File _patchinfo of Package patchinfo.41034
<patchinfo incident="41034">
<issue tracker="bnc" id="1202700">VUL-0: CVE-2022-2978: kernel-source-azure,kernel-source-rt,kernel-source: kernel: use-after-free in nilfs_mdt_destroy</issue>
<issue tracker="bnc" id="1203332">VUL-0: CVE-2022-36280: kernel: out-of-bounds memory access vulnerability found in vmwgfx driver</issue>
<issue tracker="bnc" id="1204228">VUL-0: CVE-2022-2602: kernel: defer registered files gc to io_uring release</issue>
<issue tracker="bnc" id="1205128">VUL-0: CVE-2022-43945: kernel-source-azure,kernel-source,kernel-source-rt: nfsd: buffer overflow due to incorrect calculation of send buffer size</issue>
<issue tracker="bnc" id="1209287">VUL-0: CVE-2023-1380: kernel: A USB-accessible slab-out-of-bounds read in Linux kernel driver</issue>
<issue tracker="bnc" id="1209291">VUL-0: CVE-2023-28328: kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c</issue>
<issue tracker="bnc" id="1210124">SLES 15 SP3 NFS Server rsize bug upon update to kernel 5.3.18-150300.59.106.1</issue>
<issue tracker="bnc" id="1210584">VUL-0: kernel: buffer overflow in mtd_ubi build.c:::io_init</issue>
<issue tracker="bnc" id="1213666">VUL-0: CVE-2023-3772: kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()</issue>
<issue tracker="bnc" id="1215150">VUL-0: CVE-2023-42753: kernel-source: slab-out-of-bound access in the Linux kernel</issue>
<issue tracker="bnc" id="1216976">VUL-0: CVE-2023-39197: kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dccp_packet()</issue>
<issue tracker="bnc" id="1220185">VUL-0: CVE-2024-26583: kernel: tls: fix race between async notify and socket close</issue>
<issue tracker="bnc" id="1220186">VUL-0: CVE-2024-26584: kernel: net: tls: handle backlogging of crypto requests</issue>
<issue tracker="bnc" id="1229334">VUL-0: CVE-2024-42265: kernel: protect the fetch of ->fd[fd] in do_dup2() from mispredictions</issue>
<issue tracker="bnc" id="1240784">VUL-0: CVE-2025-21969: kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd</issue>
<issue tracker="bnc" id="1240799">VUL-0: CVE-2025-21971: kernel: net_sched: Prevent creation of classes with TC_H_ROOT</issue>
<issue tracker="bnc" id="1241353">[Build 20250416] openQA test fails in tdup: ordering of package in transaction</issue>
<issue tracker="bnc" id="1241433">VUL-0: CVE-2025-22045: kernel: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs</issue>
<issue tracker="bnc" id="1242780">VUL-0: CVE-2023-53117: kernel: fs: prevent out-of-bounds array speculation when closing a file descriptor</issue>
<issue tracker="bnc" id="1244337">kernel-syms should not require kernel-rt-devel</issue>
<issue tracker="bnc" id="1244824">VUL-0: CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path</issue>
<issue tracker="bnc" id="1245956">VUL-0: CVE-2025-38184: kernel: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer</issue>
<issue tracker="bnc" id="1245970">VUL-0: CVE-2025-38180: kernel: net: atm: fix /proc/net/atm/lec handling</issue>
<issue tracker="bnc" id="1246473">VUL-0: CVE-2025-38323: kernel: net: atm: add lec_mutex</issue>
<issue tracker="bnc" id="1246781">VUL-0: CVE-2025-38350: kernel: net/sched: Always pass notifications when child class becomes empty</issue>
<issue tracker="bnc" id="1246879">[ppc64le] kernel-default-base has truncated vmlinux, breaking fips</issue>
<issue tracker="bnc" id="1246911">VUL-0: CVE-2025-38352: kernel: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()</issue>
<issue tracker="bnc" id="1246968">VUL-0: CVE-2022-50233: kernel: bluetooth: device name can cause reading kernel memory by not supplying terminal \0</issue>
