SUSE-SU-2025:02099-1

Description of the patch:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
• CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
• CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
• CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).

The following non-security bugs were fixed:

• mtd: phram: Add the kernel lock down check (bsc#1232649).
• net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
• netfilter: ipset: Check and reject crazy /0 input parameters (git-fixes)
• netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function (git-fixes)