File _patchinfo of Package patchinfo.39517
<patchinfo incident="39517">
<issue id="1065729" tracker="bnc">[trackerbug] 4.12 powerpc base kernel fixes</issue>
<issue id="1156395" tracker="bnc">[TRACKERBUG] 5.3 powerpc base kernel fixes</issue>
<issue id="1199487" tracker="bnc">VUL-0: CVE-2022-1679: kernel-source,kernel-source-rt,kernel-source-azure: kernel: Use-After-Free in ath9k_htc_probe_device() could cause an escalation of privileges</issue>
<issue id="1201160" tracker="bnc">qla2xxx: update driver to 10.02.07.700-k</issue>
<issue id="1201956" tracker="bnc">Update Broadcom Emulex lpfc driver to 14.2.0.5</issue>
<issue id="1202095" tracker="bnc">VUL-0: CVE-2022-2586: kernel-source: use-after-free with nf_tables cross-table reference</issue>
<issue id="1202564" tracker="bnc">VUL-0: CVE-2022-2905: kernel-source: Linux kernel slab-out-of-bound Read in bpf</issue>
<issue id="1202716" tracker="bnc">[PATCH] jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted</issue>
<issue id="1202810" tracker="bnc">ceph: don't leak snap_rwsem in handle_cap_grant</issue>
<issue id="1202860" tracker="bnc">VUL-0: CVE-2022-2905: kernel-source-azure,kernel-source,kernel-source-rt: slab-out-of-bound read in bpf</issue>
<issue id="1205220" tracker="bnc">VUL-0: CVE-2022-3903: kernel: An invalid pipe direction in the mceusb driver cause DOS</issue>
<issue id="1205514" tracker="bnc">VUL-0: CVE-2022-4095: kernel: use after free in rtl8712 driver</issue>
<issue id="1206664" tracker="bnc">VUL-0: CVE-2022-4662: kernel-source-azure,kernel-source-rt,kernel-source: Recursive locking violation in usb-storage that can cause the kernel to deadlock</issue>
<issue id="1206878" tracker="bnc">[PATCH] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h</issue>
<issue id="1206880" tracker="bnc">[PATCH] ext4: avoid resizing to a partial cluster size</issue>
<issue id="1211226" tracker="bnc">Eliminate the need for 'OBS source links': convert to _multibuild</issue>
<issue id="1212051" tracker="bnc">VUL-0: CVE-2023-3111: kernel: Use after free in prepare_to_relocate in fs/btrfs/relocation.c</issue>
<issue id="1218184" tracker="bnc">Eliminate the need for 'OBS source links': convert to _multibuild</issue>
<issue id="1224095" tracker="bnc">VUL-0: CVE-2024-27397: kernel: netfilter: nf_tables: use timestamp to check for set element timeout</issue>
<issue id="1225820" tracker="bnc">VUL-0: CVE-2024-36924: kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()</issue>
<issue id="1226514" tracker="bnc">VUL-0: CVE-2024-36978: kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune()</issue>
<issue id="1228659" tracker="bnc">Snapshot 20240730 - unbootable after transactional-update dup</issue>
<issue id="1230827" tracker="bnc">VUL-0: CVE-2024-46800: kernel: sch/netem: fix use after free in netem_dequeue</issue>
<issue id="1231293" tracker="bnc">kernel shown as unreleased</issue>
<issue id="1232504" tracker="bnc">VUL-0: CVE-2024-50077: kernel: Bluetooth: ISO: Fix multiple init when debugfs is disabled</issue>
<issue id="1234381" tracker="bnc">VUL-0: CVE-2024-53141: kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt</issue>
<issue id="1234454" tracker="bnc">Compiling external modules fails with "/usr/src/linux-6.13.0-rc2-1.gf92fc5d/include/config/auto.conf: No such file or directory"</issue>
<issue id="1235637" tracker="bnc">VUL-0: CVE-2024-56770: kernel: net/sched: netem: account for backlog updates from child qdisc</issue>
<issue id="1237159" tracker="bnc">VUL-0: CVE-2025-21700: kernel: net: sched: Disallow replacing of child qdisc from one parent to another</issue>
<issue id="1237312" tracker="bnc">VUL-0: CVE-2025-21702: kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0</issue>
<issue id="1237313" tracker="bnc">VUL-0: CVE-2025-21703: kernel: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()</issue>
<issue id="1238303" tracker="bnc">kernel-source:kernel-docs varies between builds</issue>
