Security update for kernel-livepatch-MICRO-6-0_Update_10 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20941-1 Final 1 1 2025-11-05T16:12:05Z current 2025-11-05T16:12:05Z 2025-11-05T16:12:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kernel-livepatch-MICRO-6-0_Update_10 This update for kernel-livepatch-MICRO-6-0_Update_10 fixes the following issues: - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631) - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-kernel-189 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520941-1/ Link for SUSE-SU-2025:20941-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023244.html E-Mail link for SUSE-SU-2025:20941-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1248631 SUSE Bug 1248631 https://bugzilla.suse.com/1249207 SUSE Bug 1249207 https://www.suse.com/security/cve/CVE-2025-38618/ SUSE CVE CVE-2025-38618 page https://www.suse.com/security/cve/CVE-2025-38664/ SUSE CVE CVE-2025-38664 page SUSE Linux Micro 6.0 kernel-livepatch-6_4_0-32-default-3-1.1 kernel-livepatch-6_4_0-32-default-3-1.1 as a component of SUSE Linux Micro 6.0 In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY. CVE-2025-38618 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-32-default-3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520941-1/ https://www.suse.com/security/cve/CVE-2025-38618.html CVE-2025-38618 https://bugzilla.suse.com/1248511 SUSE Bug 1248511 https://bugzilla.suse.com/1249207 SUSE Bug 1249207 In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. CVE-2025-38664 SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-32-default-3-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520941-1/ https://www.suse.com/security/cve/CVE-2025-38664.html CVE-2025-38664 https://bugzilla.suse.com/1248628 SUSE Bug 1248628 https://bugzilla.suse.com/1248631 SUSE Bug 1248631