Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002325 fixes several issues. The following security issues were fixed: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier bsc1249208...

SUSE-SU-2025:3886-1 Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-1507005 fixes several issues. The following security issues were fixed: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. - CVE-2025-38511: drm/xe/pf: Clear all LMTT pages on alloc bsc1248176. - CVE-2025-38617: net/packet...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2024-50042

Technical details for CVE-2024-50042 are not publicly available in the provided documents. The connected advisories list kernel issues but do not disclose the affected product/version, root cause, impact, or a concrete fix for this CVE. Monitor for updates.

CVE-2024-50042 ice: Fix increasing MSI-X on VF

In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. This is caused by not reallocating some arrays. Reproducer: modprobe ice echo 0 /sys/bus/pci/devices/$PFPCI/sriovdriversautoprobe...

CVE-2024-46770

In the Linux kernel, the following vulnerability has been resolved: ice: Add netifdeviceattach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL pointer dereference seen...

CVE-2024-46765 ice: protect XDP configuration with a mutex

In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in icexdp is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset code access the same...

CVE-2024-42139 ice: Fix improper extts handling

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause ...

USN-6843-1: Plasma Workspace vulnerability

Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code...

CVE-2021-47562

In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi-txqmap sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi-txqmap's size is equal t...

CVE-2021-47449

A vulnerability was found in the Linux kernel vulnerability that affects the ice driver, specifically related to the locking mechanism for the Transmission Tx timestamp tracking flush. The issue arose after the addition of a lock around the Tx timestamp tracker flow, which handles cleanup of...

CVE-2021-47449

In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e "ice: add lock around Tx timestamp tracker flush" added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for...

CVE-2021-47449 ice: fix locking for Tx timestamp tracking flush

In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e "ice: add lock around Tx timestamp tracker flush" added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for...

CVE-2022-48709

In the Linux kernel, the following vulnerability has been resolved: ice: switch: fix potential memleak in iceaddadvrecipe When iceaddspecialwords fails, the 'rm' is not released, which will lead to a memory leak. Fix this up by going to 'errunroll' label. Compile tested only...

CVE-2022-48690

Insight : CVE-2022-48690 refers to a Linux kernel fix in the ice driver for a DMA mappings leak when reallocating RX buffers while changing ring parameters. The leak occurred because kfree on rx_buf freed DMA mappings that were still active, leading to leaked DMA mappings during buffer substituti...

CVE-2022-48652

In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 "ice: ethtool: Prohibit improper channel config for DCB" already disallow setti...

CVE-2022-48653 ice: Don't double unplug aux on peer initiated reset

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48653 ice: Don't double unplug aux on peer initiated reset

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48652 ice: Fix crash by keep old cfg when update TCs more than queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 "ice: ethtool: Prohibit improper channel config for DCB" already disallow setti...

CVE-2022-48652

In CVE-2022-48652, the Linux kernel ICE driver fixes a crash when TC/channels are updated beyond allocated queues. The issue occurred when less queues were configured than TCs and later more TCs were added (e.g., via LLDP), leaving dirty num_txq/rxq and tc_cfg in the VSI and risking invalid point...