<issue id="1238471" tracker="bnc">VUL-0: CVE-2025-21812: kernel: ax25: rcu protect dev->ax25_ptr</issue>
<issue id="1238570" tracker="bnc">SUSE-2025 kernel fails supported.conf check when built on SLE 15 SP6</issue>
<issue id="1239986" tracker="bnc">/lib/modprobe.d/20-kernel-default-extra.conf is missing in 16.0</issue>
<issue id="1240785" tracker="bnc">Update from 20250329 failing</issue>
<issue id="1241038" tracker="bnc">Use "OrderWithRequires" in kernel binary packages</issue>
<issue id="1242414" tracker="bnc">VUL-0: CVE-2025-37798: kernel: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()</issue>
<issue id="1242504" tracker="bnc">VUL-0: CVE-2025-37752: kernel: net_sched: sch_sfq: move the limit validation</issue>
<issue id="1242924" tracker="bnc">VUL-0: CVE-2025-37823: kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too</issue>
<issue id="1243001" tracker="bnc">[Build 20250508-1] wireless-regdb update is not updating country setting in sp3 and sp4</issue>
<issue id="1243330" tracker="bnc">VUL-0: CVE-2025-37890: kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc</issue>
<issue id="1243543" tracker="bnc">VUL-0: CVE-2025-37953: kernel: sch_htb: make htb_deactivate() idempotent</issue>
<issue id="1243627" tracker="bnc">VUL-0: CVE-2025-37932: kernel: sch_htb: make htb_qlen_notify() idempotent</issue>
<issue id="1243832" tracker="bnc">VUL-0: CVE-2025-37997: kernel: netfilter: ipset: fix region locking in hash types</issue>
<issue id="1244234" tracker="bnc">VUL-0: CVE-2025-38001: kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice</issue>
<issue id="1244241" tracker="bnc">The recent change of scripts/lib/SUSE/MyBS.pm broke osc_wrapper with --flavor option</issue>
<issue id="1244277" tracker="bnc">VUL-0: CVE-2025-38000: kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()</issue>
<issue id="1244337" tracker="bnc">kernel-syms should not require kernel-rt-devel</issue>
<issue id="1244764" tracker="bnc">VUL-0: CVE-2022-50172: kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg</issue>
<issue id="1244767" tracker="bnc">VUL-0: CVE-2022-50169: kernel: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()</issue>
<issue id="1244770" tracker="bnc">VUL-0: CVE-2022-50164: kernel: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue</issue>
<issue id="1244771" tracker="bnc">VUL-0: CVE-2022-50165: kernel: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`</issue>
<issue id="1244773" tracker="bnc">VUL-0: CVE-2022-50162: kernel: wifi: libertas: Fix possible refcount leak in if_usb_probe()</issue>
<issue id="1244774" tracker="bnc">VUL-0: CVE-2022-50161: kernel: mtd: maps: Fix refcount leak in of_flash_probe_versatile</issue>
<issue id="1244776" tracker="bnc">VUL-0: CVE-2022-50160: kernel: mtd: maps: Fix refcount leak in ap_flash_init</issue>
<issue id="1244779" tracker="bnc">VUL-0: CVE-2022-50158: kernel: mtd: partitions: Fix refcount leak in parse_redboot_of</issue>
<issue id="1244782" tracker="bnc">VUL-0: CVE-2022-50156: kernel: HID: cp2112: prevent a buffer overflow in cp2112_xfer()</issue>
<issue id="1244783" tracker="bnc">VUL-0: CVE-2022-50152: kernel: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe</issue>
<issue id="1244786" tracker="bnc">VUL-0: CVE-2022-50153: kernel: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe</issue>
<issue id="1244788" tracker="bnc">VUL-0: CVE-2022-50146: kernel: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors</issue>
<issue id="1244790" tracker="bnc">VUL-0: CVE-2022-50143: kernel: intel_th: Fix a resource leak in an error handling path</issue>
<issue id="1244793" tracker="bnc">VUL-0: CVE-2022-50140: kernel: memstick/ms_block: Fix a memory leak</issue>
<issue id="1244794" tracker="bnc">VUL-0: CVE-2022-50141: kernel: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch</issue>
<issue id="1244796" tracker="bnc">VUL-0: CVE-2022-50142: kernel: intel_th: msu: Fix vmalloced buffers</issue>
