# Security update for the Linux Kernel Announcement ID: SUSE-SU-2025:0853-1 Release Date: 2025-03-13T10:40:03Z Rating: important References: * bsc#1208995 * bsc#1220946 * bsc#1225742 * bsc#1232472 * bsc#1232919 * bsc#1233701 * bsc#1233749 * bsc#1234154 * bsc#1234650 * bsc#1234853 * bsc#1234891 * bsc#1234963 * bsc#1235054 * bsc#1235061 * bsc#1235073 * bsc#1235111 * bsc#1236133 * bsc#1236289 * bsc#1236576 * bsc#1236661 * bsc#1236677 * bsc#1236757 * bsc#1236758 * bsc#1236760 * bsc#1236761 * bsc#1236777 * bsc#1236951 * bsc#1237025 * bsc#1237028 * bsc#1237139 * bsc#1237316 * bsc#1237693 * bsc#1238033 Cross-References: * CVE-2022-49080 * CVE-2023-1192 * CVE-2023-52572 * CVE-2024-50115 * CVE-2024-53135 * CVE-2024-53173 * CVE-2024-53226 * CVE-2024-53239 * CVE-2024-56539 * CVE-2024-56548 * CVE-2024-56605 * CVE-2024-57948 * CVE-2025-21647 * CVE-2025-21690 * CVE-2025-21692 * CVE-2025-21699 CVSS scores: * CVE-2022-49080 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52572 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-52572 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50115 ( SUSE ): 4.5 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H * CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H * CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-53135 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53135 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2024-53173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53226 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-53226 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53226 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53239 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56539 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-56548 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56548 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-57948 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-57948 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21647 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-21647 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21690 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21692 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21699 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-21699 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-21699 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves 16 vulnerabilities and has 17 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). * CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). * CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) * CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). * CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). * CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). * CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). * CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: * NFSD: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). * cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). * iavf: fix the waiting time for initial reset (bsc#1235111). * ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). * ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). * ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). * idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). * ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). * kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). * net: Fix undefined behavior in netdev name allocation (bsc#1233749). * net: avoid UAF on deleted altname (bsc#1233749). * net: check for altname conflicts when changing netdev's netns (bsc#1233749). * net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). * net: do not send a MOVE event when netdev changes netns (bsc#1233749). * net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). * net: fix ifname in netlink ntf during netns move (bsc#1233749). * net: fix removing a namespace with conflicting altnames (bsc#1233749). * net: free altname using an RCU callback (bsc#1233749). * net: introduce a function to check if a netdev name is in use (bsc#1233749). * net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). * net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). * net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760). * net: mana: Enable debugfs files for MANA device (bsc#1236758). * net: minor __dev_alloc_name() optimization (bsc#1233749). * net: move altnames together with the netdevice (bsc#1233749). * net: netvsc: Update default VMBus channels (bsc#1236757). * net: reduce indentation of __dev_alloc_name() (bsc#1233749). * net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). * net: remove else after return in dev_prep_valid_name() (bsc#1233749). * net: trust the bitmap in __dev_alloc_name() (bsc#1233749). * rcu: Remove rcu_is_idle_cpu() (bsc#1236289). * scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). * x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). * x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). * x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). * x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). * x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). * x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). * x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). * x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). * x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). * x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). * x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). * x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). * x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). * x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). * x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). * x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). * xen/swiotlb: relax alignment requirements (bsc#1236951). