Overview

File _patchinfo of Package patchinfo.43550

<patchinfo incident="43550">
  <!--generated with prepare-lp from request 404894-->
  <issue tracker="bnc" id="1252036">VUL-0: CVE-2025-39973: kernel live patch: i40e: add validation for ring_len param</issue>
  <issue tracker="bnc" id="1252689">VUL-0: CVE-2025-40018: kernel live patch: ipvs: Defer ip_vs_ftp unregister during netns cleanup</issue>
  <issue tracker="bnc" id="1253404">VUL-0: CVE-2025-40159: kernel live patch: xsk: Harden userspace-supplied xdp_desc validation</issue>
  <issue tracker="bnc" id="1256780">VUL-0: CVE-2025-71120: kernel live patch: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf</issue>
  <issue tracker="bnc" id="1257238">VUL-0: CVE-2026-22999: kernel live patch: net/sched: sch_qfq: do not free existing class in qfq_change_class()</issue>
  <issue tracker="bnc" id="1258051">VUL-0: CVE-2026-23074: kernel live patch: net/sched: Enforce that teql can only be used as root qdisc</issue>
  <issue tracker="bnc" id="1258183">VUL-0: CVE-2026-23111: kernel live patch: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()</issue>
  <issue tracker="bnc" id="1258784">VUL-0: CVE-2026-23209: kernel live patch: macvlan: fix error recovery in macvlan_common_newlink()</issue>
  <issue tracker="cve" id="2025-39973"/>
  <issue tracker="cve" id="2025-40018"/>
  <issue tracker="cve" id="2025-40159"/>
  <issue tracker="cve" id="2025-71120"/>
  <issue tracker="cve" id="2026-22999"/>
  <issue tracker="cve" id="2026-23074"/>
  <issue tracker="cve" id="2026-23111"/>
  <issue tracker="cve" id="2026-23209"/>
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <summary>Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)</summary>
  <description>
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.73 fixes various security issues

The following security issues were fixed:

- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places