<issue tracker="bnc" id="1247143">VUL-0: CVE-2025-38460: kernel: atm: clip: Fix potential null-ptr-deref in to_atmarpd().</issue>
<issue tracker="bnc" id="1247172">Kernel-syms.spec does not write release information in local build of RPM package</issue>
<issue tracker="bnc" id="1247239">VUL-0: CVE-2025-38488: kernel: smb: client: fix use-after-free in crypt_message when using async crypto</issue>
<issue tracker="bnc" id="1247314">VUL-0: CVE-2025-38477: kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate</issue>
<issue tracker="bnc" id="1247374">VUL-0: CVE-2025-38498: kernel: do_change_type(): refuse to operate on unmounted/not ours mounts</issue>
<issue tracker="bnc" id="1247437">VUL-0: CVE-2025-38468: kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree</issue>
<issue tracker="bnc" id="1247976">VUL-0: CVE-2025-38499: kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns</issue>
<issue tracker="bnc" id="1248108">kernel: livepatching: build dependencies for RT flavour: kernel-syms vs. kernel-syms-rt</issue>
<issue tracker="bnc" id="1248223">VUL-0: CVE-2025-38546: kernel: atm: clip: Fix memory leak of struct clip_vcc.</issue>
<issue tracker="bnc" id="1248255">VUL-0: CVE-2025-38553: kernel: net/sched: Restrict conditions for adding duplicating netems to qdisc tree</issue>
<issue tracker="bnc" id="1248306">VUL-0: CVE-2025-38563: kernel: perf/core: Prevent VMA split of buffer mappings</issue>
<issue tracker="bnc" id="1248338">VUL-0: CVE-2025-38608: kernel: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls</issue>
<issue tracker="bnc" id="1248399">VUL-0: CVE-2025-38572: kernel: ipv6: reject malicious packets in ipv6_gso_segment()</issue>
<issue tracker="bnc" id="1248511">VUL-0: CVE-2025-38618: kernel: vsock: Do not allow binding to VMADDR_PORT_ANY</issue>
<issue tracker="bnc" id="1248614">VUL-0: CVE-2024-58239: kernel: tls: stop recv() if initial process_rx_list gave us non-DATA</issue>
<issue tracker="bnc" id="1248621">VUL-0: CVE-2025-38617: kernel: net/packet: fix a race in packet_set_ring() and packet_notifier()</issue>
<issue tracker="bnc" id="1248628">VUL-0: CVE-2025-38664: kernel: ice: Fix a null pointer dereference in ice_copy_and_init_pkg()</issue>
<issue tracker="bnc" id="1248748">VUL-0: CVE-2025-38644: kernel: wifi: mac80211: reject TDLS operations when station is not associated</issue>
<issue tracker="bnc" id="1248847">VUL-0: CVE-2024-58240: kernel: tls: separate no-async decryption request handling from async</issue>
<issue tracker="bnc" id="1249186">Relax KABI checks on archs/flavors without KABI</issue>
<issue tracker="bnc" id="1249200">VUL-0: CVE-2025-38713: kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()</issue>
<issue tracker="bnc" id="1249220">VUL-0: CVE-2025-38685: kernel: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit</issue>
<issue tracker="bnc" id="1249346">[Build 20250908] openQA test fails in kdump_and_crash: not supported file format</issue>
<issue tracker="bnc" id="1249538">VUL-0: CVE-2025-39751: kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control</issue>
<issue tracker="bnc" id="1249604">Use tar for creating kernel-source archives</issue>
<issue tracker="bnc" id="1249664">VUL-0: CVE-2022-50234: kernel: io_uring/af_unix: defer registered files gc to io_uring release</issue>
<issue tracker="bnc" id="1249667">VUL-0: CVE-2022-50235: kernel: NFSD: Protect against send buffer overflow in NFSv2 READDIR</issue>
