
* CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non security issues were fixed:
* ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
* ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
* ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
* ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-
fixes).
* ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
* ACPI: property: Return present device nodes only on fwnode interface
(stable-fixes).
* ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes).
* ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-
fixes).
* ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method() (stable-fixes).
* ALSA: hda: Fix missing pointer check in hda_component_manager_init function
(git-fixes).
* ALSA: serial-generic: remove shared static buffer (stable-fixes).
* ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
* ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
(git-fixes).
* ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-
fixes).
* ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
* ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
* ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c
(git-fixes).
* ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
* ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
* ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-
fixes).
* ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
* ASoC: qcom: sc8280xp: explicitly set S16LE format in
sc8280xp_be_hw_params_fixup() (stable-fixes).
* ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
* ASoC: tas2781: fix getting the wrong device number (git-fixes).
* ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-
fixes).
* Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-
fixes).
* Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
* Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
(git-fixes).
* Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
* Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes).
* Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (git-fixes).
* Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
* Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
* Bluetooth: bcsp: receive data only if registered (stable-fixes).
* Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes).
* Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames
(stable-fixes).
* Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-
fixes).
* Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
* Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
* HID: amd_sfh: Stop sensor before starting (git-fixes).
* HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes).
* HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
* HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
* HID: uclogic: Fix potential memory leak in error path (git-fixes).
* Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
* Input: imx_sc_key - fix memory corruption on unload (git-fixes).
* Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
* KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
* KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests (git-
fixes).
* KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-
fixes).
* KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing
(git-fixes).
* KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes).
* KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-
fixes).
* KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest
(git-fixes).
* KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes).
* KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-
fixes).
* KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-
fixes).
* KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest
(git-fixes).
* KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
* KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest
(git-fixes).
* KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-
fixes).
* KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes).
* KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
* KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
* KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE
(git-fixes).
* KVM: x86: Add helper to retrieve current value of user return MSR (git-
fixes).
* KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap
(git-fixes).
* KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-
fixes).
* KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-
fixes).
* KVM: x86: Have all vendor neutral sub-configs depend on KVM_X86, not just
KVM (git-fixes).
* NFS4: Fix state renewals missing after boot (git-fixes).
* NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
* NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
* NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
* NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes).
* NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
* NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
* PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
* PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
* PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
* PCI: cadence: Check for the existence of cdns_pcie::ops before using it
(stable-fixes).
* PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-
fixes).
* PCI: j721e: Fix incorrect error message in probe() (git-fixes).
* PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-
fixes).
* PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
* RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes).
* RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes).
* RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes).
* RDMA/hns: Fix the modification of max_send_sge (git-fixes).
* RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes).
* RDMA/irdma: Fix SD index calculation (git-fixes).
* RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes).
* accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
* accel/habanalabs/gaudi2: read preboot status after recovering from dirty
state (stable-fixes).
* accel/habanalabs: return ENOMEM if less than requested pages were pinned
(stable-fixes).
* accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
(stable-fixes).
* acpi,srat: Fix incorrect device handle check for Generic Initiator (git-
fixes).
* acpi/hmat: Fix lockdep warning for hmem_register_resource() (git-fixes).
* amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes).
* ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
(git-fixes).
* block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
(git-fixes).
* block: fix kobject double initialization in add_disk (git-fixes).
* bpf: Fix test verif_scale_strobemeta_subprogs failure due to llvm19
(bsc#1252368).
* bpf: improve error message for unsupported helper (bsc#1252370).
* btrfs: abort transaction on failure to add link to inode (git-fixes).
* btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-
fix).
* btrfs: avoid using fixed char array size for tree names (git-fix).
* btrfs: do not update last_log_commit when logging inode due to a new name
(git-fixes).
* btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
* btrfs: fix inode leak on failure to add link to inode (git-fixes).
* btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix).
* btrfs: mark dirty extent range for out of bound prealloc extents (git-
fixes).
* btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
* btrfs: rename err to ret in btrfs_link() (git-fixes).
* btrfs: run btrfs_error_commit_super() early (git-fix).
* btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-
fix).
* btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-
fixes).
* btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
* btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name
(git-fixes).
* btrfs: simplify error handling logic for btrfs_link() (git-fixes).
* btrfs: tree-checker: add dev extent item checks (git-fix).
* btrfs: tree-checker: add type and sequence check for inline backrefs (git-
fix).
* btrfs: tree-checker: fix the wrong output of data backref objectid (git-
fix).
* btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
* btrfs: tree-checker: validate dref root and objectid (git-fix).
* btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot() (git-fixes).
* cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier()
handle remote partition (bsc#1241166).
* char: misc: Does not request module for miscdevice with dynamic minor
(stable-fixes).
* char: misc: Make misc_register() reentry for miscdevice who wants dynamic
minor (stable-fixes).
* char: misc: restrict the dynamic range to exclude reserved minors (stable-
fixes).
* cpuset: Use new excpus for nocpu error check when enabling root partition
(bsc#1241166).
* cpuset: fix failure to enable isolated partition when containing isolcpus
(bsc#1241166).
* cramfs: Verify inode mode when loading from disk (git-fixes).
* crypto: aspeed - fix double free caused by devm (git-fixes).
* crypto: aspeed-acry - Convert to platform remove callback returning void
(stable-fixes).
* crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-
fixes).
* crypto: iaa - Do not clobber req->base.data (git-fixes).
* crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes).
* dmaengine: dw-edma: Set status for callback_result (stable-fixes).
* dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
* drm/amd/amdgpu: Release xcp drm memory after unplug (stable-fixes).
* drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with
DC_FP_START (stable-fixes).
* drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream
(stable-fixes).
* drm/amd/display: Add fallback path for YCBCR422 (stable-fixes).
* drm/amd/display: Allow VRR params change if unsynced with the stream (git-
fixes).
* drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
* drm/amd/display: Enable mst when it's detected but yet to be initialized
(git-fixes).
* drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
* drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes).
* drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
* drm/amd/display: Fix for test crash due to power gating (stable-fixes).
* drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc
(stable-fixes).
* drm/amd/display: Fix pbn_div Calculation Error (stable-fixes).
* drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-
fixes).
* drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting
(stable-fixes).
* drm/amd/display: Init dispclk from bootup clock for DCN314 (stable-fixes).
* drm/amd/display: Move setup_stream_attribute (stable-fixes).
* drm/amd/display: Reject modes with too high pixel clock on DCE6-10 (git-
fixes).
* drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off
(stable-fixes).
* drm/amd/display: Set up pixel encoding for YCBCR422 (stable-fixes).
* drm/amd/display: Support HW cursor 180 rot for any number of pipe splits
(stable-fixes).
* drm/amd/display: Wait until OTG enable state is cleared (stable-fixes).
* drm/amd/display: add more cyan skillfish devices (stable-fixes).
* drm/amd/display: change dc stream color settings only in atomic commit
(stable-fixes).
* drm/amd/display: ensure committing streams is seamless (stable-fixes).
* drm/amd/display: fix condition for setting timing_adjust_pending (stable-
fixes).
* drm/amd/display: fix dml ms order of operations (stable-fixes).
* drm/amd/display: incorrect conditions for failing dto calculations (stable-
fixes).
* drm/amd/display: update color on atomic commit time (stable-fixes).
* drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
* drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-
fixes).
* drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
* drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
* drm/amd: Avoid evicting resources at S5 (stable-fixes).
* drm/amd: Check that VPE has reached DPM0 in idle handler (stable-fixes).
* drm/amd: Fix suspend failure with secure display TA (git-fixes).
* drm/amd: add more cyan skillfish PCI ids (stable-fixes).
* drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (stable-fixes).
* drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
* drm/amdgpu/smu: Handle S0ix for vangogh (stable-fixes).
* drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
* drm/amdgpu: Check vcn sram load return value (stable-fixes).
* drm/amdgpu: Correct the counts of nr_banks and nr_errors (stable-fixes).
* drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
(stable-fixes).
* drm/amdgpu: Fix function header names in amdgpu_connectors.c (git-fixes).
* drm/amdgpu: Fix unintended error log in VCN5_0_0 (git-fixes).
* drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) (stable-fixes).
* drm/amdgpu: Skip poison aca bank from UE channel (stable-fixes).
* drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-
fixes).
* drm/amdgpu: add range check for RAS bad page address (stable-fixes).
* drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
* drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces
(stable-fixes).
* drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
* drm/amdgpu: fix nullptr err of vm_handle_moved (stable-fixes).
* drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (stable-fixes).
* drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
* drm/amdgpu: remove two invalid BUG_ON()s (stable-fixes).
* drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
* drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes).
* drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
* drm/amdkfd: relax checks for over allocation of save area (stable-fixes).
* drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
* drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off (git-
fixes).
* drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-
fixes).
* drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
* drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-
fixes).
* drm/exynos: exynos7_drm_decon: remove ctx->suspended (git-fixes).
* drm/i915/dp_mst: Work around Thunderbolt sink disconnect after
SINK_COUNT_ESI read (stable-fixes).
* drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-
fixes).
* drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
* drm/mediatek: Add pm_runtime support for GCE power control (git-fixes).
* drm/mediatek: Disable AFBC support on Mediatek DRM driver (git-fixes).
* drm/msm/a6xx: Fix PDC sleep sequence (git-fixes).
* drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-
fixes).
* drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
* drm/msm/registers: Generate _HI/LO builders for reg64 (stable-fixes).
* drm/msm: make sure to not queue up recovery more than once (stable-fixes).
* drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
(stable-fixes).
* drm/panthor: Serialize GPU cache flush operations (stable-fixes).
* drm/panthor: check bo offset alignment in vm bind (stable-fixes).
* drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes).
* drm/sched: Optimise drm_sched_entity_push_job (stable-fixes).
* drm/sched: avoid killing parent entity on child SIGKILL (stable-fixes).
* drm/tegra: Add call to put_pid() (git-fixes).
* drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes).
* drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-
fixes).
* drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
* drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-
fixes).
* drm/xe/guc: Add more GuC load error status codes (stable-fixes).
* drm/xe/guc: Increase GuC crash dump buffer size (stable-fixes).
* drm/xe/guc: Return an error code if the GuC load fails (stable-fixes).
* drm/xe/guc: Set upper limit of H2G retries over CTB (stable-fixes).
* drm/xe/guc: Synchronize Dead CT worker with unbind (git-fixes).
* drm/xe: Do clean shutdown also when using flr (git-fixes).
* drm/xe: Do not wake device during a GT reset (git-fixes).
* drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test (stable-
fixes).
* drm/xe: Move declarations under conditional branch (stable-fixes).
* drm/xe: Remove duplicate DRM_EXEC selection from Kconfig (git-fixes).
* drm: panel-backlight-quirks: Make EDID match optional (stable-fixes).
* exfat: limit log print for IO error (git-fixes).
* extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
* extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
* fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-
fixes).
* fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
(stable-fixes).
* fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
* fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-
fixes).
* hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-
fixes).
* hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
* hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
* hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models
(stable-fixes).
* hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-
fixes).
* hwmon: sy7636a: add alias (stable-fixes).
* hyperv: Remove the spurious null directive line (git-fixes).
* iio: adc: imx93_adc: load calibrated values even calibration failed (stable-
fixes).
* iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before
setting register (stable-fixes).
* ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
(stable-fixes).
* iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-
fixes).
* isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
* ixgbe: fix memory leak and use-after-free in ixgbe_recovery_probe() (git-
fixes).
* jfs: Verify inode mode when loading from disk (git-fixes).
* jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
* lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
(git-fixes).
* md/raid1: fix data lost for writemostly rdev (git-fixes).
* md: fix mssing blktrace bio split events (git-fixes).
* media: adv7180: Add missing lock in suspend callback (stable-fixes).
* media: adv7180: Do not write format to device in set_fmt (stable-fixes).
* media: adv7180: Only validate format in querystd (stable-fixes).
* media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
* media: fix uninitialized symbol warnings (stable-fixes).
* media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR
(stable-fixes).
* media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer
(stable-fixes).
* media: imon: make send_packet() more robust (stable-fixes).
* media: ov08x40: Fix the horizontal flip control (stable-fixes).
* media: redrat3: use int type to store negative error codes (stable-fixes).
* media: uvcvideo: Use heuristic to find stream entity (git-fixes).
* media: videobuf2: forbid remove_bufs when legacy fileio is active (git-
fixes).
* memstick: Add timeout to prevent indefinite waiting (stable-fixes).
* mfd: da9063: Split chip variant reading in two bus transactions (stable-
fixes).
* mfd: madera: Work around false-positive -Wininitialized warning (stable-
fixes).
* mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
* mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
* minixfs: Verify inode mode when loading from disk (git-fixes).
* mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-
fixes).
* mm/secretmem: fix use-after-free race in fault handler (git-fixes).
* mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
* mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
* mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes).
* mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
* mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
* mtdchar: fix integer overflow in read/write ioctls (git-fixes).
* net/mana: fix warning in the writer of client oob (git-fixes).
* net/smc: Remove validation of reserved bits in CLC Decline message
(bsc#1253779).
* net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes).
* net: phy: clear link parameters on admin link down (stable-fixes).
* net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-
fixes).
* net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
* net: tcp: send zero-window ACK when no memory (bsc#1253779).
* net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-
fixes).
* nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing (git-fixes).
* nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes).
* nvme-auth: add hkdf_expand_label() (bsc#1247683).
* nvme-auth: use hkdf_expand_label() (bsc#1247683).
* phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
* phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet
(stable-fixes).
* phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
(stable-fixes).
* pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes).
* pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-
fixes).
* pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-
fixes).
* platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos
(git-fixes).
* power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
* power: supply: qcom_battmgr: handle charging state change notifications
(stable-fixes).
* power: supply: sbs-charger: Support multiple devices (stable-fixes).
* powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
* powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409
bsc#1252269 ltc#215957).
* regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
* rtc: rx8025: fix incorrect register reference (git-fixes).
* s390/mm,fault: simplify kfence fault handling (bsc#1247076).
* scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-
fixes).
* scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
* scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
* scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-
fixes).
* scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes).
* scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
* scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
* scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
* scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-
fixes).
* scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
* scsi: storvsc: Prefer returning channel with the same CPU as on the I/O
issuing CPU (bsc#1252267).
* selftests/bpf: Check for timeout in perf_link test (bsc#1253648).
* selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes).
* selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes).
* selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
* selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes).
* selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
* selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
* selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-
fixes).
* selftests/bpf: Remove sockmap_ktls disconnect_after_delete test
(bsc#1252365).
* selftests/bpf: Remove tests for zeroed-array kptr (bsc#1252366).
* selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes).
* selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
* selftests/net/forwarding: add slowwait functions (bsc#1254235).
* selftests/net/lib: no need to record ns name if it already exist
(bsc#1254235).
* selftests/net/lib: update busywait timeout value (bsc#1254235).
* selftests/net: add lib.sh (bsc#1254235).
* selftests/net: add variable NS_LIST for lib.sh (bsc#1254235).
* selftests/net: use tc rule to filter the na packet (bsc#1254235).
* selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221).
* selftests: forwarding.config.sample: Move overrides to lib.sh (bsc#1254235).
* selftests: forwarding: Add a test for testing lib.sh functionality
(bsc#1254235).
* selftests: forwarding: Avoid failures to source net/lib.sh (bsc#1254235).
* selftests: forwarding: Change inappropriate log_test_skip() calls
(bsc#1254235).
* selftests: forwarding: Convert log_test() to recognize RET values
(bsc#1254235).
* selftests: forwarding: Have RET track kselftest framework constants
(bsc#1254235).
* selftests: forwarding: Parametrize mausezahn delay (bsc#1254235).
* selftests: forwarding: Redefine relative_path variable (bsc#1254235).
* selftests: forwarding: Remove duplicated lib.sh content (bsc#1254235).
* selftests: forwarding: Support for performance sensitive tests
(bsc#1254235).
* selftests: lib: Define more kselftest exit codes (bsc#1254235).
* selftests: lib: tc_rule_stats_get(): Move default to argument definition
(bsc#1254235).
* selftests: net: List helper scripts in TEST_FILES Makefile variable
(bsc#1254235).
* selftests: net: Unify code of busywait() and slowwait() (bsc#1254235).
* selftests: net: add helper for checking if nettest is available
(bsc#1254235).
* selftests: net: lib: Do not overwrite error messages (bsc#1254235).
* selftests: net: lib: Move logging from forwarding/lib.sh here (bsc#1254235).
* selftests: net: lib: avoid error removing empty netns name (bsc#1254235).
* selftests: net: lib: do not set ns var as readonly (bsc#1254235).
* selftests: net: lib: fix shift count out of range (bsc#1254235).
* selftests: net: lib: ignore possible errors (bsc#1254235).
* selftests: net: lib: kill PIDs before del netns (bsc#1254235).
* selftests: net: lib: remove 'ns' var in setup_ns (bsc#1254235).
* selftests: net: lib: remove ns from list after clean-up (bsc#1254235).
* selftests: net: lib: set 'i' as local (bsc#1254235).
