{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP6)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.33 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242882).\n- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672).\n- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2025-4262,SUSE-SLE-Module-Live-Patching-15-SP6-2025-4262","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4262-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:4262-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254262-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:4262-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-November/023371.html"},{"category":"self","summary":"SUSE Bug 1242882","url":"https://bugzilla.suse.com/1242882"},{"category":"self","summary":"SUSE Bug 1248672","url":"https://bugzilla.suse.com/1248672"},{"category":"self","summary":"SUSE Bug 1249537","url":"https://bugzilla.suse.com/1249537"},{"category":"self","summary":"SUSE CVE CVE-2025-23145 page","url":"https://www.suse.com/security/cve/CVE-2025-23145/"},{"category":"self","summary":"SUSE CVE CVE-2025-38500 page","url":"https://www.suse.com/security/cve/CVE-2025-38500/"},{"category":"self","summary":"SUSE CVE CVE-2025-38616 page","url":"https://www.suse.com/security/cve/CVE-2025-38616/"}],"title":"Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP6)","tracking":{"current_release_date":"2025-11-26T15:07:47Z","generator":{"date":"2025-11-26T15:07:47Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:4262-1","initial_release_date":"2025-11-26T15:07:47Z","revision_history":[{"date":"2025-11-26T15:07:47Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","product":{"name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","product_id":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","product":{"name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","product_id":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64","product":{"name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64","product_id":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP6","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP6","product_id":"SUSE Linux Enterprise Live Patching 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp6"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6","product_id":"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le"},"product_reference":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6","product_id":"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x"},"product_reference":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6","product_id":"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"},"product_reference":"kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP6"}]},"vulnerabilities":[{"cve":"CVE-2025-23145","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-23145"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix NULL pointer in can_accept_new_subflow\n\nWhen testing valkey benchmark tool with MPTCP, the kernel panics in\n'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL.\n\nCall trace:\n\n  mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P)\n  subflow_syn_recv_sock (./net/mptcp/subflow.c:854)\n  tcp_check_req (./net/ipv4/tcp_minisocks.c:863)\n  tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268)\n  ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (./net/ipv4/ip_input.c:234)\n  ip_local_deliver (./net/ipv4/ip_input.c:254)\n  ip_rcv_finish (./net/ipv4/ip_input.c:449)\n  ...\n\nAccording to the debug log, the same req received two SYN-ACK in a very\nshort time, very likely because the client retransmits the syn ack due\nto multiple reasons.\n\nEven if the packets are transmitted with a relevant time interval, they\ncan be processed by the server on different CPUs concurrently). The\n'subflow_req->msk' ownership is transferred to the subflow the first,\nand there will be a risk of a null pointer dereference here.\n\nThis patch fixes this issue by moving the 'subflow_req->msk' under the\n`own_req == true` conditional.\n\nNote that the !msk check in subflow_hmac_valid() can be dropped, because\nthe same check already exists under the own_req mpj branch where the\ncode has been moved to.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-23145","url":"https://www.suse.com/security/cve/CVE-2025-23145"},{"category":"external","summary":"SUSE Bug 1242596 for CVE-2025-23145","url":"https://bugzilla.suse.com/1242596"},{"category":"external","summary":"SUSE Bug 1242882 for CVE-2025-23145","url":"https://bugzilla.suse.com/1242882"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-26T15:07:47Z","details":"important"}],"title":"CVE-2025-23145"},{"cve":"CVE-2025-38500","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-38500"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: interface: fix use-after-free after changing collect_md xfrm interface\n\ncollect_md property on xfrm interfaces can only be set on device creation,\nthus xfrmi_changelink() should fail when called on such interfaces.\n\nThe check to enforce this was done only in the case where the xi was\nreturned from xfrmi_locate() which doesn't look for the collect_md\ninterface, and thus the validation was never reached.\n\nCalling changelink would thus errornously place the special interface xi\nin the xfrmi_net->xfrmi hash, but since it also exists in the\nxfrmi_net->collect_md_xfrmi pointer it would lead to a double free when\nthe net namespace was taken down [1].\n\nChange the check to use the xi from netdev_priv which is available earlier\nin the function to prevent changes in xfrm collect_md interfaces.\n\n[1] resulting oops:\n[    8.516540] kernel BUG at net/core/dev.c:12029!\n[    8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[    8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)\n[    8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[    8.516569] Workqueue: netns cleanup_net\n[    8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0\n[    8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24\n[    8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206\n[    8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60\n[    8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122\n[    8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100\n[    8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00\n[    8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00\n[    8.516615] FS:  0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000\n[    8.516619] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0\n[    8.516625] PKRU: 55555554\n[    8.516627] Call Trace:\n[    8.516632]  <TASK>\n[    8.516635]  ? rtnl_is_locked+0x15/0x20\n[    8.516641]  ? unregister_netdevice_queue+0x29/0xf0\n[    8.516650]  ops_undo_list+0x1f2/0x220\n[    8.516659]  cleanup_net+0x1ad/0x2e0\n[    8.516664]  process_one_work+0x160/0x380\n[    8.516673]  worker_thread+0x2aa/0x3c0\n[    8.516679]  ? __pfx_worker_thread+0x10/0x10\n[    8.516686]  kthread+0xfb/0x200\n[    8.516690]  ? __pfx_kthread+0x10/0x10\n[    8.516693]  ? __pfx_kthread+0x10/0x10\n[    8.516697]  ret_from_fork+0x82/0xf0\n[    8.516705]  ? __pfx_kthread+0x10/0x10\n[    8.516709]  ret_from_fork_asm+0x1a/0x30\n[    8.516718]  </TASK>","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-38500","url":"https://www.suse.com/security/cve/CVE-2025-38500"},{"category":"external","summary":"SUSE Bug 1248088 for CVE-2025-38500","url":"https://bugzilla.suse.com/1248088"},{"category":"external","summary":"SUSE Bug 1248672 for CVE-2025-38500","url":"https://bugzilla.suse.com/1248672"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-26T15:07:47Z","details":"important"}],"title":"CVE-2025-38500"},{"cve":"CVE-2025-38616","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-38616"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntls: handle data disappearing from under the TLS ULP\n\nTLS expects that it owns the receive queue of the TCP socket.\nThis cannot be guaranteed in case the reader of the TCP socket\nentered before the TLS ULP was installed, or uses some non-standard\nread API (eg. zerocopy ones). Replace the WARN_ON() and a buggy\nearly exit (which leaves anchor pointing to a freed skb) with real\nerror handling. Wipe the parsing state and tell the reader to retry.\n\nWe already reload the anchor every time we (re)acquire the socket lock,\nso the only condition we need to avoid is an out of bounds read\n(not having enough bytes in the socket for previously parsed record len).\n\nIf some data was read from under TLS but there's enough in the queue\nwe'll reload and decrypt what is most likely not a valid TLS record.\nLeading to some undefined behavior from TLS perspective (corrupting\na stream? missing an alert? missing an attack?) but no kernel crash\nshould take place.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-38616","url":"https://www.suse.com/security/cve/CVE-2025-38616"},{"category":"external","summary":"SUSE Bug 1248512 for CVE-2025-38616","url":"https://bugzilla.suse.com/1248512"},{"category":"external","summary":"SUSE Bug 1249537 for CVE-2025-38616","url":"https://bugzilla.suse.com/1249537"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-16-150600.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-11-26T15:07:47Z","details":"important"}],"title":"CVE-2025-38616"}]}