SUSE update for the Linux Kernel

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_pipapo_get(), nft_pipapo_activate() and nft_pipapo_remove() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU93430

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26708

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the subflow_simultaneous_connect() function in net/mptcp/protocol.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU91318

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU94270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU94979

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41055

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU96834

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU97191

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45009

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU97192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45010

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_pm_nl_rm_addr_or_subflow(), mptcp_pm_remove_anno_addr(), mptcp_nl_remove_subflow_and_signal_addr(), mptcp_nl_remove_id_zero_address() and mptcp_pm_nl_fullmesh() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU97783

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46858

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU98898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU98867

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU98876

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Double free

EUVDB-ID: #VU99056

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50029

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the hci_enhanced_setup_sync() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Incorrect calculation

EUVDB-ID: #VU99185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50036

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dst_destroy() and dst_dev_put() functions in net/core/dst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU99442

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU99443

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50085

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mptcp_pm_nl_rm_addr_or_subflow() function in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU99810

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50115

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU100081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50142

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the verify_newsa_info() function in net/xfrm/xfrm_user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Reachable assertion

EUVDB-ID: #VU100131

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50185

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper locking

EUVDB-ID: #VU100630

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50294

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rxrpc_connect_client_calls() and rxrpc_disconnect_client_call() functions in net/rxrpc/conn_client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Division by zero

EUVDB-ID: #VU101112

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53123

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the mptcp_recvmsg() and pr_debug() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU101909

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53147

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU102058

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53173

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU102174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53176

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cifs_dentry_needs_reval() function in fs/smb/client/inode.c, within the init_cifs() and cifs_destroy_netfs() functions in fs/smb/client/cifsfs.c, within the free_cached_dir(), close_all_cached_dirs(), invalidate_all_cached_dirs(), cached_dir_lease_break(), init_cached_dir(), cfids_laundromat_worker(), init_cached_dirs() and free_cached_dirs() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU102056

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53177

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_query_info_free(), invalidate_all_cached_dirs(), smb2_cached_lease_break(), cached_dir_lease_break() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU102007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53178

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_or_create_cached_dir() and smb2_set_related() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU102142

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53226

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU102070

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53239

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU102236

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56539

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU102075

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56548

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU102127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56568

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arm_smmu_probe_device() function in drivers/iommu/arm/arm-smmu/arm-smmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper error handling

EUVDB-ID: #VU102205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56579

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU102167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56592

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the htab_elem_free(), free_htab_elem(), alloc_htab_elem(), htab_map_update_elem(), htab_map_delete_elem() and prealloc_lru_pop() functions in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU102020

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56605

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU102025

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56633

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU102186

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56647

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the icmp_route_lookup() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU102033

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56658

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU102266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56720

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU102921

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57882

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_established_options_add_addr() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU102935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57889

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ARRAY_SIZE(), mcp_pinconf_get() and mcp_pinconf_set() functions in drivers/pinctrl/pinctrl-mcp23s08.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper error handling

EUVDB-ID: #VU103592

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57948

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU104972

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57979

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ptp_ocp_complete() function in drivers/ptp/ptp_ocp.c, within the DEFINE_MUTEX(), pps_cdev_pps_fetch(), pps_cdev_ioctl(), pps_cdev_compat_ioctl(), pps_device_destruct(), pps_register_cdev(), pps_unregister_cdev(), EXPORT_SYMBOL() and pps_init() functions in drivers/pps/pps.c, within the pps_kc_bind() and pps_kc_remove() functions in drivers/pps/kc.c, within the pps_add_offset(), pps_register_source() and pps_event() functions in drivers/pps/kapi.c, within the parport_irq() function in drivers/pps/clients/pps_parport.c, within the pps_tty_dcd_change(), pps_tty_open() and pps_tty_close() functions in drivers/pps/clients/pps-ldisc.c, within the pps_ktimer_exit() and pps_ktimer_init() functions in drivers/pps/clients/pps-ktimer.c, within the pps_gpio_probe() function in drivers/pps/clients/pps-gpio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU105028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57994

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pfifo_fast_change_tx_queue_len() function in net/sched/sch_generic.c, within the tun_queue_resize() function in drivers/net/tun.c, within the tap_queue_resize() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU103023

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21636

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_udp_port() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU103024

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21637

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU103025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21638

