SUSE-SU-2025:03392-1 Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024173 fixes several issues. The following security issues were fixed: - CVE-2025-38498: dochangetype: refuse to operate on unmounted/not ours mounts bsc1247499. - CVE-2025-38555: usb: gadget : fix use-after-free in compositedevcleanup bsc1248298...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_10

This update for kernel-livepatch-MICRO-6-0-RTUpdate10 fixes the following issues: CVE-2025-38498: dochangetype: refuse to operate on unmounted/not ours mounts bsc1247499 CVE-2025-38555: usb: gadget : fix use-after-free in compositedevcleanup bsc1248298 Patch Instructions: To install this SUSE...

usb: gadget : fix use-after-free in composite_dev_cleanup()

...

CVE-2025-38555 usb: gadget : fix use-after-free in composite_dev_cleanup()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...