SUSE SLES12 Security Update : kernel (SUSE-SU-2025:02334-1)

critical Nessus Plugin ID 242218

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02334-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2021-47212: net/mlx5: Update error handler for UCTX and UMEM (bsc#1222709).
- CVE-2021-47455: ptp: Fix possible memory leak in ptp_clock_register() (bsc#1225254).
- CVE-2021-47527: serial: core: fix transmit-buffer reset and memleak (bsc#1227768).
- CVE-2022-21546: scsi: target: Fix WRITE_SAME No Data Buffer crash (bsc#1242243).
- CVE-2022-49154: KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167).
- CVE-2022-49622: netfilter: nf_tables: fix crash when nf_trace is enabled (bsc#1239042).
- CVE-2022-49731: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (bsc#1239071).
- CVE-2022-49764: kABI: workaround 'bpf: Prevent bpf program recursion for raw tracepoint probes' changes (bsc#1242301).
- CVE-2022-49780: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (bsc#1242262).
- CVE-2022-49814: kcm: close race conditions on sk_receive_queue (bsc#1242498).
- CVE-2022-49879: ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1242733).
- CVE-2022-49881: wifi: cfg80211: fix memory leak in query_regdb_file() (bsc#1242481).
- CVE-2022-49917: ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1242406).
- CVE-2022-49921: net: sched: Fix use after free in red_enqueue() (bsc#1242359).
- CVE-2022-50055: iavf: Fix adminq error handling (bsc#1245039).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50134: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (bsc#1244802).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53020: l2tp: fix lockdep splat (bsc#1240224).
- CVE-2023-53090: drm/amdkfd: Fix an illegal memory access (bsc#1242753).
- CVE-2023-53091: ext4: update s_journal_inum if it changes after journal replay (bsc#1242767).
- CVE-2023-53133: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (bsc#1242423).
- CVE-2024-26586: mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243).
- CVE-2024-26825: nfc: nci: free rx_data_reassembly skb on NCI device cleanup (bsc#1223065).
- CVE-2024-26872: RDMA/srpt: Do not register event handler until srpt device is fully setup (bsc#1223115).
- CVE-2024-26875: media: pvrusb2: fix uaf in pvr2_context_set_notify (bsc#1223118).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726).
- CVE-2024-38588: ftrace: Fix possible use-after-free issue in ftrace_location() (bsc#1226837).
- CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913).
- CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610).
- CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544).
- CVE-2025-23149: tpm: do not start chip while suspended (bsc#1242758).
- CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515).
- CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521).
- CVE-2025-37781: i2c: cros-ec-tunnel: defer probe if parent EC is not present (bsc#1242575).
- CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849).
- CVE-2025-37810: usb: dwc3: gadget: check that event count does not exceed event buffer length (bsc#1242906).
- CVE-2025-37836: PCI: Fix reference leak in pci_register_host_bridge() (bsc#1242957).
- CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946).
- CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982).
- CVE-2025-37892: mtd: inftlcore: Add error check for inftl_read_oob() (bsc#1243536).
- CVE-2025-37911: bnxt_en: Fix out-of-bound memcpy() during ethtool -w (bsc#1243469).
- CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551).
- CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620).
- CVE-2025-37928: dm-bufio: do not schedule in atomic context (bsc#1243621).
- CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523).
- CVE-2025-37980: block: fix resource leak in blk_register_queue() error path (bsc#1243522).
- CVE-2025-37982: wifi: wl1251: fix memory leak in wl1251_tx_work (bsc#1243524).
- CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698).
- CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827).
- CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38004: can: bcm: add locking for bcm_op runtime updates (bsc#1244274).
- CVE-2025-38023: nfs: handle failure of nfs_get_lock_context in unlock path (bsc#1245004).
- CVE-2025-38024: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (bsc#1245025).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743).
- CVE-2025-38078: ALSA: pcm: Fix race of buffer access at PCM OSS layer (bsc#1244737).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 242218

File Name: suse_SU-2025-02334-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 7/17/2025

Updated: 7/17/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-43527

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/16/2025

Vulnerability Publication Date: 7/21/2021

CISA Known Exploited Vulnerability Due Dates: 7/17/2024

Reference Information

CVE: CVE-2021-43527, CVE-2021-47212, CVE-2021-47455, CVE-2022-1679, CVE-2022-21546, CVE-2022-2586, CVE-2022-3903, CVE-2022-4095, CVE-2022-4662, CVE-2022-49154, CVE-2022-49622, CVE-2022-49731, CVE-2022-49764, CVE-2022-49780, CVE-2022-49814, CVE-2022-49879, CVE-2022-49881, CVE-2022-49917, CVE-2022-49921, CVE-2022-49936, CVE-2022-49937, CVE-2022-49938, CVE-2022-49954, CVE-2022-49956, CVE-2022-49957, CVE-2022-49977, CVE-2022-49978, CVE-2022-49986, CVE-2022-49987, CVE-2022-49990, CVE-2022-50008, CVE-2022-50012, CVE-2022-50020, CVE-2022-50022, CVE-2022-50045, CVE-2022-50055, CVE-2022-50065, CVE-2022-50067, CVE-2022-50073, CVE-2022-50083, CVE-2022-50084, CVE-2022-50085, CVE-2022-50087, CVE-2022-50091, CVE-2022-50092, CVE-2022-50093, CVE-2022-50094, CVE-2022-50097, CVE-2022-50098, CVE-2022-50099, CVE-2022-50101, CVE-2022-50102, CVE-2022-50104, CVE-2022-50109, CVE-2022-50126, CVE-2022-50134, CVE-2022-50146, CVE-2022-50152, CVE-2022-50153, CVE-2022-50173, CVE-2022-50179, CVE-2022-50181, CVE-2022-50200, CVE-2022-50206, CVE-2022-50211, CVE-2022-50213, CVE-2022-50215, CVE-2022-50220, CVE-2023-1989, CVE-2023-3111, CVE-2023-52500, CVE-2023-52927, CVE-2023-53020, CVE-2023-53063, CVE-2023-53081, CVE-2023-53090, CVE-2023-53091, CVE-2023-53133, CVE-2023-53145, CVE-2024-26586, CVE-2024-26825, CVE-2024-26872, CVE-2024-26875, CVE-2024-35790, CVE-2024-35839, CVE-2024-36959, CVE-2024-38588, CVE-2024-57982, CVE-2025-21898, CVE-2025-21920, CVE-2025-21971, CVE-2025-22035, CVE-2025-23149, CVE-2025-37756, CVE-2025-37757, CVE-2025-37781, CVE-2025-37800, CVE-2025-37810, CVE-2025-37836, CVE-2025-37844, CVE-2025-37862, CVE-2025-37892, CVE-2025-37911, CVE-2025-37923, CVE-2025-37927, CVE-2025-37928, CVE-2025-37961, CVE-2025-37980, CVE-2025-37982, CVE-2025-37992, CVE-2025-37995, CVE-2025-37998, CVE-2025-38000, CVE-2025-38004, CVE-2025-38023, CVE-2025-38024, CVE-2025-38061, CVE-2025-38072, CVE-2025-38078, CVE-2025-38083

SuSE: SUSE-SU-2025:02334-1

Detections

Analytics