{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 6.4.0-150700.5 fixes one security issue\n\nThe following security issue was fixed:\n\n- CVE-2025-38129: page_pool: fix use-after-free in page_pool_recycle_in_ring (bsc#1258139).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2026-674,SUSE-SLE-Module-Live-Patching-15-SP7-2026-674","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0674-1.json"},{"category":"self","summary":"URL for SUSE-SU-2026:0674-1","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260674-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2026:0674-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024490.html"},{"category":"self","summary":"SUSE Bug 1258139","url":"https://bugzilla.suse.com/1258139"},{"category":"self","summary":"SUSE CVE CVE-2025-38129 page","url":"https://www.suse.com/security/cve/CVE-2025-38129/"}],"title":"Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7)","tracking":{"current_release_date":"2026-02-27T07:04:14Z","generator":{"date":"2026-02-27T07:04:14Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2026:0674-1","initial_release_date":"2026-02-27T07:04:14Z","revision_history":[{"date":"2026-02-27T07:04:14Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64","product":{"name":"kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64","product_id":"kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 15 SP7","product":{"name":"SUSE Linux Enterprise Live Patching 15 SP7","product_id":"SUSE Linux Enterprise Live Patching 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-live-patching:15:sp7"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7","product_id":"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64"},"product_reference":"kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 15 SP7"}]},"vulnerabilities":[{"cve":"CVE-2025-38129","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-38129"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n  ptr_ring_produce\n    spin_lock(&r->producer_lock);\n    WRITE_ONCE(r->queue[r->producer++], ptr)\n      //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t  page_pool_scrub\n\t\t\t\t    page_pool_empty_ring\n\t\t\t\t      ptr_ring_consume\n\t\t\t\t      page_pool_return_page  //release all page\n\t\t\t\t  __page_pool_destroy\n\t\t\t\t     free_percpu(pool->recycle_stats);\n\t\t\t\t     free(pool) //free\n\n     spin_unlock(&r->producer_lock); //pool->ring uaf read\n  recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-38129","url":"https://www.suse.com/security/cve/CVE-2025-38129"},{"category":"external","summary":"SUSE Bug 1245723 for CVE-2025-38129","url":"https://bugzilla.suse.com/1245723"},{"category":"external","summary":"SUSE Bug 1258139 for CVE-2025-38129","url":"https://bugzilla.suse.com/1258139"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_5-rt-11-150700.3.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-27T07:04:14Z","details":"important"}],"title":"CVE-2025-38129"}]}