Detections
Analytics
openSUSE 16 Security Update : kernel (openSUSE-SU-2025:20172-1)
high Nessus Plugin ID 279677
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20172-1 advisory.The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
- CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499).
- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034).
- CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977).
- CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
- CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746).
- CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723).
- CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
- CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817).
- CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
- CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
- CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923).
- CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
- CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
- CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426).
- CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455).
- CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457).
The following non security issues were fixed:
- ACPI: scan: Update honor list for RPMI System MSI (stable-fixes).
- ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
- Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062).
- Fix drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923)
- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
- KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
- KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
- KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes).
- PCI/ERR: Update device error_state already after reset (stable-fixes).
- PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes).
- Revert net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).
- Revert net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).
- Update config files: enable zstd module decompression (jsc#PED-14115).
- bpf/selftests: Fix test_tcpnotify_user (bsc#1253635).
- btrfs: do not clear read-only when adding sprout device (bsc#1253238).
- btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
- drm/amd/display: update color on atomic commit time (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
- mount: handle NULL values in mnt_ns_release() (bsc#1254308)
- net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357).
- net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353).
- net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353).
- net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353).
- net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353).
- net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353).
- net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353).
- net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353).
- net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353).
- net: phy: realtek: use string choices helpers (jsc#PED-14353).
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746)
- net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746)
- net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746)
- nvmet-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvmet-auth: update sc_c in target host hash calculation (git-fixes).
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes).
- powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949).
- pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353).
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353).
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: remove leftover locks after reverted change (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353).
- r8169: replace custom flag with disable_work() et al (jsc#PED-14353).
- r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353).
- ring-buffer: Update pages_touched to reflect persistent buffer content (git-fixes).
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643).
- sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843).
- sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792).
- sched/fair: Proportional newidle balance (bsc#1248792).
- sched/fair: Proportional newidle balance -KABI (bsc#1248792).
- sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792).
- sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792).
- sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792).
- sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792).
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221).
- smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
- wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181).
- wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315).
- wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315).
- wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315).
- wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315).
- wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315).
- wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315).
- wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315).
- wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315).
- wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315).
- wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315).
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315).
- wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315).
- wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315).
- wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315).
- wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315).
- x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843).
- x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843).
- x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1235463
https://bugzilla.suse.com/1243474
https://bugzilla.suse.com/1245193
https://bugzilla.suse.com/1245431
https://bugzilla.suse.com/1245498
https://bugzilla.suse.com/1245499
https://bugzilla.suse.com/1246328
https://bugzilla.suse.com/1246843
https://bugzilla.suse.com/1247500
https://bugzilla.suse.com/1248792
https://bugzilla.suse.com/1249256
https://bugzilla.suse.com/1249397
https://bugzilla.suse.com/1249912
https://bugzilla.suse.com/1249977
https://bugzilla.suse.com/1249982
https://bugzilla.suse.com/1250034
https://bugzilla.suse.com/1250176
https://bugzilla.suse.com/1250237
https://bugzilla.suse.com/1250252
https://bugzilla.suse.com/1250705
https://bugzilla.suse.com/1250723
https://bugzilla.suse.com/1250746
https://bugzilla.suse.com/1251120
https://bugzilla.suse.com/1251817
https://bugzilla.suse.com/1252054
https://bugzilla.suse.com/1252063
https://bugzilla.suse.com/1252301
https://bugzilla.suse.com/1252303
https://bugzilla.suse.com/1252342
https://bugzilla.suse.com/1252352
https://bugzilla.suse.com/1252357
https://bugzilla.suse.com/1252681
https://bugzilla.suse.com/1252686
https://bugzilla.suse.com/1252763
https://bugzilla.suse.com/1252776
https://bugzilla.suse.com/1252779
https://bugzilla.suse.com/1252790
https://bugzilla.suse.com/1252794
https://bugzilla.suse.com/1252795
https://bugzilla.suse.com/1252808
https://bugzilla.suse.com/1252809
https://bugzilla.suse.com/1252817
https://bugzilla.suse.com/1252821
https://bugzilla.suse.com/1252824
https://bugzilla.suse.com/1252836
https://bugzilla.suse.com/1252845
https://bugzilla.suse.com/1252901
https://bugzilla.suse.com/1252912
https://bugzilla.suse.com/1252917
https://bugzilla.suse.com/1252919
https://bugzilla.suse.com/1252923
https://bugzilla.suse.com/1252928
https://bugzilla.suse.com/1253018
https://bugzilla.suse.com/1253155
https://bugzilla.suse.com/1253176
https://bugzilla.suse.com/1253238
https://bugzilla.suse.com/1253275
https://bugzilla.suse.com/1253318
https://bugzilla.suse.com/1253324
https://bugzilla.suse.com/1253328
https://bugzilla.suse.com/1253330
https://bugzilla.suse.com/1253342
https://bugzilla.suse.com/1253348
https://bugzilla.suse.com/1253349
https://bugzilla.suse.com/1253352
https://bugzilla.suse.com/1253355
https://bugzilla.suse.com/1253360
https://bugzilla.suse.com/1253362
https://bugzilla.suse.com/1253363
https://bugzilla.suse.com/1253367
https://bugzilla.suse.com/1253369
https://bugzilla.suse.com/1253386
https://bugzilla.suse.com/1253394
https://bugzilla.suse.com/1253395
https://bugzilla.suse.com/1253402
https://bugzilla.suse.com/1253403
https://bugzilla.suse.com/1253405
https://bugzilla.suse.com/1253407
https://bugzilla.suse.com/1253408
https://bugzilla.suse.com/1253409
https://bugzilla.suse.com/1253410
https://bugzilla.suse.com/1253412
https://bugzilla.suse.com/1253416
https://bugzilla.suse.com/1253421
https://bugzilla.suse.com/1253422
https://bugzilla.suse.com/1253423
https://bugzilla.suse.com/1253424
https://bugzilla.suse.com/1253425
https://bugzilla.suse.com/1253426
https://bugzilla.suse.com/1253427
https://bugzilla.suse.com/1253428
https://bugzilla.suse.com/1253431
https://bugzilla.suse.com/1253433
https://bugzilla.suse.com/1253436
https://bugzilla.suse.com/1253438
https://bugzilla.suse.com/1253440
https://bugzilla.suse.com/1253441
https://bugzilla.suse.com/1253443
https://bugzilla.suse.com/1253445
https://bugzilla.suse.com/1253448
https://bugzilla.suse.com/1253449
https://bugzilla.suse.com/1253450
https://bugzilla.suse.com/1253451
https://bugzilla.suse.com/1253453
https://bugzilla.suse.com/1253455
https://bugzilla.suse.com/1253456
https://bugzilla.suse.com/1253457
