File _patchinfo of Package patchinfo.42401
<patchinfo incident="42401"> <issue tracker="bnc" id="1065729">[trackerbug] 4.12 powerpc base kernel fixes</issue> <issue tracker="bnc" id="1196823">VUL-0: CVE-2022-0854: kernel-source: swiotlb: fix info leak with DMA_FROM_DEVICE</issue> <issue tracker="bnc" id="1204957">Update Broadcom Emulex lpfc driver to 14.2.0.8</issue> <issue tracker="bnc" id="1206889">[PATCH] ext4: silence the warning when evicting inode with dioread_nolock</issue> <issue tracker="bnc" id="1207051">Vul-0: CVE-2023-23559: kernel-source,kernel-rt,kernel-azure: Integer overflow in rndis_wlan that leads to a buffer overflow</issue> <issue tracker="bnc" id="1207088">Kernel BUG at ../lib/assoc_array.c:652 — ref:_00D1igLOd._5005qJQ2E6:ref</issue> <issue tracker="bnc" id="1207653">[PATCH] ext4: fix deadlock due to mbcache entry corruption</issue> <issue tracker="bnc" id="1209799">sched/psi: Fix use-after-free in ep_remove_wait_queue()</issue> <issue tracker="bnc" id="1213653">bfq RIP: bfqq_request_over_limit+732</issue> <issue tracker="bnc" id="1213969">VUL-0: CVE-2023-4132: kernel-source-azure,kernel-source,kernel-source-rt: smsusb: use-after-free caused by do_submit_urb()</issue> <issue tracker="bnc" id="1225109">VUL-0: CVE-2023-52707: kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()</issue> <issue tracker="bnc" id="1228015">VUL-0: CVE-2022-48853: kernel: swiotlb: fix info leak with DMA_FROM_DEVICE</issue> <issue tracker="bnc" id="1245210">VUL-0: CVE-2025-38068: kernel: crypto: lzo - Fix compression buffer overrun</issue> <issue tracker="bnc" id="1245751">VUL-0: CVE-2025-38159: kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds</issue> <issue tracker="bnc" id="1249739">VUL-0: CVE-2022-50282: kernel: chardev: fix error handling in cdev_device_add()</issue> <issue tracker="bnc" id="1249871">VUL-0: CVE-2023-53254: kernel: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels</issue> <issue tracker="bnc" id="1250397">VUL-0: CVE-2023-53215: kernel: sched/fair: Don't balance task to its current running CPU</issue> <issue tracker="bnc" id="1252678">VUL-0: CVE-2025-40019: kernel: crypto: essiv - Check ssize for decryption and in-place encryption</issue> <issue tracker="bnc" id="1254520">VUL-0: CVE-2025-40220: kernel: fuse: fix livelock in synchronous file put from fuseblk workers</issue> <issue tracker="bnc" id="1254592">VUL-0: CVE-2022-50635: kernel: powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()</issue> <issue tracker="bnc" id="1254614">VUL-0: CVE-2022-50641: kernel: HSI: omap_ssi: Fix refcount leak in ssi_probe</issue> <issue tracker="bnc" id="1254615">VUL-0: CVE-2025-40331: kernel: sctp: Prevent TOCTOU out-of-bounds write</issue> <issue tracker="bnc" id="1254632">VUL-0: CVE-2022-50644: kernel: clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe</issue> <issue tracker="bnc" id="1254634">VUL-0: CVE-2022-50646: kernel: scsi: hpsa: Fix possible memory leak in hpsa_init_one()</issue> <issue tracker="bnc" id="1254686">VUL-0: CVE-2022-50640: kernel: mmc: core: Fix kernel panic when remove non-standard SDIO card</issue> <issue tracker="bnc" id="1254711">VUL-0: CVE-2022-50671: kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error</issue> <issue tracker="bnc" id="1254751">VUL-0: CVE-2023-53781: kernel: smc: Fix use-after-free in tcp_write_timer_handler().</issue> <issue tracker="bnc" id="1254763">VUL-0: CVE-2022-50668: kernel: ext4: fix deadlock due to mbcache entry corruption</issue> <issue tracker="bnc" id="1254775">VUL-0: CVE-2022-50649: kernel: power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()</issue> <issue tracker="bnc" id="1254785">VUL-0: CVE-2022-50630: kernel: mm: hugetlb: fix UAF in hugetlb_handle_userfault</issue> <issue tracker="bnc" id="1254792">VUL-0: CVE-2022-50623: kernel: fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()</issue> <issue tracker="bnc" id="1254813">VUL-0: CVE-2025-40233: kernel: ocfs2: clear extent cache after moving/defragmenting extents</issue> <issue tracker="bnc" id="1254847">VUL-0: CVE-2025-40280: kernel: tipc: Fix use-after-free in tipc_mon_reinit_self().