SB2025091305 - SUSE update for the Linux Kernel
Published: September 13, 2025 Updated: February 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 60 secuirty vulnerabilities.
1) Race condition within a thread (CVE-ID: CVE-2022-49967)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the pure_initcall() function in kernel/bpf/core.c. A local user can corrupt data.
2) Input validation error (CVE-ID: CVE-2022-49975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __dev_queue_xmit() function in net/core/dev.c, within the convert___skb_to_skb() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2022-49980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb_udc_uevent() function in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.
4) Memory leak (CVE-ID: CVE-2022-49981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hidraw_release() function in drivers/hid/hidraw.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2022-50007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __xfrm_policy_check() function in net/xfrm/xfrm_policy.c. A local user can perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2022-50066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_nic_service_timer_cb(), aq_nic_get_regs_count(), aq_nic_get_stats(), aq_nic_set_loopback() and aq_nic_stop() functions in drivers/net/ethernet/aquantia/atlantic/aq_nic.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2022-50080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tee_shm_register_user_buf() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
8) Improper locking (CVE-ID: CVE-2022-50116)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gsm_queue(), gsmld_output(), gsm_stuff_frame(), gsm_data_alloc(), gsm_is_flow_ctrl_msg(), __gsm_data_queue(), gsm_dlci_modem_output(), gsm_control_message(), gsm_control_wait(), gsm_dlci_close(), gsm_dlci_open(), gsm1_receive(), gsm_cleanup_mux(), gsm_activate_mux(), gsm_alloc_mux() and gsmld_open() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2022-50127)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxe_qp_init_misc(), rxe_qp_init_req() and rxe_qp_init_resp() functions in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2022-50138)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __qedr_alloc_mr() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2022-50141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the esdhc_signal_voltage_switch() function in drivers/mmc/host/sdhci-of-esdhc.c. A local user can perform a denial of service (DoS) attack.
12) Memory leak (CVE-ID: CVE-2022-50162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the if_usb_probe() function in drivers/net/wireless/marvell/libertas/if_usb.c. A local user can perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2022-50185)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ni_set_mc_special_registers() function in drivers/gpu/drm/radeon/ni_dpm.c. A local user can escalate privileges on the system.
14) Memory leak (CVE-ID: CVE-2022-50191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the of_get_regulation_constraints() function in drivers/regulator/of_regulator.c. A local user can perform a denial of service (DoS) attack.
15) Improper error handling (CVE-ID: CVE-2022-50228)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the svm_set_irq() function in arch/x86/kvm/svm.c. A local user can perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2022-50229)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcd2000_init_midi() function in sound/usb/bcd2000/bcd2000.c. A local user can escalate privileges on the system.
17) Resource management error (CVE-ID: CVE-2023-52813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2023-53020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the l2tp_xmit_core(), l2tp_tunnel_create() and l2tp_tunnel_register() functions in net/l2tp/l2tp_core.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2024-28956)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.
20) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-23141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl_get_mpstate() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2025-38075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
23) Double free (CVE-ID: CVE-2025-38102)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
24) Out-of-bounds read (CVE-ID: CVE-2025-38103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2025-38117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2025-38122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.
27) Improper error handling (CVE-ID: CVE-2025-38153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
28) Input validation error (CVE-ID: CVE-2025-38173)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.
29) Race condition (CVE-ID: CVE-2025-38174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2025-38184)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2025-38185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
32) Memory leak (CVE-ID: CVE-2025-38190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
33) Improper error handling (CVE-ID: CVE-2025-38214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
34) Incorrect calculation (CVE-ID: CVE-2025-38245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
35) Use-after-free (CVE-ID: CVE-2025-38263)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
36) Double free (CVE-ID: CVE-2025-38313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
37) Race condition (CVE-ID: CVE-2025-38352)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
38) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
39) Buffer overflow (CVE-ID: CVE-2025-38424)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
40) Input validation error (CVE-ID: CVE-2025-38430)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
41) Improper locking (CVE-ID: CVE-2025-38449)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.
42) Improper error handling (CVE-ID: CVE-2025-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
43) NULL pointer dereference (CVE-ID: CVE-2025-38460)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
44) Use-after-free (CVE-ID: CVE-2025-38464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
45) Buffer overflow (CVE-ID: CVE-2025-38465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
46) Memory leak (CVE-ID: CVE-2025-38470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
47) Use-after-free (CVE-ID: CVE-2025-38473)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_resume_cb() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
48) Input validation error (CVE-ID: CVE-2025-38474)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
49) Improper privilege management (CVE-ID: CVE-2025-38498)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.
50) Input validation error (CVE-ID: CVE-2025-38499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
51) Input validation error (CVE-ID: CVE-2025-38512)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
52) NULL pointer dereference (CVE-ID: CVE-2025-38513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
53) Improper locking (CVE-ID: CVE-2025-38515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
54) Memory leak (CVE-ID: CVE-2025-38546)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
55) Out-of-bounds read (CVE-ID: CVE-2025-38556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
56) Memory leak (CVE-ID: CVE-2025-38563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
57) Memory leak (CVE-ID: CVE-2025-38565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2025-38617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2025-38618)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
60) Use of uninitialized resource (CVE-ID: CVE-2025-38644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.