https://bugzilla.suse.com/1253463
https://bugzilla.suse.com/1253472
https://bugzilla.suse.com/1253622
https://bugzilla.suse.com/1253624
https://bugzilla.suse.com/1253635
https://bugzilla.suse.com/1253643
https://bugzilla.suse.com/1253647
https://bugzilla.suse.com/1254119
https://bugzilla.suse.com/1254181
https://bugzilla.suse.com/1254221
https://bugzilla.suse.com/1254308
https://bugzilla.suse.com/1254315
https://www.suse.com/security/cve/CVE-2022-50253
https://www.suse.com/security/cve/CVE-2025-37916
https://www.suse.com/security/cve/CVE-2025-38084
https://www.suse.com/security/cve/CVE-2025-38085
https://www.suse.com/security/cve/CVE-2025-38321
https://www.suse.com/security/cve/CVE-2025-38728
https://www.suse.com/security/cve/CVE-2025-39805
https://www.suse.com/security/cve/CVE-2025-39819
https://www.suse.com/security/cve/CVE-2025-39822
https://www.suse.com/security/cve/CVE-2025-39831
https://www.suse.com/security/cve/CVE-2025-39859
https://www.suse.com/security/cve/CVE-2025-39897
https://www.suse.com/security/cve/CVE-2025-39917
https://www.suse.com/security/cve/CVE-2025-39944
https://www.suse.com/security/cve/CVE-2025-39961
https://www.suse.com/security/cve/CVE-2025-39980
https://www.suse.com/security/cve/CVE-2025-39990
https://www.suse.com/security/cve/CVE-2025-40001
https://www.suse.com/security/cve/CVE-2025-40003
https://www.suse.com/security/cve/CVE-2025-40006
https://www.suse.com/security/cve/CVE-2025-40021
https://www.suse.com/security/cve/CVE-2025-40024
https://www.suse.com/security/cve/CVE-2025-40027
https://www.suse.com/security/cve/CVE-2025-40031
https://www.suse.com/security/cve/CVE-2025-40033
https://www.suse.com/security/cve/CVE-2025-40038
https://www.suse.com/security/cve/CVE-2025-40047
https://www.suse.com/security/cve/CVE-2025-40053
https://www.suse.com/security/cve/CVE-2025-40055
https://www.suse.com/security/cve/CVE-2025-40059
https://www.suse.com/security/cve/CVE-2025-40064
https://www.suse.com/security/cve/CVE-2025-40070
https://www.suse.com/security/cve/CVE-2025-40074
https://www.suse.com/security/cve/CVE-2025-40075
https://www.suse.com/security/cve/CVE-2025-40081
https://www.suse.com/security/cve/CVE-2025-40083
https://www.suse.com/security/cve/CVE-2025-40086
https://www.suse.com/security/cve/CVE-2025-40098
https://www.suse.com/security/cve/CVE-2025-40101
https://www.suse.com/security/cve/CVE-2025-40102
https://www.suse.com/security/cve/CVE-2025-40105
https://www.suse.com/security/cve/CVE-2025-40107
https://www.suse.com/security/cve/CVE-2025-40109
https://www.suse.com/security/cve/CVE-2025-40110
https://www.suse.com/security/cve/CVE-2025-40111
https://www.suse.com/security/cve/CVE-2025-40115
https://www.suse.com/security/cve/CVE-2025-40116
https://www.suse.com/security/cve/CVE-2025-40118
https://www.suse.com/security/cve/CVE-2025-40120
https://www.suse.com/security/cve/CVE-2025-40121
https://www.suse.com/security/cve/CVE-2025-40127
https://www.suse.com/security/cve/CVE-2025-40129
https://www.suse.com/security/cve/CVE-2025-40132
https://www.suse.com/security/cve/CVE-2025-40133
https://www.suse.com/security/cve/CVE-2025-40134
https://www.suse.com/security/cve/CVE-2025-40135
https://www.suse.com/security/cve/CVE-2025-40139
https://www.suse.com/security/cve/CVE-2025-40140
https://www.suse.com/security/cve/CVE-2025-40141
https://www.suse.com/security/cve/CVE-2025-40142
https://www.suse.com/security/cve/CVE-2025-40149
https://www.suse.com/security/cve/CVE-2025-40153
https://www.suse.com/security/cve/CVE-2025-40154
https://www.suse.com/security/cve/CVE-2025-40156
https://www.suse.com/security/cve/CVE-2025-40157
https://www.suse.com/security/cve/CVE-2025-40158
https://www.suse.com/security/cve/CVE-2025-40159
https://www.suse.com/security/cve/CVE-2025-40161
https://www.suse.com/security/cve/CVE-2025-40162
https://www.suse.com/security/cve/CVE-2025-40164
https://www.suse.com/security/cve/CVE-2025-40165
https://www.suse.com/security/cve/CVE-2025-40166
https://www.suse.com/security/cve/CVE-2025-40168
https://www.suse.com/security/cve/CVE-2025-40169
https://www.suse.com/security/cve/CVE-2025-40171
https://www.suse.com/security/cve/CVE-2025-40172
https://www.suse.com/security/cve/CVE-2025-40173
https://www.suse.com/security/cve/CVE-2025-40175
https://www.suse.com/security/cve/CVE-2025-40176
https://www.suse.com/security/cve/CVE-2025-40177
https://www.suse.com/security/cve/CVE-2025-40178
https://www.suse.com/security/cve/CVE-2025-40180
https://www.suse.com/security/cve/CVE-2025-40183
https://www.suse.com/security/cve/CVE-2025-40185
https://www.suse.com/security/cve/CVE-2025-40186
https://www.suse.com/security/cve/CVE-2025-40187
https://www.suse.com/security/cve/CVE-2025-40188
https://www.suse.com/security/cve/CVE-2025-40192
