Overview

File _patchinfo of Package patchinfo.38994

<patchinfo incident="38994">
  <issue id="1154353" tracker="bnc">Update skb/net-sched kernel API</issue>
  <issue id="1170891" tracker="bnc">[openQA][blktests][loop/001] test fails for PowerVM and x86_64</issue>
  <issue id="1173139" tracker="bnc">SLES 15 SP2 GMC - IOCTL BLKRRPART broken - patch missing</issue>
  <issue id="1190358" tracker="bnc">kernel-azure fails to build in update project</issue>
  <issue id="1190428" tracker="bnc">kernel -extra subpackage contains no modules</issue>
  <issue id="1195254" tracker="bnc">VUL-0: CVE-2022-0435: kernel-source: tipc: Remote Stack Overflow in Linux Kernel</issue>
  <issue id="1206073" tracker="bnc">VUL-0: CVE-2022-3564: kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c</issue>
  <issue id="1210337" tracker="bnc">VUL-0: CVE-2023-1990: kernel: Use after free bug in ndlc_remove due to race condition</issue>
  <issue id="1232649" tracker="bnc">VUL-0: kernel: phram module allows circumvention of lockdown mode</issue>
  <issue id="1234887" tracker="bnc">VUL-0: CVE-2024-53168: kernel: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket</issue>
  <issue id="1235100" tracker="bnc">VUL-0: CVE-2024-56558: kernel: nfsd: make sure exp active before svc_export_show</issue>
  <issue id="1237981" tracker="bnc">VUL-0: CVE-2022-49110: kernel: netfilter: conntrack: revisit gc autotuning</issue>
  <issue id="1238032" tracker="bnc">VUL-0: CVE-2022-49139: kernel: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt</issue>
  <issue id="1238394" tracker="bnc">VUL-0: CVE-2022-49320: kernel: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type</issue>
  <issue id="1241362" tracker="bnc">VUL-0: CVE-2025-22028: kernel: media: vimc: skip .s_stream() for stopped entities</issue>
  <issue id="1241593" tracker="bnc">VUL-0: CVE-2025-22121: kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()</issue>
  <issue id="1242145" tracker="bnc">VUL-0: CVE-2020-36790: kernel: nvmet: fix a memory leak</issue>
  <issue id="1242215" tracker="bnc">VUL-0: CVE-2023-53106: kernel: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition</issue>
  <issue id="1242245" tracker="bnc">VUL-0: CVE-2022-49775: kernel: tcp: cdg: allow tcp_cdg_release() to be called multiple times</issue>
  <issue id="1242366" tracker="bnc">VUL-0: CVE-2022-49789: kernel: scsi: zfcp: Fix double free of FSF request when qdio send fails</issue>
  <issue id="1242440" tracker="bnc">VUL-0: CVE-2022-49769: kernel: gfs2: Check sb_bsize_shift after reading superblock</issue>
  <issue id="1242452" tracker="bnc">VUL-0: CVE-2022-49910: kernel: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu</issue>
  <issue id="1242493" tracker="bnc">VUL-0: CVE-2022-49767: kernel: 9p/trans_fd: always use O_NONBLOCK read/write</issue>
  <issue id="1242745" tracker="bnc">VUL-0: CVE-2023-53039: kernel: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function</issue>
  <issue id="1242762" tracker="bnc">VUL-0: CVE-2025-37789: kernel: net: openvswitch: fix nested key length validation in the set() action</issue>
  <issue id="1242835" tracker="bnc">VUL-0: CVE-2020-36791: kernel: net_sched: keep alloc_hash updated after hash allocation</issue>
  <issue id="1243919" tracker="bnc">kernel-debug exists</issue>
  <issue id="2020-36790" tracker="cve" />
  <issue id="2020-36791" tracker="cve" />
  <issue id="2022-3564" tracker="cve" />
  <issue id="2022-49110" tracker="cve" />
  <issue id="2022-49139" tracker="cve" />
  <issue id="2022-49320" tracker="cve" />
  <issue id="2022-49767" tracker="cve" />
  <issue id="2022-49769" tracker="cve" />
  <issue id="2022-49775" tracker="cve" />
  <issue id="2022-49789" tracker="cve" />
  <issue id="2022-49910" tracker="cve" />
  <issue id="2023-1990" tracker="cve" />
  <issue id="2023-53039" tracker="cve" />
  <issue id="2023-53106" tracker="cve" />
  <issue id="2024-53168" tracker="cve" />
  <issue id="2024-56558" tracker="cve" />
  <issue id="2024-56705" tracker="cve" />
  <issue id="2025-22028" tracker="cve" />
  <issue id="2025-22121" tracker="cve" />
  <issue id="2025-37789" tracker="cve" />
  <issue id="2025-37846" tracker="cve" />
  <issue id="2025-40364" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>jdelvare</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2024-56705: media: atomisp: add check for rgby_data memory allocation failure (bsc#1235568).
- CVE-2025-22028: media: vimc: skip .s_stream() for stopped entities (bsc#1241362).
- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37846: arm64: mops: Do not dereference src reg for a set operation (bsc#1242963).
- CVE-2025-40364: io_uring: fix io_req_prep_async with provided buffers (bsc#1241637).

The following non-security bugs were fixed:

- blk: Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745).
- kernel: Remove debug flavor (bsc#1243919).
- devm-helpers: Add resource managed version of work init (bsc#1242745).
- rpm: fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- net: tipc: validate domain record count on input (bsc#1195254).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- workqueue: Add resource managed version of delayed work init (bsc#1242745)
</description>
	<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places