Описание
Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues.
The following security issues were fixed:
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2025:3683-1
- E-Mail link for SUSE-SU-2025:3683-1
- SUSE Security Ratings
- SUSE Bug 1245794
- SUSE Bug 1246075
- SUSE Bug 1248673
- SUSE Bug 1248749
- SUSE CVE CVE-2025-21971 page
- SUSE CVE CVE-2025-38206 page
- SUSE CVE CVE-2025-38499 page
- SUSE CVE CVE-2025-38644 page
Описание
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal.
Затронутые продукты
Ссылки
- CVE-2025-21971
- SUSE Bug 1240799
- SUSE Bug 1245794
Описание
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it.
Затронутые продукты
Ссылки
- CVE-2025-38206
- SUSE Bug 1246073
- SUSE Bug 1246075
Описание
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.
Затронутые продукты
Ссылки
- CVE-2025-38499
- SUSE Bug 1247976
- SUSE Bug 1248673
Описание
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated.
Затронутые продукты
Ссылки
- CVE-2025-38644
- SUSE Bug 1248748
- SUSE Bug 1248749