Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02938-1

Опубликовано: 21 авг. 2025
Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600_23_53 fixes several issues.

The following security issues were fixed:

  • CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
  • CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
  • CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP6
kernel-livepatch-6_4_0-150600_23_53-default-3-150600.2.1

Ссылки

Описание

In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-3-150600.2.1
Ссылки

Описание

In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-3-150600.2.1
Ссылки

Описание

In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_53-default-3-150600.2.1
Ссылки