<issue tracker="bnc" id="1249734">VUL-0: CVE-2022-50299: kernel: md: Replace snprintf with scnprintf</issue>
<issue tracker="bnc" id="1249808">VUL-0: CVE-2022-50272: kernel: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()</issue>
<issue tracker="bnc" id="1249825">VUL-0: CVE-2023-53179: kernel: netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c</issue>
<issue tracker="bnc" id="1249827">VUL-0: CVE-2023-53178: kernel: mm: fix zswap writeback race condition</issue>
<issue tracker="bnc" id="1249840">VUL-0: CVE-2022-50248: kernel: wifi: iwlwifi: mvm: fix double free on tx path.</issue>
<issue tracker="bnc" id="1249846">VUL-0: CVE-2022-50252: kernel: igb: Do not free q_vector unless new one was allocated</issue>
<issue tracker="bnc" id="1249857">VUL-0: CVE-2022-50334: kernel: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()</issue>
<issue tracker="bnc" id="1249859">VUL-0: CVE-2022-50327: kernel: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value</issue>
<issue tracker="bnc" id="1249880">VUL-0: CVE-2023-53147: kernel: xfrm: add NULL check in xfrm_update_ae_params</issue>
<issue tracker="bnc" id="1249908">VUL-0: CVE-2023-53265: kernel: ubi: ensure that VID header offset + VID header size <= alloc, size</issue>
<issue tracker="bnc" id="1249918">VUL-0: CVE-2023-53213: kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()</issue>
<issue tracker="bnc" id="1249923">VUL-0: CVE-2023-53304: kernel: netfilter: nft_set_rbtree: fix overlap expiration walk</issue>
<issue tracker="bnc" id="1249930">VUL-0: CVE-2023-53273: kernel: Drivers: vmbus: Check for channel allocation before looking up relids</issue>
<issue tracker="bnc" id="1249947">VUL-0: CVE-2022-50258: kernel: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()</issue>
<issue tracker="bnc" id="1249949">VUL-0: CVE-2023-53333: kernel: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one</issue>
<issue tracker="bnc" id="1249988">VUL-0: CVE-2023-53365: kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()</issue>
<issue tracker="bnc" id="1250002">VUL-0: CVE-2025-39823: kernel: KVM: x86: use array_index_nospec with indices that come from guest</issue>
<issue tracker="bnc" id="1250180">VUL-0: CVE-2023-53438: kernel: x86/MCE: Always save CS register on AMD Zen IF Poison errors</issue>
<issue tracker="bnc" id="1250187">VUL-0: CVE-2022-50410: kernel: NFSD: Protect against send buffer overflow in NFSv2 READ</issue>
<issue tracker="bnc" id="1250257">VUL-0: CVE-2022-50381: kernel: md: fix a crash in mempool_free</issue>
<issue tracker="bnc" id="1250277">VUL-0: CVE-2022-50367: kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy</issue>
<issue tracker="bnc" id="1250293">VUL-0: CVE-2022-50388: kernel: nvme: fix multipath crash caused by flush request when blktrace is enabled</issue>
<issue tracker="bnc" id="1250301">VUL-0: CVE-2022-50386: kernel: Bluetooth: L2CAP: Fix user-after-free</issue>
<issue tracker="bnc" id="1250311">VUL-0: CVE-2023-53282: kernel: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write</issue>
<issue tracker="bnc" id="1250313">VUL-0: CVE-2023-53321: kernel: wifi: mac80211_hwsim: drop short frames</issue>
<issue tracker="bnc" id="1250358">VUL-0: CVE-2023-53395: kernel: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer</issue>
<issue tracker="bnc" id="1250391">VUL-0: CVE-2022-50408: kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()</issue>
<issue tracker="bnc" id="1250392">VUL-0: CVE-2022-50409: kernel: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory</issue>
<issue tracker="bnc" id="1250522">mkspec script shipped as part of rpm package</issue>
