Overview

File _patchinfo of Package patchinfo.41899

<patchinfo incident="41899">
  <issue id="1228688" tracker="bnc">Partner-L3: Backport critical SMB client directory fix to SLE15-SP3-LTSS and  SLE12-SP5</issue>
  <issue id="1249806" tracker="bnc">VUL-0: CVE-2022-50280: kernel: pnode: terminate at peers of source</issue>
  <issue id="1251247" tracker="bnc">VUL-0: CVE-2023-53659: kernel: iavf: Fix out-of-bounds when setting channels on remove</issue>
  <issue id="1251786" tracker="bnc">VUL-0: CVE-2023-53676: kernel: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()</issue>
  <issue id="1252560" tracker="bnc">VUL-0: CVE-2023-53717: kernel: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()</issue>
  <issue id="1252780" tracker="bnc">VUL-0: CVE-2025-40040: kernel: mm/ksm: fix flag-dropping behavior in ksm_madvise</issue>
  <issue id="1253367" tracker="bnc">VUL-0: CVE-2025-40121: kernel: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping</issue>
  <issue id="1253431" tracker="bnc">VUL-0: CVE-2025-40154: kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping</issue>
  <issue id="1253436" tracker="bnc">VUL-0: CVE-2025-40204: kernel: sctp: Fix MAC comparison to be constant-time</issue>
  <issue id="2022-50280" tracker="cve" />
  <issue id="2023-53659" tracker="cve" />
  <issue id="2023-53676" tracker="cve" />
  <issue id="2023-53717" tracker="cve" />
  <issue id="2025-40040" tracker="cve" />
  <issue id="2025-40121" tracker="cve" />
  <issue id="2025-40154" tracker="cve" />
  <issue id="2025-40204" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non-security bugs were fixed:

- cifs: Check the lease context if we actually got a lease (bsc#1228688).
- cifs: return a single-use cfid if we did not get a lease (bsc#1228688).
- smb3: fix Open files on server counter going negative (git-fixes).
</description>
<!-- inserted by gitlab@gitlab.suse.de:security/tools.git//home/securitybot/src/sectools/auto_maintenance.pl -->
<releasetarget project="SUSE:Updates:Storage:7.1:x86_64"/>
<releasetarget project="SUSE:Updates:Storage:7.1:aarch64"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.2:x86_64"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.2:s390x"/>
<releasetarget project="SUSE:Updates:SUSE-MicroOS:5.2:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES_SAP:15-SP3:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES_SAP:15-SP3:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP3-LTSS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP3-LTSS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP3-LTSS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP3:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Module-Development-Tools-OBS:15-SP6:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Module-Development-Tools-OBS:15-SP6:aarch64"/>
<releasetarget project="SUSE:SLE-15-SP3:Update"/>
	<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places