<issue id="1244797" tracker="bnc">VUL-0: CVE-2022-50138: kernel: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()</issue>
<issue id="1244804" tracker="bnc">VUL-0: CVE-2022-50136: kernel: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event</issue>
<issue id="1244813" tracker="bnc">VUL-0: CVE-2022-50126: kernel: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted</issue>
<issue id="1244815" tracker="bnc">VUL-0: CVE-2022-50127: kernel: RDMA/rxe: Fix error unwind in rxe_create_qp()</issue>
<issue id="1244816" tracker="bnc">VUL-0: CVE-2022-50124: kernel: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe</issue>
<issue id="1244825" tracker="bnc">VUL-0: CVE-2022-50118: kernel: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable</issue>
<issue id="1244834" tracker="bnc">VUL-0: CVE-2022-50108: kernel: mfd: max77620: Fix refcount leak in max77620_initialise_fps</issue>
<issue id="1244836" tracker="bnc">VUL-0: CVE-2022-50104: kernel: powerpc/xive: Fix refcount leak in xive_get_max_prio</issue>
<issue id="1244838" tracker="bnc">VUL-0: CVE-2022-50102: kernel: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()</issue>
<issue id="1244839" tracker="bnc">VUL-0: CVE-2022-50101: kernel: video: fbdev: vt8623fb: Check the size of screen before memset_io()</issue>
<issue id="1244841" tracker="bnc">VUL-0: CVE-2022-50098: kernel: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts</issue>
<issue id="1244842" tracker="bnc">VUL-0: CVE-2022-50099: kernel: video: fbdev: arkfb: Check the size of screen before memset_io()</issue>
<issue id="1244845" tracker="bnc">VUL-0: CVE-2022-50097: kernel: video: fbdev: s3fb: Check the size of screen before memset_io()</issue>
<issue id="1244848" tracker="bnc">VUL-0: CVE-2022-50092: kernel: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback</issue>
<issue id="1244849" tracker="bnc">VUL-0: CVE-2022-50093: kernel: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)</issue>
<issue id="1244851" tracker="bnc">VUL-0: CVE-2022-50094: kernel: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions</issue>
<issue id="1244853" tracker="bnc">VUL-0: CVE-2022-50231: kernel: crypto: arm64/poly1305 - fix a read out-of-bound</issue>
<issue id="1244856" tracker="bnc">VUL-0: CVE-2022-50229: kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing</issue>
<issue id="1244861" tracker="bnc">VUL-0: CVE-2022-50218: kernel: iio: light: isl29028: Fix the warning in isl29028_remove()</issue>
<issue id="1244867" tracker="bnc">VUL-0: CVE-2022-50213: kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table</issue>
<issue id="1244868" tracker="bnc">VUL-0: CVE-2022-50209: kernel: meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init</issue>
<issue id="1244869" tracker="bnc">VUL-0: CVE-2022-50212: kernel: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table</issue>
<issue id="1244881" tracker="bnc">VUL-0: CVE-2022-49942: kernel: wifi: mac80211: don't finalize CSA in IBSS mode if state is disconnected</issue>
<issue id="1244883" tracker="bnc">VUL-0: CVE-2022-50149: kernel: driver core: fix potential deadlock in __driver_attach</issue>
<issue id="1244884" tracker="bnc">VUL-0: CVE-2022-50109: kernel: video: fbdev: amba-clcd: Fix refcount leak bugs</issue>
<issue id="1244885" tracker="bnc">VUL-0: CVE-2022-50091: kernel: locking/csd_lock: Change csdlock_debug from early_param to __setup</issue>
<issue id="1244886" tracker="bnc">VUL-0: CVE-2022-50179: kernel: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb</issue>
<issue id="1244887" tracker="bnc">VUL-0: CVE-2022-50185: kernel: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()</issue>
<issue id="1244899" tracker="bnc">VUL-0: CVE-2022-50191: kernel: regulator: of: Fix refcount leak bug in of_get_regulation_constraints()</issue>
<issue id="1244901" tracker="bnc">VUL-0: CVE-2022-50181: kernel: virtio-gpu: fix a missing check to avoid NULL dereference</issue>
