Overview

File _patchinfo of Package patchinfo.43285

<patchinfo incident="43285">
  <!--generated  from request 403972-->
  <issue tracker="bnc" id="1247240">VUL-0: CVE-2025-38488: kernel live patch: smb: client: fix use-after-free in crypt_message when using async crypto</issue>
  <issue tracker="bnc" id="1255053">VUL-0: CVE-2025-40258: kernel live patch: mptcp: fix race condition in mptcp_schedule_work()</issue>
  <issue tracker="bnc" id="1255378">VUL-0: CVE-2025-68284: kernel live patch: libceph: prevent potential out-of-bounds writes in handle_auth_session_key()</issue>
  <issue tracker="bnc" id="1255402">VUL-0: CVE-2025-68285: kernel live patch: libceph: fix potential use-after-free in have_mon_and_osd_map()</issue>
  <issue tracker="bnc" id="1255895">VUL-0: CVE-2025-40297: kernel live patch: net: bridge: fix use-after-free due to MST port state bypass</issue>
  <issue tracker="bnc" id="1256624">VUL-0: CVE-2025-71085: kernel live patch: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()</issue>
  <issue tracker="bnc" id="1256644">VUL-0: CVE-2025-68813: kernel live patch: ipvs: fix ipv4 null-ptr-deref in route error path</issue>
  <issue tracker="bnc" id="1257669">VUL-0: CVE-2025-40284: kernel live patch: Bluetooth: MGMT: cancel mesh send timer when hdev removed</issue>
  <issue tracker="cve" id="2025-38488"/>
  <issue tracker="cve" id="2025-40258"/>
  <issue tracker="cve" id="2025-40284"/>
  <issue tracker="cve" id="2025-40297"/>
  <issue tracker="cve" id="2025-68284"/>
  <issue tracker="cve" id="2025-68285"/>
  <issue tracker="cve" id="2025-68813"/>
  <issue tracker="cve" id="2025-71085"/>
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <summary>Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)</summary>
  <description>
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues

The following security issues were fixed:

- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places