File _patchinfo of Package patchinfo.39504
<patchinfo incident="39504">
<issue id="1199487" tracker="bnc">VUL-0: CVE-2022-1679: kernel-source,kernel-source-rt,kernel-source-azure: kernel: Use-After-Free in ath9k_htc_probe_device() could cause an escalation of privileges</issue>
<issue id="1202095" tracker="bnc">VUL-0: CVE-2022-2586: kernel-source: use-after-free with nf_tables cross-table reference</issue>
<issue id="1202564" tracker="bnc">VUL-0: CVE-2022-2905: kernel-source: Linux kernel slab-out-of-bound Read in bpf</issue>
<issue id="1202860" tracker="bnc">VUL-0: CVE-2022-2905: kernel-source-azure,kernel-source,kernel-source-rt: slab-out-of-bound read in bpf</issue>
<issue id="1205220" tracker="bnc">VUL-0: CVE-2022-3903: kernel: An invalid pipe direction in the mceusb driver cause DOS</issue>
<issue id="1205514" tracker="bnc">VUL-0: CVE-2022-4095: kernel: use after free in rtl8712 driver</issue>
<issue id="1206664" tracker="bnc">VUL-0: CVE-2022-4662: kernel-source-azure,kernel-source-rt,kernel-source: Recursive locking violation in usb-storage that can cause the kernel to deadlock</issue>
<issue id="1206878" tracker="bnc">[PATCH] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h</issue>
<issue id="1211226" tracker="bnc">Eliminate the need for 'OBS source links': convert to _multibuild</issue>
<issue id="1212051" tracker="bnc">VUL-0: CVE-2023-3111: kernel: Use after free in prepare_to_relocate in fs/btrfs/relocation.c</issue>
<issue id="1218184" tracker="bnc">Eliminate the need for 'OBS source links': convert to _multibuild</issue>
<issue id="1224095" tracker="bnc">VUL-0: CVE-2024-27397: kernel: netfilter: nf_tables: use timestamp to check for set element timeout</issue>
<issue id="1226514" tracker="bnc">VUL-0: CVE-2024-36978: kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune()</issue>
<issue id="1228659" tracker="bnc">Snapshot 20240730 - unbootable after transactional-update dup</issue>
<issue id="1230827" tracker="bnc">VUL-0: CVE-2024-46800: kernel: sch/netem: fix use after free in netem_dequeue</issue>
<issue id="1231293" tracker="bnc">kernel shown as unreleased</issue>
<issue id="1232504" tracker="bnc">VUL-0: CVE-2024-50077: kernel: Bluetooth: ISO: Fix multiple init when debugfs is disabled</issue>
<issue id="1234381" tracker="bnc">VUL-0: CVE-2024-53141: kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt</issue>
<issue id="1234454" tracker="bnc">Compiling external modules fails with "/usr/src/linux-6.13.0-rc2-1.gf92fc5d/include/config/auto.conf: No such file or directory"</issue>
<issue id="1235637" tracker="bnc">VUL-0: CVE-2024-56770: kernel: net/sched: netem: account for backlog updates from child qdisc</issue>
<issue id="1237159" tracker="bnc">VUL-0: CVE-2025-21700: kernel: net: sched: Disallow replacing of child qdisc from one parent to another</issue>
<issue id="1237312" tracker="bnc">VUL-0: CVE-2025-21702: kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0</issue>
<issue id="1237313" tracker="bnc">VUL-0: CVE-2025-21703: kernel: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()</issue>
<issue id="1238303" tracker="bnc">kernel-source:kernel-docs varies between builds</issue>
<issue id="1238570" tracker="bnc">SUSE-2025 kernel fails supported.conf check when built on SLE 15 SP6</issue>
<issue id="1239986" tracker="bnc">/lib/modprobe.d/20-kernel-default-extra.conf is missing in 16.0</issue>
<issue id="1240785" tracker="bnc">Update from 20250329 failing</issue>
<issue id="1241038" tracker="bnc">Use "OrderWithRequires" in kernel binary packages</issue>
<issue id="1242414" tracker="bnc">VUL-0: CVE-2025-37798: kernel: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()</issue>
<issue id="1242504" tracker="bnc">VUL-0: CVE-2025-37752: kernel: net_sched: sch_sfq: move the limit validation</issue>
<issue id="1242597" tracker="bnc">VUL-0: CVE-2022-49770: kernel: ceph: avoid putting the realm twice when decoding snaps fails</issue>
<issue id="1242924" tracker="bnc">VUL-0: CVE-2025-37823: kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too</issue>
<issue id="1243330" tracker="bnc">VUL-0: CVE-2025-37890: kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc</issue>