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_alpha_beta() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU103026

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21639

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU103027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21640

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() function in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

EUVDB-ID: #VU103014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21647

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cake_ddst(), cake_enqueue() and cake_dequeue() functions in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Infinite loop

EUVDB-ID: #VU103594

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21665

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) NULL pointer dereference

EUVDB-ID: #VU103513

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21666

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and vsock_connectible_has_data() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Infinite loop

EUVDB-ID: #VU103595

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21667

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the iomap_write_delalloc_scan() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU103512

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21668

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the imx8mp_blk_ctrl_remove() function in drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU103583

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21669

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the virtio_transport_recv_pkt() function in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) NULL pointer dereference

EUVDB-ID: #VU103584

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21670

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vsock_bpf_recvmsg() function in net/vmw_vsock/vsock_bpf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Double free

EUVDB-ID: #VU103515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21673

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU103585

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21675

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_lag_port_sel_create() and mlx5_destroy_ttc_table() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU103582

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21680

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU103591

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21681

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper locking

EUVDB-ID: #VU103749

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21684

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DECLARE_BITMAP(), xgpio_set(), xgpio_set_multiple(), xgpio_dir_in(), xgpio_dir_out(), xgpio_irq_mask(), xgpio_irq_unmask(), xgpio_irqhandler() and xgpio_probe() functions in drivers/gpio/gpio-xilinx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Incorrect calculation

EUVDB-ID: #VU103753

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21687

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU103744

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21688

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

EUVDB-ID: #VU103742

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21689

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU103751

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21690

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dev_warn() and storvsc_on_io_completion() functions in drivers/scsi/storvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Out-of-bounds read

EUVDB-ID: #VU103743

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21692

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU103920

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21697

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v3d_irq() and v3d_hub_irq() functions in drivers/gpu/drm/v3d/v3d_irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Resource management error

EUVDB-ID: #VU103923

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21699

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU103959

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21700

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU105030

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21705

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Use-after-free

EUVDB-ID: #VU104964

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21715

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use of uninitialized resource

EUVDB-ID: #VU105044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21716

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the vxlan_vnifilter_dump() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Race condition

EUVDB-ID: #VU105081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21719

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Out-of-bounds read

EUVDB-ID: #VU104989

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21724

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iova_bitmap_offset_to_index() function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Input validation error

EUVDB-ID: #VU105085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21725

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Resource management error

EUVDB-ID: #VU105066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21728

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Resource management error

EUVDB-ID: #VU105074

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21733

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the trace_sched_migrate_callback() and register_migration_monitor() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Reachable assertion

EUVDB-ID: #VU105037

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21754

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper locking

EUVDB-ID: #VU105021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21767

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU104991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21790

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vxlan_init() function in drivers/net/vxlan/vxlan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Input validation error

EUVDB-ID: #VU105087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21795

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper error handling

EUVDB-ID: #VU105152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21799

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

Public Cloud Module: 15-SP6

openSUSE Leap: 15.6

SUSE Linux Enterprise Server for SAP Applications 15: SP6

SUSE Linux Enterprise Server 15: SP6

kernel-azure-vdso-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-vdso: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure: before 6.4.0-150600.8.31.1

dlm-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-extra-debuginfo: before 6.4.0-150600.8.31.1

dlm-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-optional-debuginfo: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure: before 6.4.0-150600.8.31.1

kselftests-kmp-azure: before 6.4.0-150600.8.31.1

ocfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-extra: before 6.4.0-150600.8.31.1

gfs2-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kselftests-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

cluster-md-kmp-azure: before 6.4.0-150600.8.31.1

kernel-azure-optional: before 6.4.0-150600.8.31.1

gfs2-kmp-azure: before 6.4.0-150600.8.31.1

reiserfs-kmp-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-devel-azure: before 6.4.0-150600.8.31.1

kernel-source-azure: before 6.4.0-150600.8.31.1

kernel-azure-devel: before 6.4.0-150600.8.31.1

kernel-syms-azure: before 6.4.0-150600.8.31.1

kernel-azure-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-devel-debuginfo: before 6.4.0-150600.8.31.1

kernel-azure-debugsource: before 6.4.0-150600.8.31.1

kernel-azure: before 6.4.0-150600.8.31.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Input validation error

EUVDB-ID: #VU105162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21802