Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2025:02846-1)
high Nessus Plugin ID 252257
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02846-1 advisory.The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631).
- CVE-2021-46987: btrfs: fix deadlock when cloning inline extents and using qgroups (bsc#1220704).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference (bsc#1205711).
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-49319: iommu/arm-smmu-v3: check return value after calling platform_get_resource() (bsc#1238374).
- CVE-2022-49323: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (bsc#1238400).
- CVE-2022-49768: 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (bsc#1242446).
- CVE-2022-49825: ata: libata-transport: fix error handling in ata_tport_add() (bsc#1242548).
- CVE-2022-49934: wifi: mac80211: Fix UAF in ieee80211_scan_rx() (bsc#1245051).
- CVE-2022-49948: vt: Clear selection before changing the font (bsc#1245058).
- CVE-2022-49969: drm/amd/display: clear optc underflow before turn off odm clock (bsc#1245060).
- CVE-2022-49993: loop: Check for overflow while configuring loop (bsc#1245121).
- CVE-2022-50025: cxl: Fix a memory leak in an error handling path (bsc#1245132).
- CVE-2022-50027: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1245073).
- CVE-2022-50030: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1245265).
- CVE-2022-50033: usb: host: ohci-ppc-of: Fix refcount leak bug (bsc#1245139).
- CVE-2022-50103: sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed (bsc#1244840).
- CVE-2022-50149: driver core: fix potential deadlock in __driver_attach (bsc#1244883).
- CVE-2022-50226: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (bsc#1244860).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
- CVE-2023-52878: can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (bsc#1225000).
- CVE-2023-53020: l2tp: close all race conditions in l2tp_tunnel_register() (bsc#1240224).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2023-53118: scsi: core: Fix a procfs host directory removal regression (bsc#1242365).
- CVE-2024-26974: crypto: qat - resolve race condition during AER recovery (bsc#1223638).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
- CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954).
- CVE-2025-21731: nbd: do not allow reconnect after disconnect (bsc#1237881).
- CVE-2025-21928: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (bsc#1240722).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38040: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (bsc#1245078).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38108: net_sched: red: fix a race in __red_change() (bsc#1245675).
- CVE-2025-38112: net: Fix TOCTOU issue in sk_is_readable() (bsc#1245668).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38157: wifi: ath9k_htc: Abort software beacon handling if disabled (bsc#1245747).
- CVE-2025-38161: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (bsc#1245777).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38193: net_sched: sch_sfq: reject invalid perturb period (bsc#1245945).
- CVE-2025-38198: fbcon: Make sure modelist not set on unregistered console (bsc#1245952).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38211: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (bsc#1246008).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38249: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (bsc#1246171).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38312: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (bsc#1246386).
- CVE-2025-38319: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (bsc#1246243).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38391: usb: typec: altmodes/displayport: do not index invalid pin_assignments (bsc#1247181).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38415: Squashfs: check return result of sb_min_blocksize (bsc#1247147).
- CVE-2025-38420: wifi: carl9170: do not ping device which has failed to load firmware (bsc#1247279).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1171844
https://bugzilla.suse.com/1205711
https://bugzilla.suse.com/1210629
https://bugzilla.suse.com/1220631