<issue id="1244902" tracker="bnc">VUL-0: CVE-2022-50176: kernel: drm/mcde: Fix refcount leak in mcde_dsi_bind</issue>
<issue id="1244908" tracker="bnc">VUL-0: CVE-2022-49945: kernel: hwmon: (gpio-fan) Fix array out of bounds access</issue>
<issue id="1244936" tracker="bnc">VUL-0: CVE-2022-49977: kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead</issue>
<issue id="1244941" tracker="bnc">VUL-0: CVE-2022-50036: kernel: drm/sun4i: dsi: Prevent underflow when computing packet sizes</issue>
<issue id="1244943" tracker="bnc">VUL-0: CVE-2022-50038: kernel: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()</issue>
<issue id="1244945" tracker="bnc">VUL-0: CVE-2022-49952: kernel: misc: fastrpc: fix memory corruption on probe</issue>
<issue id="1244948" tracker="bnc">VUL-0: CVE-2022-49986: kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq</issue>
<issue id="1244950" tracker="bnc">VUL-0: CVE-2022-49984: kernel: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report</issue>
<issue id="1244956" tracker="bnc">VUL-0: CVE-2022-49985: kernel: bpf: Don't use tnum_range on array range checking for poke descriptors</issue>
<issue id="1244958" tracker="bnc">VUL-0: CVE-2022-49950: kernel: misc: fastrpc: fix memory corruption on open</issue>
<issue id="1244959" tracker="bnc">VUL-0: CVE-2022-49968: kernel: ieee802154/adf7242: defer destroy_workqueue call</issue>
<issue id="1244967" tracker="bnc">VUL-0: CVE-2022-50045: kernel: powerpc/pci: Fix get_phb_number() locking</issue>
<issue id="1244968" tracker="bnc">VUL-0: CVE-2022-50083: kernel: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h</issue>
<issue id="1244969" tracker="bnc">VUL-0: CVE-2022-49956: kernel: staging: rtl8712: fix use after free bugs</issue>
<issue id="1244976" tracker="bnc">VUL-0: CVE-2022-49954: kernel: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag</issue>
<issue id="1244979" tracker="bnc">VUL-0: CVE-2022-50072: kernel: NFSv4/pnfs: Fix a use-after-free bug in open</issue>
<issue id="1244984" tracker="bnc">VUL-0: CVE-2022-49936: kernel: USB: core: Prevent nested device-reset calls</issue>
<issue id="1244986" tracker="bnc">VUL-0: CVE-2022-50065: kernel: virtio_net: fix memory leak inside XPD_TX with mergeable</issue>
<issue id="1244992" tracker="bnc">VUL-0: CVE-2022-50173: kernel: drm/msm/mdp5: Fix global state lock backoff</issue>
<issue id="1245006" tracker="bnc">VUL-0: CVE-2022-49990: kernel: s390: fix double free of GS and RI CBs on fork() failure</issue>
<issue id="1245007" tracker="bnc">VUL-0: CVE-2022-49989: kernel: xen/privcmd: fix error exit of privcmd_ioctl_dm_op()</issue>
<issue id="1245024" tracker="bnc">VUL-0: CVE-2022-49987: kernel: md: call __md_stop_writes in md_stop</issue>
<issue id="1245031" tracker="bnc">VUL-0: CVE-2022-50059: kernel: ceph: don't leak snap_rwsem in handle_cap_grant</issue>
<issue id="1245033" tracker="bnc">VUL-0: CVE-2022-50061: kernel: pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map</issue>
<issue id="1245041" tracker="bnc">VUL-0: CVE-2022-50051: kernel: ASoC: SOF: debug: Fix potential buffer overflow by snprintf()</issue>
<issue id="1245047" tracker="bnc">VUL-0: CVE-2022-50067: kernel: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()</issue>
<issue id="1245051" tracker="bnc">VUL-0: CVE-2022-49934: kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx()</issue>
<issue id="1245057" tracker="bnc">VUL-0: CVE-2022-49937: kernel: media: mceusb: Use new usb_control_msg_*() routines</issue>
<issue id="1245058" tracker="bnc">VUL-0: CVE-2022-49948: kernel: vt: Clear selection before changing the font</issue>
<issue id="1245072" tracker="bnc">VUL-0: CVE-2022-49981: kernel: HID: hidraw: fix memory leak in hidraw_release()</issue>
<issue id="1245073" tracker="bnc">VUL-0: CVE-2022-50027: kernel: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE</issue>
