File _patchinfo of Package patchinfo.40976

<patchinfo incident="40976">
  <issue id="1233072" tracker="bnc">VUL-0: CVE-2024-50154: kernel live patch: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().</issue>
  <issue id="1237048" tracker="bnc">VUL-0: CVE-2025-21692: kernel live patch: net: sched: fix ets qdisc OOB Indexing</issue>
  <issue id="1240744" tracker="bnc">VUL-0: CVE-2025-21791: kernel live patch: vrf: use RCU protection in l3mdev_l3_out()</issue>
  <issue id="1243650" tracker="bnc">VUL-0: CVE-2024-53168: kernel live patch: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket</issue>
  <issue id="1245509" tracker="bnc">VUL-0: CVE-2025-38089: kernel live patch: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error</issue>
  <issue id="1247315" tracker="bnc">VUL-0: CVE-2025-38477: kernel live patch: net/sched: sch_qfq: Fix race condition on qfq_aggregate</issue>
  <issue id="2024-50154" tracker="cve" />
  <issue id="2024-53168" tracker="cve" />
  <issue id="2025-21692" tracker="cve" />
  <issue id="2025-21791" tracker="cve" />
  <issue id="2025-38089" tracker="cve" />
  <issue id="2025-38477" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.

The following security issues were fixed:

- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1243650).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1240744).
- CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237048).
</description>
<summary>Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)</summary>
</patchinfo>