https://bugzilla.suse.com/1220704
https://bugzilla.suse.com/1223634
https://bugzilla.suse.com/1223638
https://bugzilla.suse.com/1225000
https://bugzilla.suse.com/1230216
https://bugzilla.suse.com/1230581
https://bugzilla.suse.com/1237881
https://bugzilla.suse.com/1238160
https://bugzilla.suse.com/1238374
https://bugzilla.suse.com/1238400
https://bugzilla.suse.com/1240224
https://bugzilla.suse.com/1240722
https://bugzilla.suse.com/1242365
https://bugzilla.suse.com/1242414
https://bugzilla.suse.com/1242446
https://bugzilla.suse.com/1242548
https://bugzilla.suse.com/1242780
https://bugzilla.suse.com/1242837
https://bugzilla.suse.com/1242960
https://bugzilla.suse.com/1243068
https://bugzilla.suse.com/1243479
https://bugzilla.suse.com/1244735
https://bugzilla.suse.com/1244750
https://bugzilla.suse.com/1244792
https://bugzilla.suse.com/1244801
https://bugzilla.suse.com/1244840
https://bugzilla.suse.com/1244860
https://bugzilla.suse.com/1244883
https://bugzilla.suse.com/1245051
https://bugzilla.suse.com/1245058
https://bugzilla.suse.com/1245060
https://bugzilla.suse.com/1245073
https://bugzilla.suse.com/1245078
https://bugzilla.suse.com/1245121
https://bugzilla.suse.com/1245132
https://bugzilla.suse.com/1245139
https://bugzilla.suse.com/1245151
https://bugzilla.suse.com/1245201
https://bugzilla.suse.com/1245210
https://bugzilla.suse.com/1245217
https://bugzilla.suse.com/1245265
https://bugzilla.suse.com/1245649
https://bugzilla.suse.com/1245668
https://bugzilla.suse.com/1245675
https://bugzilla.suse.com/1245682
https://bugzilla.suse.com/1245689
https://bugzilla.suse.com/1245708
https://bugzilla.suse.com/1245747
https://bugzilla.suse.com/1245758
https://bugzilla.suse.com/1245768
https://bugzilla.suse.com/1245777
https://bugzilla.suse.com/1245945
https://bugzilla.suse.com/1245952
https://bugzilla.suse.com/1245954
https://bugzilla.suse.com/1245970
https://bugzilla.suse.com/1245976
https://bugzilla.suse.com/1245986
https://bugzilla.suse.com/1246000
https://bugzilla.suse.com/1246008
https://bugzilla.suse.com/1246029
https://bugzilla.suse.com/1246037
https://bugzilla.suse.com/1246045
https://bugzilla.suse.com/1246171
https://bugzilla.suse.com/1246182
https://bugzilla.suse.com/1246243
https://bugzilla.suse.com/1246253
https://bugzilla.suse.com/1246386
https://bugzilla.suse.com/1246387
https://bugzilla.suse.com/1246459
https://bugzilla.suse.com/1246473
https://bugzilla.suse.com/1246781
https://bugzilla.suse.com/1247141
https://bugzilla.suse.com/1247147
https://bugzilla.suse.com/1247177
https://bugzilla.suse.com/1247181
https://bugzilla.suse.com/1247279
https://bugzilla.suse.com/1247314
https://bugzilla.suse.com/1247348
https://bugzilla.suse.com/1247349
https://bugzilla.suse.com/1247437
https://lists.suse.com/pipermail/sle-updates/2025-August/041247.html
https://www.suse.com/security/cve/CVE-2021-46984
https://www.suse.com/security/cve/CVE-2021-46987
https://www.suse.com/security/cve/CVE-2022-4129
https://www.suse.com/security/cve/CVE-2022-49138
https://www.suse.com/security/cve/CVE-2022-49319
https://www.suse.com/security/cve/CVE-2022-49323
https://www.suse.com/security/cve/CVE-2022-49768
https://www.suse.com/security/cve/CVE-2022-49825
https://www.suse.com/security/cve/CVE-2022-49934
https://www.suse.com/security/cve/CVE-2022-49948
https://www.suse.com/security/cve/CVE-2022-49969
https://www.suse.com/security/cve/CVE-2022-49993
https://www.suse.com/security/cve/CVE-2022-50025
https://www.suse.com/security/cve/CVE-2022-50027
https://www.suse.com/security/cve/CVE-2022-50030
https://www.suse.com/security/cve/CVE-2022-50033
https://www.suse.com/security/cve/CVE-2022-50103
https://www.suse.com/security/cve/CVE-2022-50149
https://www.suse.com/security/cve/CVE-2022-50226
https://www.suse.com/security/cve/CVE-2023-2176
https://www.suse.com/security/cve/CVE-2023-52878
https://www.suse.com/security/cve/CVE-2023-53020
https://www.suse.com/security/cve/CVE-2023-53117
https://www.suse.com/security/cve/CVE-2023-53118
https://www.suse.com/security/cve/CVE-2024-26974
https://www.suse.com/security/cve/CVE-2024-26982
https://www.suse.com/security/cve/CVE-2024-44963
https://www.suse.com/security/cve/CVE-2024-46713
https://www.suse.com/security/cve/CVE-2024-49861