<issue id="1245098" tracker="bnc">VUL-0: CVE-2022-50019: kernel: tty: serial: Fix refcount leak bug in ucc_uart.c</issue>
<issue id="1245103" tracker="bnc">VUL-0: CVE-2022-50032: kernel: usb: renesas: Fix refcount leak bug</issue>
<issue id="1245117" tracker="bnc">VUL-0: CVE-2022-50084: kernel: dm raid: fix address sanitizer warning in raid_status</issue>
<issue id="1245119" tracker="bnc">VUL-0: CVE-2022-50087: kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails</issue>
<issue id="1245121" tracker="bnc">VUL-0: CVE-2022-49993: kernel: loop: check for overflow while configuring loop</issue>
<issue id="1245122" tracker="bnc">VUL-0: CVE-2022-50010: kernel: video: fbdev: i740fb: check the argument of i740_calc_vclk()</issue>
<issue id="1245125" tracker="bnc">VUL-0: CVE-2022-50012: kernel: powerpc/64: init jump labels before parse_early_param()</issue>
<issue id="1245129" tracker="bnc">VUL-0: CVE-2022-50020: kernel: ext4: avoid resizing to a partial cluster size</issue>
<issue id="1245131" tracker="bnc">VUL-0: CVE-2022-50022: kernel: drivers:md:fix a potential use-after-free bug</issue>
<issue id="1245135" tracker="bnc">VUL-0: CVE-2022-50028: kernel: gadgetfs: ep_io - wait until IRQ finishes</issue>
<issue id="1245136" tracker="bnc">VUL-0: CVE-2022-50222: kernel: tty: vt: initialize unicode screen buffer</issue>
<issue id="1245138" tracker="bnc">VUL-0: CVE-2022-50215: kernel: scsi: sg: allow waiting for commands to complete on removed device</issue>
<issue id="1245139" tracker="bnc">VUL-0: CVE-2022-50033: kernel: usb: host: ohci-ppc-of: Fix refcount leak bug</issue>
<issue id="1245140" tracker="bnc">VUL-0: CVE-2022-50211: kernel: md-raid10: fix KASAN warning</issue>
<issue id="1245146" tracker="bnc">VUL-0: CVE-2022-50029: kernel: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src</issue>
<issue id="1245147" tracker="bnc">VUL-0: CVE-2022-50085: kernel: dm raid: fix address sanitizer warning in raid_resume</issue>
<issue id="1245149" tracker="bnc">VUL-0: CVE-2022-50200: kernel: selinux: add boundary check in put_entry()</issue>
<issue id="1245183" tracker="bnc">VUL-0: CVE-2025-38083: kernel: net_sched: prio: fix a race in prio_tune()</issue>
<issue id="1245195" tracker="bnc">VUL-0: CVE-2022-49978: kernel: fbdev: fb_pm2fb: Avoid potential divide by zero error</issue>
<issue id="1245265" tracker="bnc">VUL-0: CVE-2022-50030: kernel: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input</issue>
<issue id="1245348" tracker="bnc">VUL-0: CVE-2022-50220: kernel: usbnet: Fix linkwatch use-after-free on disconnect</issue>
<issue id="1245455" tracker="bnc">[storvsc][Backport] scsi: storvsc: Increase the timeouts to storvsc_timeout</issue>
<issue id="2022-1679" tracker="cve" />
<issue id="2022-2586" tracker="cve" />
<issue id="2022-2905" tracker="cve" />
<issue id="2022-3903" tracker="cve" />
<issue id="2022-4095" tracker="cve" />
<issue id="2022-4662" tracker="cve" />
<issue id="2022-49934" tracker="cve" />
<issue id="2022-49936" tracker="cve" />
<issue id="2022-49937" tracker="cve" />
<issue id="2022-49942" tracker="cve" />
<issue id="2022-49945" tracker="cve" />
<issue id="2022-49948" tracker="cve" />
<issue id="2022-49950" tracker="cve" />
<issue id="2022-49952" tracker="cve" />
<issue id="2022-49954" tracker="cve" />
<issue id="2022-49956" tracker="cve" />
<issue id="2022-49968" tracker="cve" />
<issue id="2022-49977" tracker="cve" />
<issue id="2022-49978" tracker="cve" />
<issue id="2022-49981" tracker="cve" />
<issue id="2022-49984" tracker="cve" />
<issue id="2022-49985" tracker="cve" />
<issue id="2022-49986" tracker="cve" />
<issue id="2022-49987" tracker="cve" />
<issue id="2022-49989" tracker="cve" />
<issue id="2022-49990" tracker="cve" />
<issue id="2022-49993" tracker="cve" />
<issue id="2022-50010" tracker="cve" />
<issue id="2022-50012" tracker="cve" />
<issue id="2022-50019" tracker="cve" />
<issue id="2022-50020" tracker="cve" />
<issue id="2022-50022" tracker="cve" />
<issue id="2022-50027" tracker="cve" />