* selftests: net: lib: support errexit with busywait (bsc#1254235).
* selftests: net: libs: Change variable fallback syntax (bsc#1254235).
* serial: 8250_exar: add support for Advantech 2 port card with Device ID
0x0018 (git-fixes).
* serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
* soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
* soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
* soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
* spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
* spi: loopback-test: Don't use %pK through printk (stable-fixes).
* spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
* strparser: Fix signed/unsigned mismatch bug (git-fixes).
* tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate
psock->cork (bsc#1250705).
* thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes).
* tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-
fixes).
* tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-
fixes).
* tools/hv: fcopy: Fix incorrect file path conversion (git-fixes).
* tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes).
* tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-
fixes).
* tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes).
* tools: lib: thermal: don't preserve owner in install (stable-fixes).
* tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
* uio_hv_generic: Query the ringbuffer size for device (git-fixes).
* usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
* usb: cdns3: gadget: Use-after-free during failed initialization and exit of
cdnsp gadget (stable-fixes).
* usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-
fixes).
* usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
* usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
* usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-
fixes).
* usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-
fixes).
* video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-
fixes).
* watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-
fixes).
* wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
* wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181).
* wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-
fixes).
* wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes).
* wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list (stable-fixes).
* wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower
bands (stable-fixes).
* wifi: mac80211: Fix HE capabilities element check (stable-fixes).
* wifi: mac80211: Track NAN interface start/stop (stable-fixes).
* wifi: mac80211: don't mark keys for inactive links as uploaded (stable-
fixes).
* wifi: mac80211: fix key tailroom accounting leak (git-fixes).
* wifi: mac80211: reject address change while connecting (git-fixes).
* wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
* wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-
fixes).
* wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
(stable-fixes).
* wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
* wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error (stable-
fixes).
* wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-
fixes).
* wifi: rtw88: sdio: use indirect IO for device registers before power-on
(stable-fixes).
* wifi: rtw89: print just once for unknown C2H events (stable-fixes).
* wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-
fixes).
* x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
* x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
* x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
* x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
* x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
* x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
* x86/bugs: Report correct retbleed mitigation status (git-fixes).
* x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
* xe/oa: Fix query mode of operation for OAR/OAC (git-fixes).
* xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
* xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive
(git-fixes).
* xhci: dbc: Improve performance by removing delay in transfer event polling
