SB20250818106 - SUSE update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250818106

SB20250818106 - SUSE update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7)

Published: August 18, 2025

Security Bulletin ID SB20250818106
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2025-21702)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.


2) Out-of-bounds read (CVE-ID: CVE-2025-37752)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sfq_change() function in net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.


3) Input validation error (CVE-ID: CVE-2025-37797)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.


4) Use-after-free (CVE-ID: CVE-2025-38079)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.


5) Race condition (CVE-ID: CVE-2025-38083)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the prio_tune() function in net/sched/sch_prio.c. A local user can escalate privileges on the system.


6) Buffer overflow (CVE-ID: CVE-2025-38494)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.


7) Incorrect calculation (CVE-ID: CVE-2025-38495)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References