The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
The following non-security bugs were fixed:
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- netfilter: ipset: Check and reject crazy /0 input parameters (git-fixes)
- netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function (git-fixes)