(stable-fixes).
* xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event
(git-fixes).
* xhci: dbc: poll at different rate depending on data transfer activity
(stable-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4393=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-4393=1
* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-4393=1
* SUSE Linux Enterprise High Availability Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2025-4393=1
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2025-4393=1
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-4393=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
## Package List:
* Basesystem Module 15-SP7 (aarch64 nosrc)
* kernel-64kb-6.4.0-150700.53.25.1
* Basesystem Module 15-SP7 (aarch64)
* kernel-64kb-devel-debuginfo-6.4.0-150700.53.25.1
* kernel-64kb-devel-6.4.0-150700.53.25.1
* kernel-64kb-debugsource-6.4.0-150700.53.25.1
* kernel-64kb-debuginfo-6.4.0-150700.53.25.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150700.53.25.1
* Basesystem Module 15-SP7 (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150700.53.25.1.150700.17.17.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-6.4.0-150700.53.25.1
* kernel-default-debuginfo-6.4.0-150700.53.25.1
* kernel-default-devel-6.4.0-150700.53.25.1
* kernel-default-debugsource-6.4.0-150700.53.25.1
* Basesystem Module 15-SP7 (noarch)
* kernel-devel-6.4.0-150700.53.25.1
* kernel-macros-6.4.0-150700.53.25.1
* Basesystem Module 15-SP7 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150700.53.25.1
* Basesystem Module 15-SP7 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150700.53.25.1
* kernel-zfcpdump-debuginfo-6.4.0-150700.53.25.1
* Development Tools Module 15-SP7 (noarch nosrc)
* kernel-docs-6.4.0-150700.53.25.2
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-6.4.0-150700.53.25.1
* kernel-syms-6.4.0-150700.53.25.1
* kernel-obs-build-debugsource-6.4.0-150700.53.25.1
* Development Tools Module 15-SP7 (noarch)
* kernel-source-6.4.0-150700.53.25.1
* Legacy Module 15-SP7 (nosrc)
* kernel-default-6.4.0-150700.53.25.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-6.4.0-150700.53.25.1
* reiserfs-kmp-default-6.4.0-150700.53.25.1
* reiserfs-kmp-default-debuginfo-6.4.0-150700.53.25.1
* kernel-default-debugsource-6.4.0-150700.53.25.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-debuginfo-6.4.0-150700.53.25.1
* dlm-kmp-default-debuginfo-6.4.0-150700.53.25.1
* gfs2-kmp-default-6.4.0-150700.53.25.1
* ocfs2-kmp-default-6.4.0-150700.53.25.1
* cluster-md-kmp-default-6.4.0-150700.53.25.1
* dlm-kmp-default-6.4.0-150700.53.25.1
* kernel-default-debuginfo-6.4.0-150700.53.25.1
* kernel-default-debugsource-6.4.0-150700.53.25.1
* cluster-md-kmp-default-debuginfo-6.4.0-150700.53.25.1
* ocfs2-kmp-default-debuginfo-6.4.0-150700.53.25.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (nosrc)
* kernel-default-6.4.0-150700.53.25.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (nosrc)
* kernel-default-6.4.0-150700.53.25.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* kernel-default-debuginfo-6.4.0-150700.53.25.1
* kernel-default-extra-debuginfo-6.4.0-150700.53.25.1
* kernel-default-extra-6.4.0-150700.53.25.1
* kernel-default-debugsource-6.4.0-150700.53.25.1
* SUSE Linux Enterprise Live Patching 15-SP7 (nosrc)
* kernel-default-6.4.0-150700.53.25.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_7-debugsource-1-150700.15.3.1
* kernel-default-debuginfo-6.4.0-150700.53.25.1
* kernel-livepatch-6_4_0-150700_53_25-default-1-150700.15.3.1
* kernel-default-debugsource-6.4.0-150700.53.25.1
* kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-1-150700.15.3.1
* kernel-default-livepatch-6.4.0-150700.53.25.1
* kernel-default-livepatch-devel-6.4.0-150700.53.25.1
## References:
* https://www.suse.com/security/cve/CVE-2022-50253.html
* https://www.suse.com/security/cve/CVE-2023-53676.html
* https://www.suse.com/security/cve/CVE-2025-21710.html
* https://www.suse.com/security/cve/CVE-2025-37916.html
* https://www.suse.com/security/cve/CVE-2025-38359.html
* https://www.suse.com/security/cve/CVE-2025-39788.html
* https://www.suse.com/security/cve/CVE-2025-39805.html