</issue> <issue tracker="bnc" id="1254851">VUL-0: CVE-2025-40256: kernel: xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added</issue> <issue tracker="bnc" id="1254894">VUL-0: CVE-2025-40277: kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE</issue> <issue tracker="bnc" id="1254902">VUL-0: CVE-2022-50678: kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level</issue> <issue tracker="bnc" id="1254959">VUL-0: CVE-2025-40215: kernel: xfrm: delete x->tunnel as we delete x</issue> <issue tracker="bnc" id="1255002">VUL-0: CVE-2023-53761: kernel: USB: usbtmc: Fix direction for 0-length ioctl control messages</issue> <issue tracker="bnc" id="1255565">VUL-0: CVE-2022-50709: kernel: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()</issue> <issue tracker="bnc" id="1255576">VUL-0: CVE-2022-50700: kernel: wifi: ath10k: Delay the unmapping of the buffer</issue> <issue tracker="bnc" id="1255607">VUL-0: CVE-2022-50703: kernel: soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()</issue> <issue tracker="bnc" id="1255609">VUL-0: CVE-2023-54024: kernel: KVM: Destroy target device if coalesced MMIO unregistration fails</issue> <issue tracker="bnc" id="1255636">VUL-0: CVE-2023-54019: kernel: sched/psi: use kernfs polling functions for PSI trigger polling</issue> <issue tracker="bnc" id="1255844">VUL-0: CVE-2022-50717: kernel: nvmet-tcp: add bounds check on Transfer Tag</issue> <issue tracker="bnc" id="1255901">VUL-0: CVE-2023-54270: kernel: media: usb: siano: Fix use after free bugs caused by do_submit_urb</issue> <issue tracker="bnc" id="1255908">VUL-0: CVE-2023-54243: kernel: netfilter: ebtables: fix table blob use-after-free</issue> <issue tracker="bnc" id="1255919">VUL-0: CVE-2023-54242: kernel: block, bfq: Fix division by zero error on zero wsum</issue> <issue tracker="bnc" id="1256040">VUL-0: CVE-2022-50726: kernel: net/mlx5: Fix possible use-after-free in async command interface</issue> <issue tracker="bnc" id="1256045">VUL-0: CVE-2023-54170: kernel: keys: Fix linking a duplicate key to a keyring's assoc_array</issue> <issue tracker="bnc" id="1256048">VUL-0: CVE-2022-50730: kernel: ext4: silence the warning when evicting inode with dioread_nolock</issue> <issue tracker="bnc" id="1256049">VUL-0: CVE-2022-50731: kernel: crypto: akcipher - default implementation for setting a private key</issue> <issue tracker="bnc" id="1256053">VUL-0: CVE-2023-54168: kernel: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()</issue> <issue tracker="bnc" id="1256056">VUL-0: CVE-2022-50889: kernel: dm integrity: Fix UAF in dm_integrity_dtr()</issue> <issue tracker="bnc" id="1256064">VUL-0: CVE-2022-50733: kernel: usb: idmouse: fix an uninit-value in idmouse_open</issue> <issue tracker="bnc" id="1256095">VUL-0: CVE-2023-54142: kernel: gtp: Fix use-after-free in __gtp_encap_destroy().</issue> <issue tracker="bnc" id="1256127">VUL-0: CVE-2022-50884: kernel: drm: Prevent drm_copy_field() to attempt copying a NULL pointer</issue> <issue tracker="bnc" id="1256132">VUL-0: CVE-2022-50880: kernel: wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()</issue> <issue tracker="bnc" id="1256136">VUL-0: CVE-2022-50876: kernel: usb: musb: Fix musb_gadget.c rxstate overflow bug</issue> <issue tracker="bnc" id="1256137">VUL-0: CVE-2022-50736: kernel: RDMA/siw: Fix immediate work request flush to completion queue</issue> <issue tracker="bnc" id="1256143">VUL-0: CVE-2022-50742: kernel: misc: ocxl: fix possible refcount leak in afu_ioctl()</issue> <issue tracker="bnc" id="1256154">VUL-0: CVE-2022-50870: kernel: powerpc/rtas: avoid device tree lookups in rtas_os_term()</issue> <issue tracker="bnc" id="1256165">VUL-0: CVE-2022-50744: kernel: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs</issue> <issue tracker="bnc" id="1256194">VUL-0: CVE-2022-50850: kernel: scsi: ipr: Fix WARNING in ipr_init()</issue> <issue tracker="bnc" id="1256203">VUL-0: CVE-2022-50843: kernel: dm clone: Fix UAF in clone_dtr()</issue> <issue tracker="bnc" id="1256207">VUL-0: CVE-2022-50758: kernel: staging: vt6655: fix potential memory leak</issue> <issue tracker="bnc" id="1256208">VUL-0: CVE-2022-50840: kernel: scsi: snic: Fix possible UAF in snic_tgt_create()</issue> <issue tracker="bnc" id="1256216">VUL-0: CVE-2022-50756: kernel: nvme-pci: fix mempool alloc size</issue> <issue tracker="bnc" id="1256230">VUL-0: CVE-2022-50828: kernel: clk: zynqmp: Fix stack-out-of-bounds in strncpy`</issue> <issue tracker="bnc" id="1256242">VUL-0: CVE-2022-50821: kernel: SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails</issue> <issue