<issue id="1243543" tracker="bnc">VUL-0: CVE-2025-37953: kernel: sch_htb: make htb_deactivate() idempotent</issue>
<issue id="1243627" tracker="bnc">VUL-0: CVE-2025-37932: kernel: sch_htb: make htb_qlen_notify() idempotent</issue>
<issue id="1244234" tracker="bnc">VUL-0: CVE-2025-38001: kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice</issue>
<issue id="1244241" tracker="bnc">The recent change of scripts/lib/SUSE/MyBS.pm broke osc_wrapper with --flavor option</issue>
<issue id="1244277" tracker="bnc">VUL-0: CVE-2025-38000: kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()</issue>
<issue id="1244337" tracker="bnc">kernel-syms should not require kernel-rt-devel</issue>
<issue id="1244867" tracker="bnc">VUL-0: CVE-2022-50213: kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table</issue>
<issue id="1244886" tracker="bnc">VUL-0: CVE-2022-50179: kernel: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb</issue>
<issue id="1244948" tracker="bnc">VUL-0: CVE-2022-49986: kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq</issue>
<issue id="1244956" tracker="bnc">VUL-0: CVE-2022-49985: kernel: bpf: Don't use tnum_range on array range checking for poke descriptors</issue>
<issue id="1244968" tracker="bnc">VUL-0: CVE-2022-50083: kernel: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h</issue>
<issue id="1244969" tracker="bnc">VUL-0: CVE-2022-49956: kernel: staging: rtl8712: fix use after free bugs</issue>
<issue id="1244984" tracker="bnc">VUL-0: CVE-2022-49936: kernel: USB: core: Prevent nested device-reset calls</issue>
<issue id="1245047" tracker="bnc">VUL-0: CVE-2022-50067: kernel: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()</issue>
<issue id="1245057" tracker="bnc">VUL-0: CVE-2022-49937: kernel: media: mceusb: Use new usb_control_msg_*() routines</issue>
<issue id="1245119" tracker="bnc">VUL-0: CVE-2022-50087: kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails</issue>
<issue id="1245147" tracker="bnc">VUL-0: CVE-2022-50085: kernel: dm raid: fix address sanitizer warning in raid_resume</issue>
<issue id="1245149" tracker="bnc">VUL-0: CVE-2022-50200: kernel: selinux: add boundary check in put_entry()</issue>
<issue id="1245183" tracker="bnc">VUL-0: CVE-2025-38083: kernel: net_sched: prio: fix a race in prio_tune()</issue>
<issue id="1245455" tracker="bnc">[storvsc][Backport] scsi: storvsc: Increase the timeouts to storvsc_timeout</issue>
<issue id="2022-1679" tracker="cve" />
<issue id="2022-2586" tracker="cve" />
<issue id="2022-2905" tracker="cve" />
<issue id="2022-3903" tracker="cve" />
<issue id="2022-4095" tracker="cve" />
<issue id="2022-4662" tracker="cve" />
<issue id="2022-49770" tracker="cve" />
<issue id="2022-49936" tracker="cve" />
<issue id="2022-49937" tracker="cve" />
<issue id="2022-49956" tracker="cve" />
<issue id="2022-49985" tracker="cve" />
<issue id="2022-49986" tracker="cve" />
<issue id="2022-50067" tracker="cve" />
<issue id="2022-50083" tracker="cve" />
<issue id="2022-50085" tracker="cve" />
<issue id="2022-50087" tracker="cve" />
<issue id="2022-50179" tracker="cve" />
<issue id="2022-50200" tracker="cve" />
<issue id="2022-50213" tracker="cve" />
<issue id="2023-3111" tracker="cve" />
<issue id="2024-27397" tracker="cve" />
<issue id="2024-36978" tracker="cve" />
<issue id="2024-46800" tracker="cve" />
<issue id="2024-53141" tracker="cve" />
<issue id="2024-56770" tracker="cve" />
<issue id="2025-21700" tracker="cve" />
<issue id="2025-21702" tracker="cve" />
<issue id="2025-21703" tracker="cve" />
<issue id="2025-37752" tracker="cve" />
<issue id="2025-37798" tracker="cve" />
<issue id="2025-37823" tracker="cve" />
<issue id="2025-37890" tracker="cve" />
<issue id="2025-37932" tracker="cve" />
<issue id="2025-37953" tracker="cve" />
<issue id="2025-38000" tracker="cve" />
<issue id="2025-38001" tracker="cve" />
<issue id="2025-38083" tracker="cve" />
<issue id="PED-10028" tracker="jsc" />
<issue id="PED-12251" tracker="jsc" />
<category>security</category>
<rating>important</rating>
<packager>jdelvare</packager>
<reboot_needed/>
<description>
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
- CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
