Detections
Analytics
SUSE SLES15 Security Update : kernel (SUSE-SU-2025:03626-1)
high Nessus Plugin ID 270848
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03626-1 advisory.The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
- CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
- CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140).
- CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1203063
https://bugzilla.suse.com/1202700
https://www.suse.com/security/cve/CVE-2022-2978
https://bugzilla.suse.com/1204228
https://www.suse.com/security/cve/CVE-2022-2602
https://www.suse.com/security/cve/CVE-2022-43945
https://bugzilla.suse.com/1205128
https://bugzilla.suse.com/1206883
https://bugzilla.suse.com/1206884
https://bugzilla.suse.com/1203332
https://www.suse.com/security/cve/CVE-2022-36280
https://bugzilla.suse.com/1209291
https://www.suse.com/security/cve/CVE-2023-28328
https://bugzilla.suse.com/1210124
https://bugzilla.suse.com/1209287
https://www.suse.com/security/cve/CVE-2023-1380
https://bugzilla.suse.com/1210584
https://bugzilla.suse.com/1213061
https://www.suse.com/security/cve/CVE-2023-31248
https://bugzilla.suse.com/1213666
https://www.suse.com/security/cve/CVE-2023-3772
https://bugzilla.suse.com/1215150
https://www.suse.com/security/cve/CVE-2023-42753
https://bugzilla.suse.com/1216976
https://www.suse.com/security/cve/CVE-2023-39197
https://bugzilla.suse.com/1220185
https://bugzilla.suse.com/1220186
https://www.suse.com/security/cve/CVE-2024-26583
https://www.suse.com/security/cve/CVE-2024-26584
https://bugzilla.suse.com/1233640
https://www.suse.com/security/cve/CVE-2024-53093
https://bugzilla.suse.com/1240784
https://www.suse.com/security/cve/CVE-2025-21969
https://bugzilla.suse.com/1244337
https://bugzilla.suse.com/1244729
https://www.suse.com/security/cve/CVE-2025-38011
https://www.suse.com/security/cve/CVE-2022-49980
https://bugzilla.suse.com/1246879
https://bugzilla.suse.com/1247172
https://bugzilla.suse.com/1248108
https://bugzilla.suse.com/1245110
https://bugzilla.suse.com/1245956
https://www.suse.com/security/cve/CVE-2025-38184
https://bugzilla.suse.com/1241353
https://bugzilla.suse.com/1248255
https://bugzilla.suse.com/1248399
https://bugzilla.suse.com/1249346
https://www.suse.com/security/cve/CVE-2025-38553
https://www.suse.com/security/cve/CVE-2025-38572
https://bugzilla.suse.com/1243278
https://bugzilla.suse.com/1247239
https://bugzilla.suse.com/1248628
https://bugzilla.suse.com/1248847
https://bugzilla.suse.com/1249186
https://bugzilla.suse.com/1249200
https://bugzilla.suse.com/1249220
https://bugzilla.suse.com/1249538
https://bugzilla.suse.com/1249604
https://bugzilla.suse.com/1249825
https://bugzilla.suse.com/1249880
https://bugzilla.suse.com/1249923
https://bugzilla.suse.com/1249949
https://bugzilla.suse.com/1250002
https://bugzilla.suse.com/1250180
https://bugzilla.suse.com/1250313
https://bugzilla.suse.com/1250337
https://bugzilla.suse.com/1250522
https://bugzilla.suse.com/1250823
https://www.suse.com/security/cve/CVE-2023-53147
https://www.suse.com/security/cve/CVE-2023-53179
https://www.suse.com/security/cve/CVE-2023-53220
https://www.suse.com/security/cve/CVE-2023-53304
https://www.suse.com/security/cve/CVE-2023-53321