tracker="bnc" id="1256248">VUL-0: CVE-2022-50814: kernel: crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr</issue> <issue tracker="bnc" id="1256333">VUL-0: CVE-2022-50823: kernel: clk: tegra: Fix refcount leak in tegra114_clock_init</issue> <issue tracker="bnc" id="1256344">VUL-0: CVE-2022-50827: kernel: scsi: lpfc: Fix memory leak in lpfc_create_port()</issue> <issue tracker="bnc" id="1256353">VUL-0: CVE-2023-54110: kernel: usb: rndis_host: Secure rndis_query check against int overflow</issue> <issue tracker="bnc" id="1256426">VUL-0: CVE-2022-50767: kernel: fbdev: smscufx: Fix several use-after-free bugs</issue> <issue tracker="bnc" id="1256641">VUL-0: CVE-2025-68813: kernel: ipvs: fix ipv4 null-ptr-deref in route error path</issue> <issue tracker="bnc" id="1256779">VUL-0: CVE-2025-71120: kernel: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf</issue> <issue tracker="cve" id="2022-0854"/> <issue tracker="cve" id="2022-48853"/> <issue tracker="cve" id="2022-50282"/> <issue tracker="cve" id="2022-50623"/> <issue tracker="cve" id="2022-50630"/> <issue tracker="cve" id="2022-50635"/> <issue tracker="cve" id="2022-50640"/> <issue tracker="cve" id="2022-50641"/> <issue tracker="cve" id="2022-50644"/> <issue tracker="cve" id="2022-50646"/> <issue tracker="cve" id="2022-50649"/> <issue tracker="cve" id="2022-50668"/> <issue tracker="cve" id="2022-50671"/> <issue tracker="cve" id="2022-50678"/> <issue tracker="cve" id="2022-50700"/> <issue tracker="cve" id="2022-50703"/> <issue tracker="cve" id="2022-50709"/> <issue tracker="cve" id="2022-50717"/> <issue tracker="cve" id="2022-50726"/> <issue tracker="cve" id="2022-50730"/> <issue tracker="cve" id="2022-50731"/> <issue tracker="cve" id="2022-50733"/> <issue tracker="cve" id="2022-50736"/> <issue tracker="cve" id="2022-50742"/> <issue tracker="cve" id="2022-50744"/> <issue tracker="cve" id="2022-50756"/> <issue tracker="cve" id="2022-50758"/> <issue tracker="cve" id="2022-50767"/> <issue tracker="cve" id="2022-50814"/> <issue tracker="cve" id="2022-50821"/> <issue tracker="cve" id="2022-50823"/> <issue tracker="cve" id="2022-50827"/> <issue tracker="cve" id="2022-50828"/> <issue tracker="cve" id="2022-50840"/> <issue tracker="cve" id="2022-50843"/> <issue tracker="cve" id="2022-50850"/> <issue tracker="cve" id="2022-50870"/> <issue tracker="cve" id="2022-50876"/> <issue tracker="cve" id="2022-50880"/> <issue tracker="cve" id="2022-50884"/> <issue tracker="cve" id="2022-50889"/> <issue tracker="cve" id="2023-23559"/> <issue tracker="cve" id="2023-4132"/> <issue tracker="cve" id="2023-53215"/> <issue tracker="cve" id="2023-53254"/> <issue tracker="cve" id="2023-53761"/> <issue tracker="cve" id="2023-53781"/> <issue tracker="cve" id="2023-54019"/> <issue tracker="cve" id="2023-54024"/> <issue tracker="cve" id="2023-54110"/> <issue tracker="cve" id="2023-54142"/> <issue tracker="cve" id="2023-54168"/> <issue tracker="cve" id="2023-54170"/> <issue tracker="cve" id="2023-54242"/> <issue tracker="cve" id="2023-54243"/> <issue tracker="cve" id="2023-54270"/> <issue tracker="cve" id="2025-38068"/> <issue tracker="cve" id="2025-38159"/> <issue tracker="cve" id="2025-40019"/> <issue tracker="cve" id="2025-40215"/> <issue tracker="cve" id="2025-40220"/> <issue tracker="cve" id="2025-40233"/> <issue tracker="cve" id="2025-40256"/> <issue tracker="cve" id="2025-40277"/> <issue tracker="cve" id="2025-40280"/> <issue tracker="cve" id="2025-40331"/> <issue tracker="cve" id="2025-68813"/> <issue tracker="cve" id="2025-71120"/> <issue tracker="jsc" id="SLE-13847"/> <category>security</category> <rating>important</rating> <packager>alix82</packager> <reboot_needed/> <summary>Security update for the Linux Kernel</summary> <description> The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdev_device_add() (bsc#1249739). - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844). - CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command interface (bsc#1256040). - CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion queue (bsc#1256137). - CVE-2022-50756: nvme-core: replace ctrl page size with a macro (bsc#1256216). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control messages (bsc#1255002). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). </description> </patchinfo>