<issue id="2022-50028" tracker="cve" />
<issue id="2022-50029" tracker="cve" />
<issue id="2022-50030" tracker="cve" />
<issue id="2022-50032" tracker="cve" />
<issue id="2022-50033" tracker="cve" />
<issue id="2022-50036" tracker="cve" />
<issue id="2022-50038" tracker="cve" />
<issue id="2022-50045" tracker="cve" />
<issue id="2022-50051" tracker="cve" />
<issue id="2022-50059" tracker="cve" />
<issue id="2022-50061" tracker="cve" />
<issue id="2022-50065" tracker="cve" />
<issue id="2022-50067" tracker="cve" />
<issue id="2022-50072" tracker="cve" />
<issue id="2022-50083" tracker="cve" />
<issue id="2022-50084" tracker="cve" />
<issue id="2022-50085" tracker="cve" />
<issue id="2022-50087" tracker="cve" />
<issue id="2022-50091" tracker="cve" />
<issue id="2022-50092" tracker="cve" />
<issue id="2022-50093" tracker="cve" />
<issue id="2022-50094" tracker="cve" />
<issue id="2022-50097" tracker="cve" />
<issue id="2022-50098" tracker="cve" />
<issue id="2022-50099" tracker="cve" />
<issue id="2022-50101" tracker="cve" />
<issue id="2022-50102" tracker="cve" />
<issue id="2022-50104" tracker="cve" />
<issue id="2022-50108" tracker="cve" />
<issue id="2022-50109" tracker="cve" />
<issue id="2022-50118" tracker="cve" />
<issue id="2022-50124" tracker="cve" />
<issue id="2022-50126" tracker="cve" />
<issue id="2022-50127" tracker="cve" />
<issue id="2022-50136" tracker="cve" />
<issue id="2022-50138" tracker="cve" />
<issue id="2022-50140" tracker="cve" />
<issue id="2022-50141" tracker="cve" />
<issue id="2022-50142" tracker="cve" />
<issue id="2022-50143" tracker="cve" />
<issue id="2022-50146" tracker="cve" />
<issue id="2022-50149" tracker="cve" />
<issue id="2022-50152" tracker="cve" />
<issue id="2022-50153" tracker="cve" />
<issue id="2022-50156" tracker="cve" />
<issue id="2022-50158" tracker="cve" />
<issue id="2022-50160" tracker="cve" />
<issue id="2022-50161" tracker="cve" />
<issue id="2022-50162" tracker="cve" />
<issue id="2022-50164" tracker="cve" />
<issue id="2022-50165" tracker="cve" />
<issue id="2022-50169" tracker="cve" />
<issue id="2022-50172" tracker="cve" />
<issue id="2022-50173" tracker="cve" />
<issue id="2022-50176" tracker="cve" />
<issue id="2022-50179" tracker="cve" />
<issue id="2022-50181" tracker="cve" />
<issue id="2022-50185" tracker="cve" />
<issue id="2022-50191" tracker="cve" />
<issue id="2022-50200" tracker="cve" />
<issue id="2022-50209" tracker="cve" />
<issue id="2022-50211" tracker="cve" />
<issue id="2022-50212" tracker="cve" />
<issue id="2022-50213" tracker="cve" />
<issue id="2022-50215" tracker="cve" />
<issue id="2022-50218" tracker="cve" />
<issue id="2022-50220" tracker="cve" />
<issue id="2022-50222" tracker="cve" />
<issue id="2022-50229" tracker="cve" />
<issue id="2022-50231" tracker="cve" />
<issue id="2023-3111" tracker="cve" />
<issue id="2024-26924" tracker="cve" />
<issue id="2024-27397" tracker="cve" />
<issue id="2024-36978" tracker="cve" />
<issue id="2024-46800" tracker="cve" />
<issue id="2024-53141" tracker="cve" />
<issue id="2024-56770" tracker="cve" />
<issue id="2025-21700" tracker="cve" />
<issue id="2025-21702" tracker="cve" />
<issue id="2025-21703" tracker="cve" />
<issue id="2025-37752" tracker="cve" />
<issue id="2025-37798" tracker="cve" />
<issue id="2025-37823" tracker="cve" />
<issue id="2025-37890" tracker="cve" />
<issue id="2025-37932" tracker="cve" />
<issue id="2025-37953" tracker="cve" />
<issue id="2025-37997" tracker="cve" />
<issue id="2025-38000" tracker="cve" />
<issue id="2025-38001" tracker="cve" />
<issue id="2025-38083" tracker="cve" />
<issue id="PED-10028" tracker="jsc" />
<issue id="PED-12251" tracker="jsc" />
<category>security</category>
<rating>important</rating>
<packager>vkarasulli</packager>
<reboot_needed/>
<description>
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ("Use gcc-13 for build on SLE16 (jsc#PED-10028).")
