SUSE-SU-2025%3A20902-1
This update for kernel-livepatch-MICRO-6-0_Update_7 fixes the following issues: - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075) - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158) - CVE-2025-38471: kernel: tls: always refresh the queue when reading sock (bsc#1247452) - CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376) - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673) - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749) - CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458) - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534)
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Micro 6.1 | kernel-livepatch-MICRO-6-0_Update_7 | 0, 0 |
Timeline
- Oct 24, 2025 CVE Published
- Mar 23, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2025/suse-su-202520902-1/ advisory
- https://bugzilla.suse.com/1246075 report
- https://bugzilla.suse.com/1247158 report
- https://bugzilla.suse.com/1247452 report
- https://bugzilla.suse.com/1248376 report
- https://bugzilla.suse.com/1248673 report
- https://bugzilla.suse.com/1248749 report
- https://bugzilla.suse.com/1249458 report
- https://bugzilla.suse.com/1249534 report
- https://www.suse.com/security/cve/CVE-2025-38110 url
- https://www.suse.com/security/cve/CVE-2025-38206 url
- https://www.suse.com/security/cve/CVE-2025-38396 url
- https://www.suse.com/security/cve/CVE-2025-38471 url
- https://www.suse.com/security/cve/CVE-2025-38499 url
- https://www.suse.com/security/cve/CVE-2025-38566 url
- https://www.suse.com/security/cve/CVE-2025-38644 url
- https://www.suse.com/security/cve/CVE-2025-38678 url