https://www.suse.com/security/cve/CVE-2023-53333
https://www.suse.com/security/cve/CVE-2023-53438
https://www.suse.com/security/cve/CVE-2023-53492
https://www.suse.com/security/cve/CVE-2024-58240
https://www.suse.com/security/cve/CVE-2025-38488
https://www.suse.com/security/cve/CVE-2025-38664
https://www.suse.com/security/cve/CVE-2025-38685
https://www.suse.com/security/cve/CVE-2025-38713
https://www.suse.com/security/cve/CVE-2025-39823
https://bugzilla.suse.com/1245963
https://www.suse.com/security/cve/CVE-2025-38216
https://bugzilla.suse.com/1246968
https://bugzilla.suse.com/1249667
https://bugzilla.suse.com/1249700
https://bugzilla.suse.com/1249716
https://bugzilla.suse.com/1249734
https://bugzilla.suse.com/1249740
https://bugzilla.suse.com/1249743
https://bugzilla.suse.com/1249808
https://bugzilla.suse.com/1249827
https://bugzilla.suse.com/1249846
https://bugzilla.suse.com/1249908
https://bugzilla.suse.com/1249918
https://bugzilla.suse.com/1249947
https://bugzilla.suse.com/1250014
https://bugzilla.suse.com/1250131
https://bugzilla.suse.com/1250132
https://bugzilla.suse.com/1250140
https://bugzilla.suse.com/1250183
https://bugzilla.suse.com/1250187
https://bugzilla.suse.com/1250257
https://bugzilla.suse.com/1250269
https://bugzilla.suse.com/1250301
https://bugzilla.suse.com/1250391
https://bugzilla.suse.com/1250392
https://bugzilla.suse.com/1250394
https://bugzilla.suse.com/1250774
https://bugzilla.suse.com/1250799
https://bugzilla.suse.com/1250853
https://www.suse.com/security/cve/CVE-2022-50233
https://www.suse.com/security/cve/CVE-2022-50235
https://www.suse.com/security/cve/CVE-2022-50252
https://www.suse.com/security/cve/CVE-2022-50257
https://www.suse.com/security/cve/CVE-2022-50258
https://www.suse.com/security/cve/CVE-2022-50271
https://www.suse.com/security/cve/CVE-2022-50272
https://www.suse.com/security/cve/CVE-2022-50299
https://www.suse.com/security/cve/CVE-2022-50312
https://www.suse.com/security/cve/CVE-2022-50330
https://www.suse.com/security/cve/CVE-2022-50344
https://www.suse.com/security/cve/CVE-2022-50359
https://www.suse.com/security/cve/CVE-2022-50375
https://www.suse.com/security/cve/CVE-2022-50381
https://www.suse.com/security/cve/CVE-2022-50385
https://www.suse.com/security/cve/CVE-2022-50386
https://www.suse.com/security/cve/CVE-2022-50401
https://www.suse.com/security/cve/CVE-2022-50408
https://www.suse.com/security/cve/CVE-2022-50409
https://www.suse.com/security/cve/CVE-2022-50410
https://www.suse.com/security/cve/CVE-2022-50414
https://www.suse.com/security/cve/CVE-2022-50419
https://www.suse.com/security/cve/CVE-2022-50422
https://www.suse.com/security/cve/CVE-2022-50435
https://www.suse.com/security/cve/CVE-2022-50440
https://www.suse.com/security/cve/CVE-2023-53178
https://www.suse.com/security/cve/CVE-2023-53213
https://www.suse.com/security/cve/CVE-2023-53265
https://bugzilla.suse.com/1249664
https://bugzilla.suse.com/1249713
https://bugzilla.suse.com/1249718
https://bugzilla.suse.com/1249747
https://bugzilla.suse.com/1249840
https://bugzilla.suse.com/1249885
https://bugzilla.suse.com/1249930
https://bugzilla.suse.com/1250009
https://bugzilla.suse.com/1250041
https://bugzilla.suse.com/1250189
https://bugzilla.suse.com/1250277
