SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:1180-1)

high Nessus Plugin ID 234120

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1180-1 advisory.

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 234120

File Name: suse_SU-2025-1180-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 4/10/2025

Updated: 4/10/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-21858

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb, p-cpe:/a:novell:suse_linux:kernel-livepatch-6_4_0-150600_23_47-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2025

Vulnerability Publication Date: 12/13/2023

Reference Information

CVE: CVE-2023-52831, CVE-2023-52926, CVE-2023-52927, CVE-2024-26634, CVE-2024-26873, CVE-2024-35826, CVE-2024-35910, CVE-2024-38606, CVE-2024-41005, CVE-2024-41077, CVE-2024-41149, CVE-2024-42307, CVE-2024-43820, CVE-2024-46736, CVE-2024-46782, CVE-2024-46796, CVE-2024-47408, CVE-2024-47794, CVE-2024-49571, CVE-2024-49924, CVE-2024-49940, CVE-2024-49994, CVE-2024-50056, CVE-2024-50126, CVE-2024-50140, CVE-2024-50152, CVE-2024-50290, CVE-2024-52559, CVE-2024-53057, CVE-2024-53063, CVE-2024-53140, CVE-2024-53163, CVE-2024-53680, CVE-2024-54683, CVE-2024-56638, CVE-2024-56640, CVE-2024-56702, CVE-2024-56703, CVE-2024-56718, CVE-2024-56719, CVE-2024-56751, CVE-2024-56758, CVE-2024-56770, CVE-2024-57807, CVE-2024-57834, CVE-2024-57900, CVE-2024-57947, CVE-2024-57973, CVE-2024-57974, CVE-2024-57978, CVE-2024-57979, CVE-2024-57980, CVE-2024-57981, CVE-2024-57986, CVE-2024-57990, CVE-2024-57993, CVE-2024-57996, CVE-2024-57997, CVE-2024-57999, CVE-2024-58002, CVE-2024-58005, CVE-2024-58006, CVE-2024-58007, CVE-2024-58009, CVE-2024-58011, CVE-2024-58012, CVE-2024-58013, CVE-2024-58014, CVE-2024-58017, CVE-2024-58019, CVE-2024-58020, CVE-2024-58034, CVE-2024-58051, CVE-2024-58052, CVE-2024-58054, CVE-2024-58055, CVE-2024-58056, CVE-2024-58057, CVE-2024-58058, CVE-2024-58061, CVE-2024-58063, CVE-2024-58069, CVE-2024-58072, CVE-2024-58076, CVE-2024-58078, CVE-2024-58079, CVE-2024-58080, CVE-2024-58083, CVE-2024-58085, CVE-2024-58086, CVE-2025-21631, CVE-2025-21635, CVE-2025-21659, CVE-2025-21671, CVE-2025-21693, CVE-2025-21701, CVE-2025-21703, CVE-2025-21704, CVE-2025-21706, CVE-2025-21708, CVE-2025-21711, CVE-2025-21714, CVE-2025-21718, CVE-2025-21723, CVE-2025-21726, CVE-2025-21727, CVE-2025-21731, CVE-2025-21732, CVE-2025-21733, CVE-2025-21734, CVE-2025-21735, CVE-2025-21736, CVE-2025-21738, CVE-2025-21739, CVE-2025-21741, CVE-2025-21742, CVE-2025-21743, CVE-2025-21744, CVE-2025-21745, CVE-2025-21749, CVE-2025-21750, CVE-2025-21753, CVE-2025-21754, CVE-2025-21756, CVE-2025-21759, CVE-2025-21760, CVE-2025-21761, CVE-2025-21762, CVE-2025-21763, CVE-2025-21764, CVE-2025-21765, CVE-2025-21766, CVE-2025-21772, CVE-2025-21773, CVE-2025-21775, CVE-2025-21776, CVE-2025-21779, CVE-2025-21780, CVE-2025-21781, CVE-2025-21782, CVE-2025-21784, CVE-2025-21785, CVE-2025-21791, CVE-2025-21793, CVE-2025-21794, CVE-2025-21796, CVE-2025-21804, CVE-2025-21810, CVE-2025-21815, CVE-2025-21819, CVE-2025-21820, CVE-2025-21821, CVE-2025-21823, CVE-2025-21825, CVE-2025-21828, CVE-2025-21829, CVE-2025-21830, CVE-2025-21831, CVE-2025-21832, CVE-2025-21835, CVE-2025-21838, CVE-2025-21844, CVE-2025-21846, CVE-2025-21847, CVE-2025-21848, CVE-2025-21850, CVE-2025-21855, CVE-2025-21856, CVE-2025-21857, CVE-2025-21858, CVE-2025-21859, CVE-2025-21861, CVE-2025-21862, CVE-2025-21864, CVE-2025-21865, CVE-2025-21866, CVE-2025-21869, CVE-2025-21870, CVE-2025-21871, CVE-2025-21876, CVE-2025-21877, CVE-2025-21878, CVE-2025-21883, CVE-2025-21885, CVE-2025-21886, CVE-2025-21888, CVE-2025-21890, CVE-2025-21891, CVE-2025-21892

SuSE: SUSE-SU-2025:1180-1

Detections

Analytics