SB2025122936 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-50280)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the propagate_one() function in fs/pnode.c. A local user can perform a denial of service (DoS) attack.

2) Out-of-bounds read (CVE-ID: CVE-2023-53659)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iavf_set_channels() function in drivers/net/ethernet/intel/iavf/iavf_ethtool.c. A local user can perform a denial of service (DoS) attack.

3) Buffer overflow (CVE-ID: CVE-2023-53676)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the lio_target_nacl_info_show() function in drivers/target/iscsi/iscsi_target_configfs.c. A local user can escalate privileges on the system.

4) Out-of-bounds read (CVE-ID: CVE-2023-53717)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c. A local user can perform a denial of service (DoS) attack.

5) Improper error handling (CVE-ID: CVE-2025-40040)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the rust/bindings/bindings_helper.h. A local user can perform a denial of service (DoS) attack.

6) Out-of-bounds read (CVE-ID: CVE-2025-40121)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2025-40154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the log_quirks() function in sound/soc/intel/boards/bytcr_rt5640.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2025-40204)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/