* https://www.suse.com/security/cve/CVE-2025-39819.html
* https://www.suse.com/security/cve/CVE-2025-39822.html
* https://www.suse.com/security/cve/CVE-2025-39859.html
* https://www.suse.com/security/cve/CVE-2025-39944.html
* https://www.suse.com/security/cve/CVE-2025-39980.html
* https://www.suse.com/security/cve/CVE-2025-40001.html
* https://www.suse.com/security/cve/CVE-2025-40021.html
* https://www.suse.com/security/cve/CVE-2025-40027.html
* https://www.suse.com/security/cve/CVE-2025-40030.html
* https://www.suse.com/security/cve/CVE-2025-40038.html
* https://www.suse.com/security/cve/CVE-2025-40040.html
* https://www.suse.com/security/cve/CVE-2025-40047.html
* https://www.suse.com/security/cve/CVE-2025-40048.html
* https://www.suse.com/security/cve/CVE-2025-40055.html
* https://www.suse.com/security/cve/CVE-2025-40059.html
* https://www.suse.com/security/cve/CVE-2025-40064.html
* https://www.suse.com/security/cve/CVE-2025-40070.html
* https://www.suse.com/security/cve/CVE-2025-40074.html
* https://www.suse.com/security/cve/CVE-2025-40075.html
* https://www.suse.com/security/cve/CVE-2025-40080.html
* https://www.suse.com/security/cve/CVE-2025-40083.html
* https://www.suse.com/security/cve/CVE-2025-40086.html
* https://www.suse.com/security/cve/CVE-2025-40098.html
* https://www.suse.com/security/cve/CVE-2025-40105.html
* https://www.suse.com/security/cve/CVE-2025-40107.html
* https://www.suse.com/security/cve/CVE-2025-40109.html
* https://www.suse.com/security/cve/CVE-2025-40110.html
* https://www.suse.com/security/cve/CVE-2025-40111.html
* https://www.suse.com/security/cve/CVE-2025-40115.html
* https://www.suse.com/security/cve/CVE-2025-40116.html
* https://www.suse.com/security/cve/CVE-2025-40118.html
* https://www.suse.com/security/cve/CVE-2025-40120.html
* https://www.suse.com/security/cve/CVE-2025-40121.html
* https://www.suse.com/security/cve/CVE-2025-40127.html
* https://www.suse.com/security/cve/CVE-2025-40129.html
* https://www.suse.com/security/cve/CVE-2025-40139.html
* https://www.suse.com/security/cve/CVE-2025-40140.html
* https://www.suse.com/security/cve/CVE-2025-40141.html
* https://www.suse.com/security/cve/CVE-2025-40149.html
* https://www.suse.com/security/cve/CVE-2025-40154.html
* https://www.suse.com/security/cve/CVE-2025-40156.html
* https://www.suse.com/security/cve/CVE-2025-40157.html
* https://www.suse.com/security/cve/CVE-2025-40159.html
* https://www.suse.com/security/cve/CVE-2025-40164.html
* https://www.suse.com/security/cve/CVE-2025-40168.html
* https://www.suse.com/security/cve/CVE-2025-40169.html
* https://www.suse.com/security/cve/CVE-2025-40171.html
* https://www.suse.com/security/cve/CVE-2025-40172.html
* https://www.suse.com/security/cve/CVE-2025-40173.html
* https://www.suse.com/security/cve/CVE-2025-40176.html
* https://www.suse.com/security/cve/CVE-2025-40180.html
* https://www.suse.com/security/cve/CVE-2025-40183.html
* https://www.suse.com/security/cve/CVE-2025-40185.html
* https://www.suse.com/security/cve/CVE-2025-40186.html
* https://www.suse.com/security/cve/CVE-2025-40188.html
* https://www.suse.com/security/cve/CVE-2025-40194.html
* https://www.suse.com/security/cve/CVE-2025-40198.html
* https://www.suse.com/security/cve/CVE-2025-40200.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://www.suse.com/security/cve/CVE-2025-40205.html
* https://www.suse.com/security/cve/CVE-2025-40206.html
* https://www.suse.com/security/cve/CVE-2025-40207.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235463
* https://bugzilla.suse.com/show_bug.cgi?id=1236743
* https://bugzilla.suse.com/show_bug.cgi?id=1237888
* https://bugzilla.suse.com/show_bug.cgi?id=1241166
* https://bugzilla.suse.com/show_bug.cgi?id=1243474
* https://bugzilla.suse.com/show_bug.cgi?id=1245193
* https://bugzilla.suse.com/show_bug.cgi?id=1247076
* https://bugzilla.suse.com/show_bug.cgi?id=1247500
* https://bugzilla.suse.com/show_bug.cgi?id=1247509
* https://bugzilla.suse.com/show_bug.cgi?id=1247683
* https://bugzilla.suse.com/show_bug.cgi?id=1249547
* https://bugzilla.suse.com/show_bug.cgi?id=1249912
* https://bugzilla.suse.com/show_bug.cgi?id=1249982
* https://bugzilla.suse.com/show_bug.cgi?id=1250034