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-853=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-853=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.88.1 * kernel-source-rt-5.14.21-150500.13.88.1 * openSUSE Leap 15.5 (x86_64) * kernel-rt-optional-5.14.21-150500.13.88.1 * gfs2-kmp-rt-5.14.21-150500.13.88.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.88.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.88.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.88.1 * kernel-rt_debug-vdso-5.14.21-150500.13.88.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.88.1 * reiserfs-kmp-rt-5.14.21-150500.13.88.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.88.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.88.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.88.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.88.1 * ocfs2-kmp-rt-5.14.21-150500.13.88.1 * kernel-rt_debug-devel-5.14.21-150500.13.88.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.88.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.88.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.88.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.88.1 * kernel-rt-extra-5.14.21-150500.13.88.1 * kernel-rt-vdso-5.14.21-150500.13.88.1 * cluster-md-kmp-rt-5.14.21-150500.13.88.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.88.1 * kselftests-kmp-rt-5.14.21-150500.13.88.1 * kernel-syms-rt-5.14.21-150500.13.88.1 * kernel-rt-devel-5.14.21-150500.13.88.1 * kernel-rt-livepatch-5.14.21-150500.13.88.1 * kernel-rt-debugsource-5.14.21-150500.13.88.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.88.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.88.1 * kernel-rt-debuginfo-5.14.21-150500.13.88.1 * dlm-kmp-rt-5.14.21-150500.13.88.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.88.1 * kernel-rt_debug-5.14.21-150500.13.88.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.88.1 * kernel-source-rt-5.14.21-150500.13.88.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.88.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debugsource-5.14.21-150500.13.88.1 * kernel-rt-debuginfo-5.14.21-150500.13.88.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49080.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-52572.html * https://www.suse.com/security/cve/CVE-2024-50115.html * https://www.suse.com/security/cve/CVE-2024-53135.html * https://www.suse.com/security/cve/CVE-2024-53173.html * https://www.suse.com/security/cve/CVE-2024-53226.html * https://www.suse.com/security/cve/CVE-2024-53239.html * https://www.suse.com/security/cve/CVE-2024-56539.html * https://www.suse.com/security/cve/CVE-2024-56548.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://www.suse.com/security/cve/CVE-2024-57948.html * https://www.suse.com/security/cve/CVE-2025-21647.html * https://www.suse.com/security/cve/CVE-2025-21690.html * https://www.suse.com/security/cve/CVE-2025-21692.html * https://www.suse.com/security/cve/CVE-2025-21699.html * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1220946 * https://bugzilla.suse.com/show_bug.cgi?id=1225742 * https://bugzilla.suse.com/show_bug.cgi?id=1232472 * https://bugzilla.suse.com/show_bug.cgi?id=1232919 * https://bugzilla.suse.com/show_bug.cgi?id=1233701 * https://bugzilla.suse.com/show_bug.cgi?id=1233749 * https://bugzilla.suse.com/show_bug.cgi?id=1234154 * https://bugzilla.suse.com/show_bug.cgi?id=1234650 * https://bugzilla.suse.com/show_bug.cgi?id=1234853 * https://bugzilla.suse.com/show_bug.cgi?id=1234891 * https://bugzilla.suse.com/show_bug.cgi?id=1234963 * https://bugzilla.suse.com/show_bug.cgi?id=1235054 * https://bugzilla.suse.com/show_bug.cgi?id=1235061 * https://bugzilla.suse.com/show_bug.cgi?id=1235073 * https://bugzilla.suse.com/show_bug.cgi?id=1235111 * https://bugzilla.suse.com/show_bug.cgi?id=1236133 * https://bugzilla.suse.com/show_bug.cgi?id=1236289 * https://bugzilla.suse.com/show_bug.cgi?id=1236576 * https://bugzilla.suse.com/show_bug.cgi?id=1236661 * https://bugzilla.suse.com/show_bug.cgi?id=1236677 * https://bugzilla.suse.com/show_bug.cgi?id=1236757 * https://bugzilla.suse.com/show_bug.cgi?id=1236758 * https://bugzilla.suse.com/show_bug.cgi?id=1236760 * https://bugzilla.suse.com/show_bug.cgi?id=1236761 * https://bugzilla.suse.com/show_bug.cgi?id=1236777 * https://bugzilla.suse.com/show_bug.cgi?id=1236951 * https://bugzilla.suse.com/show_bug.cgi?id=1237025 * https://bugzilla.suse.com/show_bug.cgi?id=1237028 * https://bugzilla.suse.com/show_bug.cgi?id=1237139 * https://bugzilla.suse.com/show_bug.cgi?id=1237316 * https://bugzilla.suse.com/show_bug.cgi?id=1237693 * https://bugzilla.suse.com/show_bug.cgi?id=1238033