Overview

File _patchinfo of Package patchinfo.43219

<patchinfo incident="43219">
  <issue id="1238917" tracker="bnc">VUL-0: CVE-2025-21738: kernel: ata: libata-sff: ensure that we cannot write outside the allocated buffer</issue>
  <issue id="1255075" tracker="bnc">VUL-0: CVE-2025-40242: kernel: gfs2: Fix unlikely race in gdlm_put_lock</issue>
  <issue id="1256645" tracker="bnc">VUL-0: CVE-2025-71066: kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change</issue>
  <issue id="1257231" tracker="bnc">VUL-0: CVE-2026-23004: kernel: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()</issue>
  <issue id="1257473" tracker="bnc">[SUSE]{hv_netvsc][Backport] net: hv_netvsc: reject RSS hash key programming without RX indirection table</issue>
  <issue id="1257732" tracker="bnc">VUL-0: CVE-2026-23054: kernel: net: hv_netvsc: reject RSS hash key programming without RX indirection table</issue>
  <issue id="1257735" tracker="bnc">VUL-0: CVE-2026-23060: kernel: crypto: authencesn - reject too-short AAD (assoclen&lt;8) to match ESP/ESN spec</issue>
  <issue id="1258340" tracker="bnc">VUL-0: CVE-2026-23204: kernel: net/sched: cls_u32: use skb_header_pointer_careful()</issue>
  <issue id="1258395" tracker="bnc">VUL-0: CVE-2026-23191: kernel: ALSA: aloop: Fix racy access at PCM trigger</issue>
  <issue id="1258518" tracker="bnc">VUL-0: CVE-2026-23209: kernel: macvlan: fix error recovery in macvlan_common_newlink()</issue>
  <issue id="1258849" tracker="bnc">VUL-0: apparmor: "CrackArmor": multi issues found by Qualys</issue>
  <issue id="2025-21738" tracker="cve" />
  <issue id="2025-40242" tracker="cve" />
  <issue id="2025-71066" tracker="cve" />
  <issue id="2026-23004" tracker="cve" />
  <issue id="2026-23054" tracker="cve" />
  <issue id="2026-23060" tracker="cve" />
  <issue id="2026-23191" tracker="cve" />
  <issue id="2026-23204" tracker="cve" />
  <issue id="2026-23209" tracker="cve" />
  <issue tracker="bnc" id="1258850">VUL-0: CVE-2026-23268: kernel: apparmor: fix unprivileged local user can do privileged policy management</issue>
  <issue tracker="bnc" id="1259857">VUL-0: CVE-2026-23269: kernel: apparmor: validate DFA start states are in bounds in unpack_pdb</issue>
  <issue tracker="cve" id="2026-23268"/>
  <issue tracker="cve" id="2026-23269"/>
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen&lt;8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).

The following non-security bugs were fixed:

- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
</description>
	<summary>Security update for the Linux Kernel</summary>
<!-- inserted by gitlab@gitlab.suse.de:security/tools.git//home/securitybot/src/sectools/auto_maintenance.pl -->
<releasetarget project="SUSE:Updates:SLE-Product-SUSE-Manager-Server:4.3-LTS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SUSE-Manager-Server:4.3-LTS:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-SUSE-Manager-Server:4.3-LTS:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SUSE-Manager-Retail-Branch-Server:4.3-LTS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SUSE-Manager-Proxy:4.3-LTS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES_SAP:15-SP4:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES_SAP:15-SP4:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP4-TERADATA:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP4-LTSS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP4-LTSS:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP4-LTSS:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-SLES:15-SP4-LTSS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP4-LTSS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP4-LTSS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP4-ESPOS:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HPC:15-SP4-ESPOS:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP4:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP4:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP4:ppc64le"/>
<releasetarget project="SUSE:Updates:SLE-Product-HA:15-SP4:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Micro:5.4:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Micro:5.4:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Micro:5.4:aarch64"/>
<releasetarget project="SUSE:Updates:SLE-Micro:5.3:x86_64"/>
<releasetarget project="SUSE:Updates:SLE-Micro:5.3:s390x"/>
<releasetarget project="SUSE:Updates:SLE-Micro:5.3:aarch64"/>
<releasetarget project="SUSE:SLE-15-SP4:Update"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places