* https://bugzilla.suse.com/show_bug.cgi?id=1250176
* https://bugzilla.suse.com/show_bug.cgi?id=1250237
* https://bugzilla.suse.com/show_bug.cgi?id=1250252
* https://bugzilla.suse.com/show_bug.cgi?id=1250705
* https://bugzilla.suse.com/show_bug.cgi?id=1251120
* https://bugzilla.suse.com/show_bug.cgi?id=1251786
* https://bugzilla.suse.com/show_bug.cgi?id=1252063
* https://bugzilla.suse.com/show_bug.cgi?id=1252267
* https://bugzilla.suse.com/show_bug.cgi?id=1252269
* https://bugzilla.suse.com/show_bug.cgi?id=1252303
* https://bugzilla.suse.com/show_bug.cgi?id=1252352
* https://bugzilla.suse.com/show_bug.cgi?id=1252353
* https://bugzilla.suse.com/show_bug.cgi?id=1252365
* https://bugzilla.suse.com/show_bug.cgi?id=1252366
* https://bugzilla.suse.com/show_bug.cgi?id=1252368
* https://bugzilla.suse.com/show_bug.cgi?id=1252370
* https://bugzilla.suse.com/show_bug.cgi?id=1252681
* https://bugzilla.suse.com/show_bug.cgi?id=1252763
* https://bugzilla.suse.com/show_bug.cgi?id=1252773
* https://bugzilla.suse.com/show_bug.cgi?id=1252774
* https://bugzilla.suse.com/show_bug.cgi?id=1252780
* https://bugzilla.suse.com/show_bug.cgi?id=1252790
* https://bugzilla.suse.com/show_bug.cgi?id=1252794
* https://bugzilla.suse.com/show_bug.cgi?id=1252795
* https://bugzilla.suse.com/show_bug.cgi?id=1252809
* https://bugzilla.suse.com/show_bug.cgi?id=1252817
* https://bugzilla.suse.com/show_bug.cgi?id=1252821
* https://bugzilla.suse.com/show_bug.cgi?id=1252836
* https://bugzilla.suse.com/show_bug.cgi?id=1252845
* https://bugzilla.suse.com/show_bug.cgi?id=1252862
* https://bugzilla.suse.com/show_bug.cgi?id=1252912
* https://bugzilla.suse.com/show_bug.cgi?id=1252917
* https://bugzilla.suse.com/show_bug.cgi?id=1252923
* https://bugzilla.suse.com/show_bug.cgi?id=1252928
* https://bugzilla.suse.com/show_bug.cgi?id=1253018
* https://bugzilla.suse.com/show_bug.cgi?id=1253176
* https://bugzilla.suse.com/show_bug.cgi?id=1253275
* https://bugzilla.suse.com/show_bug.cgi?id=1253318
* https://bugzilla.suse.com/show_bug.cgi?id=1253324
* https://bugzilla.suse.com/show_bug.cgi?id=1253349
* https://bugzilla.suse.com/show_bug.cgi?id=1253352
* https://bugzilla.suse.com/show_bug.cgi?id=1253355
* https://bugzilla.suse.com/show_bug.cgi?id=1253360
* https://bugzilla.suse.com/show_bug.cgi?id=1253362
* https://bugzilla.suse.com/show_bug.cgi?id=1253363
* https://bugzilla.suse.com/show_bug.cgi?id=1253367
* https://bugzilla.suse.com/show_bug.cgi?id=1253369
* https://bugzilla.suse.com/show_bug.cgi?id=1253393
* https://bugzilla.suse.com/show_bug.cgi?id=1253394
* https://bugzilla.suse.com/show_bug.cgi?id=1253395
* https://bugzilla.suse.com/show_bug.cgi?id=1253403
* https://bugzilla.suse.com/show_bug.cgi?id=1253407
* https://bugzilla.suse.com/show_bug.cgi?id=1253409
* https://bugzilla.suse.com/show_bug.cgi?id=1253412
* https://bugzilla.suse.com/show_bug.cgi?id=1253416
* https://bugzilla.suse.com/show_bug.cgi?id=1253421
* https://bugzilla.suse.com/show_bug.cgi?id=1253423
* https://bugzilla.suse.com/show_bug.cgi?id=1253424
* https://bugzilla.suse.com/show_bug.cgi?id=1253425
* https://bugzilla.suse.com/show_bug.cgi?id=1253427
* https://bugzilla.suse.com/show_bug.cgi?id=1253428
* https://bugzilla.suse.com/show_bug.cgi?id=1253431
* https://bugzilla.suse.com/show_bug.cgi?id=1253436
* https://bugzilla.suse.com/show_bug.cgi?id=1253438
* https://bugzilla.suse.com/show_bug.cgi?id=1253440
* https://bugzilla.suse.com/show_bug.cgi?id=1253441
* https://bugzilla.suse.com/show_bug.cgi?id=1253445
* https://bugzilla.suse.com/show_bug.cgi?id=1253448
* https://bugzilla.suse.com/show_bug.cgi?id=1253449
* https://bugzilla.suse.com/show_bug.cgi?id=1253453
* https://bugzilla.suse.com/show_bug.cgi?id=1253456
* https://bugzilla.suse.com/show_bug.cgi?id=1253472
* https://bugzilla.suse.com/show_bug.cgi?id=1253648
* https://bugzilla.suse.com/show_bug.cgi?id=1253779
* https://bugzilla.suse.com/show_bug.cgi?id=1254181
* https://bugzilla.suse.com/show_bug.cgi?id=1254221
* https://bugzilla.suse.com/show_bug.cgi?id=1254235
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20251215/31663859/attachment.htm>
More information about the sle-security-updates
mailing list