7 matches found
SUSE-SU-2025:20881-1 Security update for kernel-livepatch-MICRO-6-0_Update_5
This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem...
SUSE-SU-2025:20912-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: - CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 - CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 - CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretm...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
This update for kernel-livepatch-MICRO-6-0-RTUpdate4 fixes the following issues: CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfree bsc1246075 CVE-2025-38396: fs: export anoninodemakesecureinode and fix secretmem LSM...
SUSE-SU-2025:3772-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)
This update for the Linux Kernel 6.4.0-150700536 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...
SUSE-SU-2025:3748-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...
fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
...
CVE-2025-38396
The CVE-2025-38396 entry concerns the Linux kernel vulnerability where anon_inode_make_secure_inode() is exported to allow KVM guest_memfd to create anonymous inodes with proper security context, fixing a secretmem LSM bypass. The issue involved the S_PRIVATE flag not being cleared after alloc_an...