Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2025:4515-1)
high Nessus Plugin ID 279908
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4515-1 advisory.The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50364: i2c: mux: reg: check return value after calling platform_get_resource() (bsc#1250083).
- CVE-2022-50368: drm/msm/dsi: fix memory corruption with too many bridges (bsc#1250009).
- CVE-2022-50494: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (bsc#1251173).
- CVE-2022-50545: r6040: Fix kmemleak in probe and remove (bsc#1251285).
- CVE-2022-50551: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (bsc#1251322).
- CVE-2022-50569: xfrm: Update ipcomp_scratches with NULL when freed (bsc#1252640).
- CVE-2022-50578: class: fix possible memory leak in __class_register() (bsc#1252519).
- CVE-2023-53229: wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (bsc#1249650).
- CVE-2023-53369: net: dcb: choose correct policy to parse DCB_ATTR_BCN (bsc#1250206).
- CVE-2023-53431: scsi: ses: Don't attach if enclosure has no components (bsc#1250374).
- CVE-2023-53542: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (bsc#1251154).
- CVE-2023-53597: cifs: fix mid leak during reconnection after timeout threshold (bsc#1251159).
- CVE-2023-53641: wifi: ath9k: hif_usb: fix memory leak of remain_skbs (bsc#1251728).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-38436: drm/scheduler: signal scheduled fence when kill job (bsc#1247227).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-40205: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (bsc#1253456).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1070872
https://bugzilla.suse.com/1220419
https://bugzilla.suse.com/1228688
https://bugzilla.suse.com/1247227
https://bugzilla.suse.com/1249650
https://bugzilla.suse.com/1250009
https://bugzilla.suse.com/1250083
https://bugzilla.suse.com/1250176
https://bugzilla.suse.com/1250206
https://bugzilla.suse.com/1250374
https://bugzilla.suse.com/1250650
https://bugzilla.suse.com/1250705
https://bugzilla.suse.com/1251154
https://bugzilla.suse.com/1251159
https://bugzilla.suse.com/1251173
https://bugzilla.suse.com/1251285
https://bugzilla.suse.com/1251322
https://bugzilla.suse.com/1251728
https://bugzilla.suse.com/1251786
https://bugzilla.suse.com/1252033
https://bugzilla.suse.com/1252303
https://bugzilla.suse.com/1252519
https://bugzilla.suse.com/1252640
https://bugzilla.suse.com/1252763
https://bugzilla.suse.com/1252773
https://bugzilla.suse.com/1252780
https://bugzilla.suse.com/1252821
https://bugzilla.suse.com/1252836
https://bugzilla.suse.com/1252862
https://bugzilla.suse.com/1252912
https://bugzilla.suse.com/1253237
https://bugzilla.suse.com/1253421
https://bugzilla.suse.com/1253436
https://bugzilla.suse.com/1253438
https://bugzilla.suse.com/1253456
http://www.nessus.org/u?87568a88
https://www.suse.com/security/cve/CVE-2022-50364
https://www.suse.com/security/cve/CVE-2022-50368
https://www.suse.com/security/cve/CVE-2022-50494
https://www.suse.com/security/cve/CVE-2022-50545
https://www.suse.com/security/cve/CVE-2022-50551
https://www.suse.com/security/cve/CVE-2022-50569
https://www.suse.com/security/cve/CVE-2022-50578
https://www.suse.com/security/cve/CVE-2023-53229
https://www.suse.com/security/cve/CVE-2023-53369
https://www.suse.com/security/cve/CVE-2023-53431
https://www.suse.com/security/cve/CVE-2023-53542
https://www.suse.com/security/cve/CVE-2023-53597
https://www.suse.com/security/cve/CVE-2023-53641
https://www.suse.com/security/cve/CVE-2023-53676
https://www.suse.com/security/cve/CVE-2025-38436
https://www.suse.com/security/cve/CVE-2025-39819
https://www.suse.com/security/cve/CVE-2025-39967
https://www.suse.com/security/cve/CVE-2025-40001
https://www.suse.com/security/cve/CVE-2025-40027
https://www.suse.com/security/cve/CVE-2025-40030
https://www.suse.com/security/cve/CVE-2025-40040
https://www.suse.com/security/cve/CVE-2025-40048
https://www.suse.com/security/cve/CVE-2025-40055
https://www.suse.com/security/cve/CVE-2025-40070
https://www.suse.com/security/cve/CVE-2025-40083
https://www.suse.com/security/cve/CVE-2025-40173
https://www.suse.com/security/cve/CVE-2025-40186
Plugin Details
Severity: High
ID: 279908
File Name: suse_SU-2025-4515-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/25/2025
Updated: 12/25/2025
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.1
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2022-50368
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 12/23/2025
Vulnerability Publication Date: 9/4/2021
Reference Information
CVE: CVE-2022-50364, CVE-2022-50368, CVE-2022-50494, CVE-2022-50545, CVE-2022-50551, CVE-2022-50569, CVE-2022-50578, CVE-2023-53229, CVE-2023-53369, CVE-2023-53431, CVE-2023-53542, CVE-2023-53597, CVE-2023-53641, CVE-2023-53676, CVE-2025-38436, CVE-2025-39819, CVE-2025-39967, CVE-2025-40001, CVE-2025-40027, CVE-2025-40030, CVE-2025-40040, CVE-2025-40048, CVE-2025-40055, CVE-2025-40070, CVE-2025-40083, CVE-2025-40173, CVE-2025-40186, CVE-2025-40204, CVE-2025-40205
SuSE: SUSE-SU-2025:4515-1