https://bugzilla.suse.com/1250767
https://bugzilla.suse.com/1250787
https://bugzilla.suse.com/1250790
https://bugzilla.suse.com/1250797
https://bugzilla.suse.com/1250847
https://bugzilla.suse.com/1250850
https://bugzilla.suse.com/1250868
https://bugzilla.suse.com/1250890
https://bugzilla.suse.com/1250891
https://www.suse.com/security/cve/CVE-2022-50234
https://www.suse.com/security/cve/CVE-2022-50248
https://www.suse.com/security/cve/CVE-2022-50249
https://www.suse.com/security/cve/CVE-2022-50260
https://www.suse.com/security/cve/CVE-2022-50309
https://www.suse.com/security/cve/CVE-2022-50317
https://www.suse.com/security/cve/CVE-2022-50355
https://www.suse.com/security/cve/CVE-2022-50367
https://www.suse.com/security/cve/CVE-2022-50368
https://www.suse.com/security/cve/CVE-2022-50412
https://www.suse.com/security/cve/CVE-2022-50427
https://www.suse.com/security/cve/CVE-2022-50431
https://www.suse.com/security/cve/CVE-2022-50437
https://www.suse.com/security/cve/CVE-2022-50444
https://www.suse.com/security/cve/CVE-2022-50454
https://www.suse.com/security/cve/CVE-2022-50458
https://www.suse.com/security/cve/CVE-2022-50459
https://www.suse.com/security/cve/CVE-2022-50467
https://www.suse.com/security/cve/CVE-2023-53273
https://www.suse.com/security/cve/CVE-2023-53464
https://bugzilla.suse.com/1250764
https://lists.suse.com/pipermail/sle-updates/2025-October/042188.html
Plugin Details
Severity: High
ID: 270848
File Name: suse_SU-2025-03626-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/21/2025
Updated: 10/21/2025
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-39197
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2025-21969
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-64kb, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/17/2025
Vulnerability Publication Date: 7/21/2021
Reference Information
CVE: CVE-2021-4460, CVE-2022-2602, CVE-2022-2978, CVE-2022-36280, CVE-2022-43945, CVE-2022-49980, CVE-2022-50233, CVE-2022-50234, CVE-2022-50235, CVE-2022-50248, CVE-2022-50249, CVE-2022-50252, CVE-2022-50257, CVE-2022-50258, CVE-2022-50260, CVE-2022-50271, CVE-2022-50272, CVE-2022-50299, CVE-2022-50309, CVE-2022-50312, CVE-2022-50317, CVE-2022-50330, CVE-2022-50344, CVE-2022-50355, CVE-2022-50359, CVE-2022-50367, CVE-2022-50368, CVE-2022-50375, CVE-2022-50381, CVE-2022-50385, CVE-2022-50386, CVE-2022-50401, CVE-2022-50408, CVE-2022-50409, CVE-2022-50410, CVE-2022-50412, CVE-2022-50414, CVE-2022-50419, CVE-2022-50422, CVE-2022-50427, CVE-2022-50431, CVE-2022-50435, CVE-2022-50437, CVE-2022-50440, CVE-2022-50444, CVE-2022-50454, CVE-2022-50458, CVE-2022-50459, CVE-2022-50467, CVE-2023-1380, CVE-2023-28328, CVE-2023-31248, CVE-2023-3772, CVE-2023-39197, CVE-2023-42753, CVE-2023-53147, CVE-2023-53178, CVE-2023-53179, CVE-2023-53213, CVE-2023-53220, CVE-2023-53265, CVE-2023-53273, CVE-2023-53304, CVE-2023-53321, CVE-2023-53333, CVE-2023-53438, CVE-2023-53464, CVE-2023-53492, CVE-2024-26583, CVE-2024-26584, CVE-2024-53093, CVE-2024-58240, CVE-2025-21969, CVE-2025-38011, CVE-2025-38184, CVE-2025-38216, CVE-2025-38488, CVE-2025-38553, CVE-2025-38572, CVE-2025-38664, CVE-2025-38685, CVE-2025-38713, CVE-2025-39823
SuSE: SUSE-SU-2025:03626-1