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ("kernel-binary: Support livepatch_rt with merged RT branch")
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- check-for-config-changes: Fix flag name typo
- drop ax25 drivers (bsc#1238471).
- drop hamradio drivers (bsc#1238471).
- drop netrom drivers (bsc#1238471).
- drop rose drivers (bsc#1238471).
- kabi/severities: workaround kABI checker complains after AX25 and HAMRADIO removals KABI: symbol asc2ax(mod:net/ax25/ax25) lost KABI: symbol ax25_bcast(mod:net/ax25/ax25) lost KABI: symbol ax25_defaddr(mod:net/ax25/ax25) lost KABI: symbol ax25_display_timer(mod:net/ax25/ax25) lost KABI: symbol ax25_find_cb(mod:net/ax25/ax25) lost KABI: symbol ax25_findbyuid(mod:net/ax25/ax25) lost KABI: symbol ax25_header_ops(mod:net/ax25/ax25) lost KABI: symbol ax25_ip_xmit(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_register(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_release(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_register(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_release(mod:net/ax25/ax25) lost KABI: symbol ax25_protocol_release(mod:net/ax25/ax25) lost KABI: symbol ax25_register_pid(mod:net/ax25/ax25) lost KABI: symbol ax25_send_frame(mod:net/ax25/ax25) lost KABI: symbol ax25_uid_policy(mod:net/ax25/ax25) lost KABI: symbol ax25cmp(mod:net/ax25/ax25) lost KABI: symbol ax2asc(mod:net/ax25/ax25) lost KABI: symbol hdlcdrv_arbitrate(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_receiver(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_register(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_transmitter(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_unregister(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol null_ax25_address(mod:net/ax25/ax25) lost
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). When compiler different from the one which was used to configure the kernel is used to build modules a warning is issued and the build continues. This could be turned into an error but that would be too restrictive. The generated kernel-devel makefile could set the compiler but then the main Makefile as to be patched to assign CC with ?= This causes run_oldconfig failure on SUSE-2024 and kbuild config check failure on SUSE-2025. This cannot be hardcoded to one version in a regular patch because the value is expected to be configurable at mkspec time. Patch the Makefile after aplyin patches in rpm prep step instead. A check is added to verify that the sed command did indeed apply the change.
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ("Use gcc-13 for build on SLE16 (jsc#PED-10028).")
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag.
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
</description>
<!-- inserted by gitlab@gitlab.suse.de:security/tools.git//home/securitybot/src/sectools/auto_maintenance.pl -->
<releasetarget project="SUSE:Updates:Storage:7.1:x86_64"/>
<releasetarget project="SUSE:Updates:Storage:7.1:aarch64"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.2:x86_64"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.2:s390x"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.2:aarch64"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.1:x86_64"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.1:s390x"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.1:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES_SAP:15-SP3:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES_SAP:15-SP3:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP3-LTSS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP3-LTSS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Module-Development-Tools-OBS:15-SP6:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Module-Development-Tools-OBS:15-SP6:aarch64"/>
<releasetarget project="SUSE:SLE-15-SP3:Update"/>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
