SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2021-47633 CVE-2022-1048 CVE-2022-3303 CVE-2022-49272 CVE-2022-49288 CVE-2022-49291 CVE-2022-49545 CVE-2022-49733 CVE-2024-56658 CVE-2024-57996 CVE-2025-21718 CVE-2025-21772 |
| CWE-ID | CWE-125 CWE-416 CWE-476 CWE-667 CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME Operating systems & Components / Operating system SUSE Linux Enterprise Server 11 Operating systems & Components / Operating system kernel-default-devel Operating systems & Components / Operating system package or component kernel-ec2-devel Operating systems & Components / Operating system package or component kernel-xen-devel Operating systems & Components / Operating system package or component kernel-trace-devel Operating systems & Components / Operating system package or component kernel-xen-base Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-trace-base Operating systems & Components / Operating system package or component kernel-ec2-base Operating systems & Components / Operating system package or component kernel-xen Operating systems & Components / Operating system package or component kernel-ec2 Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-trace Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU104540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47633
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath5k_eeprom_convert_pcal_info_5111() function in drivers/net/wireless/ath/ath5k/eeprom.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU63428
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1048
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. A local user can execute arbitrary code with elevated privileges and perform a denial-of-service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU68338
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3303
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel sound subsystem due to improper locking when handling the SNDCTL_DSP_SYNC ioctl. A privileged local user can trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU104686
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49272
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_pcm_hw_params_choose(), snd_pcm_hw_params(), snd_pcm_hw_free() and snd_pcm_action_nonatomic() functions in sound/core/pcm_native.c, within the wait_for_avail() and __snd_pcm_lib_xfer() functions in sound/core/pcm_lib.c, within the snd_pcm_attach_substream() function in sound/core/pcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU104467
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49288
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_lib_preallocate_proc_write() function in sound/core/pcm_memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU104468
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49291
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_hw_params_choose(), snd_pcm_hw_params() and do_hw_free() functions in sound/core/pcm_native.c, within the snd_pcm_attach_substream() and snd_pcm_detach_substream() functions in sound/core/pcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU104893
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49545
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the snd_usbmidi_output_open() function in sound/usb/midi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU105411
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49733
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_pcm_oss_sync() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU102033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56658
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU104987
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57996
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU104963
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21718
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU104980
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21772
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 11 SP4 LTSS EXTREME: CORE
SUSE Linux Enterprise Server 11: SP4
kernel-default-devel: before 3.0.101-108.180.1
kernel-ec2-devel: before 3.0.101-108.180.1
kernel-xen-devel: before 3.0.101-108.180.1
kernel-trace-devel: before 3.0.101-108.180.1
kernel-xen-base: before 3.0.101-108.180.1
kernel-source: before 3.0.101-108.180.1
kernel-syms: before 3.0.101-108.180.1
kernel-default-base: before 3.0.101-108.180.1
kernel-trace-base: before 3.0.101-108.180.1
kernel-ec2-base: before 3.0.101-108.180.1
kernel-xen: before 3.0.101-108.180.1
kernel-ec2: before 3.0.101-108.180.1
kernel-default: before 3.0.101-108.180.1
kernel-trace: before 3.0.101-108.180.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_11_sp4_ltss_extreme:CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_11:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-default-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-source:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-ec2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-default:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-trace:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20250983-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
