{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.133 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256097).\n- CVE-2025-38129: page_pool: fix use-after-free in page_pool_recycle_in_ring (bsc#1258139).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2026-734,SUSE-SLE-Module-Live-Patching-15-SP5-2026-734","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0734-1.json"},{"category":"self","summary":"URL for SUSE-SU-2026:0734-1","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260734-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2026:0734-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-March/024508.html"},{"category":"self","summary":"SUSE Bug 1256097","url":"https://bugzilla.suse.com/1256097"},{"category":"self","summary":"SUSE Bug 1258139","url":"https://bugzilla.suse.com/1258139"},{"category":"self","summary":"SUSE CVE CVE-2023-54142 page","url":"https://www.suse.com/security/cve/CVE-2023-54142/"},{"category":"self","summary":"SUSE CVE CVE-2025-38129 page","url":"https://www.suse.com/security/cve/CVE-2025-38129/"}],"title":"Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)","tracking":{"current_release_date":"2026-03-01T19:33:48Z","generator":{"date":"2026-03-01T19:33:48Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2026:0734-1","initial_release_date":"2026-03-01T19:33:48Z","revision_history":[{"date":"2026-03-01T19:33:48Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","product":{"name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","product_id":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","product":{"name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","product_id":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64","product":{"name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64","product_id":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP5","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP5","product_id":"SUSE Linux Enterprise Live Patching 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5","product_id":"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le"},"product_reference":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5","product_id":"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x"},"product_reference":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5","product_id":"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"},"product_reference":"kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP5"}]},"vulnerabilities":[{"cve":"CVE-2023-54142","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-54142"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Fix use-after-free in __gtp_encap_destroy().\n\nsyzkaller reported use-after-free in __gtp_encap_destroy(). [0]\n\nIt shows the same process freed sk and touched it illegally.\n\nCommit e198987e7dd7 (\"gtp: fix suspicious RCU usage\") added lock_sock()\nand release_sock() in __gtp_encap_destroy() to protect sk->sk_user_data,\nbut release_sock() is called after sock_put() releases the last refcnt.\n\n[0]:\nBUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\nBUG: KASAN: slab-use-after-free in atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]\nBUG: KASAN: slab-use-after-free in queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock include/linux/spinlock.h:186 [inline]\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178\nWrite of size 4 at addr ffff88800dbef398 by task syz-executor.2/2401\n\nCPU: 1 PID: 2401 Comm: syz-executor.2 Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x72/0xa0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:351 [inline]\n print_report+0xcc/0x620 mm/kasan/report.c:462\n kasan_report+0xb2/0xe0 mm/kasan/report.c:572\n check_region_inline mm/kasan/generic.c:181 [inline]\n kasan_check_range+0x39/0x1c0 mm/kasan/generic.c:187\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]\n queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]\n do_raw_spin_lock include/linux/spinlock.h:186 [inline]\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]\n _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:355 [inline]\n release_sock+0x1f/0x1a0 net/core/sock.c:3526\n gtp_encap_disable_sock drivers/net/gtp.c:651 [inline]\n gtp_encap_disable+0xb9/0x220 drivers/net/gtp.c:664\n gtp_dev_uninit+0x19/0x50 drivers/net/gtp.c:728\n unregister_netdevice_many_notify+0x97e/0x1520 net/core/dev.c:10841\n rtnl_delete_link net/core/rtnetlink.c:3216 [inline]\n rtnl_dellink+0x3c0/0xb30 net/core/rtnetlink.c:3268\n rtnetlink_rcv_msg+0x450/0xb10 net/core/rtnetlink.c:6423\n netlink_rcv_skb+0x15d/0x450 net/netlink/af_netlink.c:2548\n netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\n netlink_unicast+0x700/0x930 net/netlink/af_netlink.c:1365\n netlink_sendmsg+0x91c/0xe30 net/netlink/af_netlink.c:1913\n sock_sendmsg_nosec net/socket.c:724 [inline]\n sock_sendmsg+0x1b7/0x200 net/socket.c:747\n ____sys_sendmsg+0x75a/0x990 net/socket.c:2493\n ___sys_sendmsg+0x11d/0x1c0 net/socket.c:2547\n __sys_sendmsg+0xfe/0x1d0 net/socket.c:2576\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f1168b1fe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f1167edccc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f1168b1fe5d\nRDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f1168b80530 R15: 0000000000000000\n </TASK>\n\nAllocated by task 1483:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x\n---truncated---","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-54142","url":"https://www.suse.com/security/cve/CVE-2023-54142"},{"category":"external","summary":"SUSE Bug 1256095 for CVE-2023-54142","url":"https://bugzilla.suse.com/1256095"},{"category":"external","summary":"SUSE Bug 1256097 for CVE-2023-54142","url":"https://bugzilla.suse.com/1256097"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-03-01T19:33:48Z","details":"important"}],"title":"CVE-2023-54142"},{"cve":"CVE-2025-38129","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-38129"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n  ptr_ring_produce\n    spin_lock(&r->producer_lock);\n    WRITE_ONCE(r->queue[r->producer++], ptr)\n      //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t  page_pool_scrub\n\t\t\t\t    page_pool_empty_ring\n\t\t\t\t      ptr_ring_consume\n\t\t\t\t      page_pool_return_page  //release all page\n\t\t\t\t  __page_pool_destroy\n\t\t\t\t     free_percpu(pool->recycle_stats);\n\t\t\t\t     free(pool) //free\n\n     spin_unlock(&r->producer_lock); //pool->ring uaf read\n  recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-38129","url":"https://www.suse.com/security/cve/CVE-2025-38129"},{"category":"external","summary":"SUSE Bug 1245723 for CVE-2025-38129","url":"https://bugzilla.suse.com/1245723"},{"category":"external","summary":"SUSE Bug 1258139 for CVE-2025-38129","url":"https://bugzilla.suse.com/1258139"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.ppc64le","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.s390x","SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_133-default-2-150500.2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-03-01T19:33:48Z","details":"important"}],"title":"CVE-2025-38129"}]}