Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2021-0920: net: split out functions related to registering inflight socket files (bsc#1193731).
- CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1245986).
Список пакетов
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
Ссылки
- Link for SUSE-SU-2026:0688-1
- E-Mail link for SUSE-SU-2026:0688-1
- SUSE Security Ratings
- SUSE Bug 1193731
- SUSE Bug 1245986
- SUSE CVE CVE-2021-0920 page
- SUSE CVE CVE-2025-38177 page
Описание
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2021-0920
- SUSE Bug 1193731
- SUSE Bug 1194463
- SUSE Bug 1195939
- SUSE Bug 1199255
- SUSE Bug 1200084
Описание
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.
Затронутые продукты
Ссылки
- CVE-2025-38177
- SUSE Bug 1237312
- SUSE Bug 1245986
- SUSE Bug 1246356
- SUSE Bug 1247374