Overview

File _patchinfo of Package patchinfo.37760

<patchinfo incident="37760">
  <issue id="1208995" tracker="bnc">VUL-0: CVE-2023-1192: kernel: use-after-free in smb2_is_status_io_timeout()</issue>
  <issue id="1220946" tracker="bnc">VUL-0: CVE-2023-52572: kernel: cifs: Fix UAF in cifs_demultiplex_thread()</issue>
  <issue id="1225742" tracker="bnc">VUL-0: CVE-2024-36905: kernel: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets</issue>
  <issue id="1232472" tracker="bnc">nfsd: inode locked twice during operation. And users unable to access NFS share  - ref:_00D1igLOd._500TrLPTxC:ref</issue>
  <issue id="1232919" tracker="bnc">VUL-0: CVE-2024-50115: kernel: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory</issue>
  <issue id="1233701" tracker="bnc">L3Q: Customer suffers from "kernel: fh_lock: /bin already locked!" warnings after upgrade to 15 SP5</issue>
  <issue id="1233749" tracker="bnc">L3: Kernel crash at Workqueue: netns cleanup_net [ref:_00D1igLOd._500TrNma7D:ref]</issue>
  <issue id="1234154" tracker="bnc">VUL-0: CVE-2024-53135: kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN</issue>
  <issue id="1234650" tracker="bnc">L3: nfsd: inode locked twice during operation</issue>
  <issue id="1234853" tracker="bnc">VUL-0: CVE-2024-53146: kernel: NFSD: prevent a potential integer overflow</issue>
  <issue id="1234891" tracker="bnc">VUL-0: CVE-2024-53173: kernel: NFSv4.0: Fix a use-after-free problem in the asynchronous open()</issue>
  <issue id="1234963" tracker="bnc">VUL-0: CVE-2024-56539: kernel: wifi: mwifiex: fix memcpy() field-spanning write warning in mwifiex_config_scan()</issue>
  <issue id="1235054" tracker="bnc">VUL-0: CVE-2024-53239: kernel: ALSA: 6fire: release resources at card release</issue>
  <issue id="1235061" tracker="bnc">VUL-0: CVE-2024-56605: kernel: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()</issue>
  <issue id="1235073" tracker="bnc">VUL-0: CVE-2024-56548: kernel: hfsplus: don't query the device logical block size multiple times</issue>
  <issue id="1235111" tracker="bnc">L3-Question: PTF of ice driver loads with errors and irdma module complains about missing symbols</issue>
  <issue id="1236133" tracker="bnc">VUL-0: CVE-2025-21647: kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts</issue>
  <issue id="1236289" tracker="bnc">L3: SLESforSAP 15sp5 - Multiple CPU soft lockups all showing callstacks in aperfmperf_get_khz</issue>
  <issue id="1236576" tracker="bnc">VUL-0: CVE-2024-53226: kernel: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()</issue>
  <issue id="1236661" tracker="bnc">idpf: fix the missing call to set_real_num_queues in the link up flows</issue>
  <issue id="1236677" tracker="bnc">VUL-0: CVE-2024-57948: kernel: mac802154: check local interfaces before deleting sdata list</issue>
  <issue id="1236757" tracker="bnc">net: netvsc: Update default VMBus channels</issue>
  <issue id="1236758" tracker="bnc">net: mana: Enable debugfs files for MANA device</issue>
  <issue id="1236760" tracker="bnc">net: mana: Cleanup "mana" debugfs dir after cleanup of all children</issue>
  <issue id="1236761" tracker="bnc">net: mana: Add get_link and get_link_ksettings in ethtool</issue>
  <issue id="1236777" tracker="bnc">L3: Missing boost control on AMD Genoa platform with the amd-pstate driver in SLE 15 SP5 [ref:_00D1igLOd._500TrSkcwi:ref]</issue>
  <issue id="1236951" tracker="bnc">endless loop booting xen/dom0 - megasas_build_io_fusion 3261 sge_count (-12) is out of range.</issue>
  <issue id="1237025" tracker="bnc">VUL-0: CVE-2025-21690: kernel: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service</issue>
  <issue id="1237028" tracker="bnc">VUL-0: CVE-2025-21692: kernel: net: sched: fix ets qdisc OOB Indexing</issue>
  <issue id="1237139" tracker="bnc">VUL-0: CVE-2025-21699: kernel: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag</issue>
  <issue id="1237316" tracker="bnc">IDPF kdump bug</issue>
  <issue id="1237693" tracker="bnc">Backport 5.15 stable patch to address IDPF timeout</issue>
  <issue id="1238033" tracker="bnc">VUL-0: CVE-2022-49080: kernel: mm/mempolicy: fix mpol_new leak in shared_policy_replace</issue>
  <issue id="2022-49080" tracker="cve" />
  <issue id="2023-1192" tracker="cve" />
  <issue id="2023-52572" tracker="cve" />
  <issue id="2024-50115" tracker="cve" />
  <issue id="2024-53135" tracker="cve" />
  <issue id="2024-53173" tracker="cve" />
  <issue id="2024-53226" tracker="cve" />
  <issue id="2024-53239" tracker="cve" />
  <issue id="2024-56539" tracker="cve" />
  <issue id="2024-56548" tracker="cve" />
  <issue id="2024-56605" tracker="cve" />
  <issue id="2024-57948" tracker="cve" />
  <issue id="2025-21647" tracker="cve" />
  <issue id="2025-21690" tracker="cve" />
  <issue id="2025-21692" tracker="cve" />
  <issue id="2025-21699" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>tabraham1</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576)
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).

The following non-security bugs were fixed:

- cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777).
- iavf: fix the waiting time for initial reset (bsc#1235111).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: introduce a function to check if a netdev name is in use (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: minor __dev_alloc_name() optimization (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472).
- rcu: Remove rcu_is_idle_cpu() (bsc#1236289).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289).
- x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289).
- x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289).
- x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289).
- x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289).
- x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289).
- x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289).
- x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289).
- x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289).
- x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
- x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (bsc#1236951).
</description>
	<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places