https://www.suse.com/security/cve/CVE-2025-21731
https://www.suse.com/security/cve/CVE-2025-21928
https://www.suse.com/security/cve/CVE-2025-23163
https://www.suse.com/security/cve/CVE-2025-37798
https://www.suse.com/security/cve/CVE-2025-37856
https://www.suse.com/security/cve/CVE-2025-37885
https://www.suse.com/security/cve/CVE-2025-37920
https://www.suse.com/security/cve/CVE-2025-38034
https://www.suse.com/security/cve/CVE-2025-38035
https://www.suse.com/security/cve/CVE-2025-38040
https://www.suse.com/security/cve/CVE-2025-38051
https://www.suse.com/security/cve/CVE-2025-38058
https://www.suse.com/security/cve/CVE-2025-38064
https://www.suse.com/security/cve/CVE-2025-38068
https://www.suse.com/security/cve/CVE-2025-38074
https://www.suse.com/security/cve/CVE-2025-38079
https://www.suse.com/security/cve/CVE-2025-38094
https://www.suse.com/security/cve/CVE-2025-38105
https://www.suse.com/security/cve/CVE-2025-38108
https://www.suse.com/security/cve/CVE-2025-38112
https://www.suse.com/security/cve/CVE-2025-38115
https://www.suse.com/security/cve/CVE-2025-38126
https://www.suse.com/security/cve/CVE-2025-38147
https://www.suse.com/security/cve/CVE-2025-38157
https://www.suse.com/security/cve/CVE-2025-38161
https://www.suse.com/security/cve/CVE-2025-38166
https://www.suse.com/security/cve/CVE-2025-38177
https://www.suse.com/security/cve/CVE-2025-38180
https://www.suse.com/security/cve/CVE-2025-38181
https://www.suse.com/security/cve/CVE-2025-38192
https://www.suse.com/security/cve/CVE-2025-38193
https://www.suse.com/security/cve/CVE-2025-38198
https://www.suse.com/security/cve/CVE-2025-38200
https://www.suse.com/security/cve/CVE-2025-38211
https://www.suse.com/security/cve/CVE-2025-38212
https://www.suse.com/security/cve/CVE-2025-38222
https://www.suse.com/security/cve/CVE-2025-38249
https://www.suse.com/security/cve/CVE-2025-38250
https://www.suse.com/security/cve/CVE-2025-38264
https://www.suse.com/security/cve/CVE-2025-38312
https://www.suse.com/security/cve/CVE-2025-38319
https://www.suse.com/security/cve/CVE-2025-38323
https://www.suse.com/security/cve/CVE-2025-38337
https://www.suse.com/security/cve/CVE-2025-38350
https://www.suse.com/security/cve/CVE-2025-38375
https://www.suse.com/security/cve/CVE-2025-38391
https://www.suse.com/security/cve/CVE-2025-38403
https://www.suse.com/security/cve/CVE-2025-38415
https://www.suse.com/security/cve/CVE-2025-38420
https://www.suse.com/security/cve/CVE-2025-38468
https://www.suse.com/security/cve/CVE-2025-38477
Plugin Details
Severity: High
ID: 252257
File Name: suse_SU-2025-02846-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 8/19/2025
Updated: 8/19/2025
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.1
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-21928
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/18/2025
Vulnerability Publication Date: 7/21/2021
Reference Information
CVE: CVE-2021-46984, CVE-2021-46987, CVE-2022-4129, CVE-2022-49138, CVE-2022-49319, CVE-2022-49323, CVE-2022-49768, CVE-2022-49825, CVE-2022-49934, CVE-2022-49948, CVE-2022-49969, CVE-2022-49993, CVE-2022-50025, CVE-2022-50027, CVE-2022-50030, CVE-2022-50033, CVE-2022-50103, CVE-2022-50149, CVE-2022-50226, CVE-2023-2176, CVE-2023-52878, CVE-2023-53020, CVE-2023-53117, CVE-2023-53118, CVE-2024-26974, CVE-2024-26982, CVE-2024-44963, CVE-2024-46713, CVE-2024-49861, CVE-2025-21731, CVE-2025-21928, CVE-2025-23163, CVE-2025-37798, CVE-2025-37856, CVE-2025-37885, CVE-2025-37920, CVE-2025-38034, CVE-2025-38035, CVE-2025-38040, CVE-2025-38051, CVE-2025-38058, CVE-2025-38064, CVE-2025-38068, CVE-2025-38074, CVE-2025-38079, CVE-2025-38094, CVE-2025-38105, CVE-2025-38108, CVE-2025-38112, CVE-2025-38115, CVE-2025-38126, CVE-2025-38147, CVE-2025-38157, CVE-2025-38161, CVE-2025-38166, CVE-2025-38177, CVE-2025-38180, CVE-2025-38181, CVE-2025-38192, CVE-2025-38193, CVE-2025-38198, CVE-2025-38200, CVE-2025-38211, CVE-2025-38212, CVE-2025-38222, CVE-2025-38249, CVE-2025-38250, CVE-2025-38264, CVE-2025-38312, CVE-2025-38319, CVE-2025-38323, CVE-2025-38337, CVE-2025-38350, CVE-2025-38375, CVE-2025-38391, CVE-2025-38403, CVE-2025-38415, CVE-2025-38420, CVE-2025-38468, CVE-2025-38477, CVE-2025-38494, CVE-2025-38495
SuSE: SUSE-SU-2025:02846-1