https://www.suse.com/security/cve/CVE-2025-40194
https://www.suse.com/security/cve/CVE-2025-40196
https://www.suse.com/security/cve/CVE-2025-40197
https://www.suse.com/security/cve/CVE-2025-40198
https://www.suse.com/security/cve/CVE-2025-40200
https://www.suse.com/security/cve/CVE-2025-40201
https://www.suse.com/security/cve/CVE-2025-40202
https://www.suse.com/security/cve/CVE-2025-40203
https://www.suse.com/security/cve/CVE-2025-40204
https://www.suse.com/security/cve/CVE-2025-40205
Plugin Details
Severity: High
ID: 279677
File Name: openSUSE-2025-20172-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/24/2025
Updated: 12/24/2025
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-39917
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:dlm-kmp-default, p-cpe:/a:novell:opensuse:dtb-apm, p-cpe:/a:novell:opensuse:dtb-renesas, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-rt, p-cpe:/a:novell:opensuse:kernel-rt-devel, p-cpe:/a:novell:opensuse:kselftests-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-kvmsmall-vdso, p-cpe:/a:novell:opensuse:ocfs2-kmp-rt, p-cpe:/a:novell:opensuse:dtb-rockchip, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:dlm-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-64kb-devel, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:dtb-apple, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:dtb-amazon, p-cpe:/a:novell:opensuse:dlm-kmp-rt, p-cpe:/a:novell:opensuse:kernel-64kb-extra, p-cpe:/a:novell:opensuse:dtb-broadcom, p-cpe:/a:novell:opensuse:kernel-zfcpdump, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel, p-cpe:/a:novell:opensuse:dtb-cavium, p-cpe:/a:novell:opensuse:dtb-lg, p-cpe:/a:novell:opensuse:kselftests-kmp-rt, p-cpe:/a:novell:opensuse:gfs2-kmp-rt, p-cpe:/a:novell:opensuse:kernel-64kb-optional, p-cpe:/a:novell:opensuse:kernel-rt-vdso, p-cpe:/a:novell:opensuse:dtb-hisilicon, p-cpe:/a:novell:opensuse:dtb-marvell, p-cpe:/a:novell:opensuse:kernel-rt-optional, p-cpe:/a:novell:opensuse:kernel-default-vdso, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:dtb-xilinx, p-cpe:/a:novell:opensuse:kernel-64kb, p-cpe:/a:novell:opensuse:kernel-default-optional, p-cpe:/a:novell:opensuse:ocfs2-kmp-default, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:gfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:gfs2-kmp-default, p-cpe:/a:novell:opensuse:dtb-nvidia, p-cpe:/a:novell:opensuse:dtb-freescale, p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-rt-extra, p-cpe:/a:novell:opensuse:dtb-allwinner, p-cpe:/a:novell:opensuse:dtb-socionext, p-cpe:/a:novell:opensuse:dtb-amd, p-cpe:/a:novell:opensuse:cluster-md-kmp-default, p-cpe:/a:novell:opensuse:dtb-exynos, p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-mediatek, p-cpe:/a:novell:opensuse:dtb-amlogic, p-cpe:/a:novell:opensuse:cluster-md-kmp-rt, p-cpe:/a:novell:opensuse:dtb-arm, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:dtb-qcom, p-cpe:/a:novell:opensuse:dtb-sprd, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:dtb-altera, p-cpe:/a:novell:opensuse:kernel-macros
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/19/2025
Vulnerability Publication Date: 9/4/2021
Reference Information
CVE: CVE-2022-50253, CVE-2025-37916, CVE-2025-38084, CVE-2025-38085, CVE-2025-38321, CVE-2025-38728, CVE-2025-39805, CVE-2025-39819, CVE-2025-39822, CVE-2025-39831, CVE-2025-39859, CVE-2025-39897, CVE-2025-39917, CVE-2025-39944, CVE-2025-39961, CVE-2025-39980, CVE-2025-39990, CVE-2025-40001, CVE-2025-40003, CVE-2025-40006, CVE-2025-40021, CVE-2025-40024, CVE-2025-40027, CVE-2025-40031, CVE-2025-40033, CVE-2025-40038, CVE-2025-40047, CVE-2025-40053, CVE-2025-40055, CVE-2025-40059, CVE-2025-40064, CVE-2025-40070, CVE-2025-40074, CVE-2025-40075, CVE-2025-40081, CVE-2025-40083, CVE-2025-40086, CVE-2025-40098, CVE-2025-40101, CVE-2025-40102, CVE-2025-40105, CVE-2025-40107, CVE-2025-40109, CVE-2025-40110, CVE-2025-40111, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40127, CVE-2025-40129, CVE-2025-40132, CVE-2025-40133, CVE-2025-40134, CVE-2025-40135, CVE-2025-40139, CVE-2025-40140, CVE-2025-40141, CVE-2025-40142, CVE-2025-40149, CVE-2025-40153, CVE-2025-40154, CVE-2025-40156, CVE-2025-40157, CVE-2025-40158, CVE-2025-40159, CVE-2025-40161, CVE-2025-40162, CVE-2025-40164, CVE-2025-40165, CVE-2025-40166, CVE-2025-40168, CVE-2025-40169, CVE-2025-40171, CVE-2025-40172, CVE-2025-40173, CVE-2025-40175, CVE-2025-40176, CVE-2025-40177, CVE-2025-40178, CVE-2025-40180, CVE-2025-40183, CVE-2025-40185, CVE-2025-40186, CVE-2025-40187, CVE-2025-40188, CVE-2025-40192, CVE-2025-40194, CVE-2025-40196, CVE-2025-40197, CVE-2025-40198, CVE-2025-40200, CVE-2025-40201, CVE-2025-40202, CVE-2025-40203, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207