<issue tracker="bnc" id="1250784">VUL-0: CVE-2022-50423: kernel: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()</issue>
<issue tracker="bnc" id="1250816">VUL-0: CVE-2023-53500: kernel: xfrm: fix slab-use-after-free in decode_session6</issue>
<issue tracker="bnc" id="1250851">VUL-0: CVE-2022-50432: kernel: kernfs: fix use-after-free in __kernfs_remove</issue>
<issue tracker="bnc" id="1250853">VUL-0: CVE-2022-50440: kernel: drm/vmwgfx: Validate the box size for the snooped cursor</issue>
<issue tracker="bnc" id="1250946">kernel-source 6.17.0 does not build without debug</issue>
<issue tracker="bnc" id="1251040">VUL-0: CVE-2023-53566: kernel: netfilter: nft_set_rbtree: fix null deref on element insertion</issue>
<issue tracker="bnc" id="1251052">VUL-0: CVE-2023-53559: kernel: ip_vti: fix potential slab-use-after-free in decode_session6</issue>
<issue tracker="bnc" id="1251208">VUL-0: CVE-2022-50487: kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR</issue>
<issue tracker="bnc" id="1251222">VUL-0: CVE-2023-53574: kernel: wifi: rtw88: delete timer and free skb queue when unloading</issue>
<issue tracker="bnc" id="1251743">VUL-0: CVE-2023-53619: kernel: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free</issue>
<issue tracker="bnc" id="1251747">Drop non-x86 architectures on SLE15 SP2</issue>
<issue tracker="bnc" id="1251930">kernel-default-base fails to load after patch with SUSE-SLE-Product-SLES-15-SP2-LTSS-TERADATA-2025-41034</issue>
<issue tracker="bnc" id="1252035">VUL-0: CVE-2025-39973: kernel: i40e: add validation for ring_len param</issue>
<issue tracker="bnc" id="1252047">VUL-0: CVE-2025-39968: kernel: i40e: add max boundary check for VF filters</issue>
<issue tracker="bnc" id="1252499">VUL-0: CVE-2023-53722: kernel: md: raid1: fix potential OOB in raid1_remove_disk()</issue>
<issue tracker="bnc" id="1252554">VUL-0: CVE-2023-53705: kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()</issue>
<issue tracker="bnc" id="1252688">VUL-0: CVE-2025-40018: kernel: ipvs: Defer ip_vs_ftp unregister during netns cleanup</issue>
<issue tracker="bnc" id="1252775">VUL-0: CVE-2025-40082: kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()</issue>
<issue tracker="cve" id="2022-2602"/>
<issue tracker="cve" id="2022-2978"/>
<issue tracker="cve" id="2022-36280"/>
<issue tracker="cve" id="2022-43945"/>
<issue tracker="cve" id="2022-50116"/>
<issue tracker="cve" id="2022-50233"/>
<issue tracker="cve" id="2022-50234"/>
<issue tracker="cve" id="2022-50235"/>
<issue tracker="cve" id="2022-50248"/>
<issue tracker="cve" id="2022-50252"/>
<issue tracker="cve" id="2022-50258"/>
<issue tracker="cve" id="2022-50272"/>
<issue tracker="cve" id="2022-50299"/>
<issue tracker="cve" id="2022-50327"/>
<issue tracker="cve" id="2022-50334"/>
<issue tracker="cve" id="2022-50367"/>
<issue tracker="cve" id="2022-50381"/>
<issue tracker="cve" id="2022-50386"/>
<issue tracker="cve" id="2022-50388"/>
<issue tracker="cve" id="2022-50408"/>
<issue tracker="cve" id="2022-50409"/>
<issue tracker="cve" id="2022-50410"/>
<issue tracker="cve" id="2022-50423"/>
<issue tracker="cve" id="2022-50432"/>
<issue tracker="cve" id="2022-50440"/>
<issue tracker="cve" id="2022-50487"/>
<issue tracker="cve" id="2023-1380"/>
<issue tracker="cve" id="2023-28328"/>
<issue tracker="cve" id="2023-3772"/>
<issue tracker="cve" id="2023-39197"/>
<issue tracker="cve" id="2023-42753"/>
<issue tracker="cve" id="2023-53117"/>
<issue tracker="cve" id="2023-53147"/>
<issue tracker="cve" id="2023-53178"/>
<issue tracker="cve" id="2023-53179"/>
<issue tracker="cve" id="2023-53213"/>
<issue tracker="cve" id="2023-53265"/>
<issue tracker="cve" id="2023-53273"/>
<issue tracker="cve" id="2023-53282"/>
<issue tracker="cve" id="2023-53304"/>
<issue tracker="cve" id="2023-53321"/>
<issue tracker="cve" id="2023-53333"/>
<issue tracker="cve" id="2023-53365"/>
<issue tracker="cve" id="2023-53395"/>
<issue tracker="cve" id="2023-53438"/>
<issue tracker="cve" id="2023-53500"/>
<issue tracker="cve" id="2023-53559"/>
<issue tracker="cve" id="2023-53566"/>
<issue tracker="cve" id="2023-53574"/>
<issue tracker="cve" id="2023-53619"/>
<issue tracker="cve" id="2023-53705"/>
<issue tracker="cve" id="2023-53722"/>
<issue tracker="cve" id="2024-26583"/>
<issue tracker="cve" id="2024-26584"/>
<issue tracker="cve" id="2024-42265"/>
<issue tracker="cve" id="2024-58239"/>
<issue tracker="cve" id="2024-58240"/>
<issue tracker="cve" id="2025-21969"/>
<issue tracker="cve" id="2025-21971"/>
<issue tracker="cve" id="2025-22045"/>
<issue tracker="cve" id="2025-38180"/>
<issue tracker="cve" id="2025-38184"/>
<issue tracker="cve" id="2025-38323"/>
<issue tracker="cve" id="2025-38350"/>
<issue tracker="cve" id="2025-38352"/>
<issue tracker="cve" id="2025-38460"/>
<issue tracker="cve" id="2025-38468"/>
<issue tracker="cve" id="2025-38477"/>
<issue tracker="cve" id="2025-38488"/>
<issue tracker="cve" id="2025-38498"/>
<issue tracker="cve" id="2025-38499"/>
<issue tracker="cve" id="2025-38546"/>
<issue tracker="cve" id="2025-38553"/>
<issue tracker="cve" id="2025-38563"/>
<issue tracker="cve" id="2025-38572"/>
<issue tracker="cve" id="2025-38608"/>
<issue tracker="cve" id="2025-38617"/>
<issue tracker="cve" id="2025-38618"/>
<issue tracker="cve" id="2025-38644"/>
<issue tracker="cve" id="2025-38664"/>
<issue tracker="cve" id="2025-38685"/>
<issue tracker="cve" id="2025-38713"/>
<issue tracker="cve" id="2025-39751"/>
<issue tracker="cve" id="2025-39823"/>
<issue tracker="cve" id="2025-39968"/>
<issue tracker="cve" id="2025-39973"/>
<issue tracker="cve" id="2025-40018"/>
<issue tracker="cve" id="2025-40082"/>
<issue tracker="jsc" id="PED-4593"/>
<issue tracker="jsc" id="PED-8240"/>
<category>security</category>
<rating>important</rating>
<packager>jdelvare</packager>
<reboot_needed/>
<summary>Security update for the Linux Kernel</summary>
<description>
The SUSE Linux Enterprise 15 SP2 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824, jsc#PED-8240).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
- CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1250293).
- CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
- CVE-2022-50409: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784).
- CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1250851).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2023-53722: md: raid1: fix potential OOB in raid1_remove_disk() (bsc#1252499).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-58239: tls: rx: drop pointless else after goto (bsc#1248614).
- CVE-2025-21969: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (bsc#1240784).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38563: perf/core: Don't leak AUX buffer refcount on allocation failure (bsc#1248306).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
The following non security issues were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- Remove non-x86 configs on SLE15 SP2 (bsc#1251747).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186)
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186)
</description>
</patchinfo>
