SUSE-SU-2025:03626-1

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
• CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
• CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
• CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
• CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
• CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
• CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
• CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140).
• CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
• CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
• CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189).
• CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
• CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337).
• CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
• CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
• CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
• CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
• CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729).
• CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
• CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
• CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
• CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
• CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
• CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
• CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
• CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
• CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
• CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).

The following non-security bugs were fixed:

• Limit patch filenames to 100 characters (bsc#1249604).
• Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
• git_sort: Make tests independent of environment.
• hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
• kernel-binary: Another installation ordering fix (bsc#1241353).
• kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
• kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346).
• kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
• rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
• rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
• rpm: Configure KABI checkingness macro (bsc#1249186).
• rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
• scripts/python/kss-dashboard: attempt getting smash data
• scripts/python/kss-dashboard: fetch into repos if stale
• scripts/python/kss-dashboard: implement CVSSv3.1 score consistency check
• scripts/python/kss-dashboard: prepare for the alternative CVE branch
• scripts/python/kss-dashboard: simplify control flow
• scripts/python/kss-dashboard: speed up patch checking a bit
• scripts/python/kss-dashboard: use decorator to handle exceptions
• scripts/tar-up: Remove mkspec only affter running it.
• scripts: Import arch-symbols script from packaging
• scripts: Import guards script from packaging
• scripts: test_linux_git.py: Do not complain about missing cwd
• sequence-patch: Use arch-symbols
• suse_git/header: Complain about patch filenames over 100 characters.
• tar-up: Also sort generated tar archives
• tar-up: Handle multiple levels of symlinks
• tar-up: Normalize file modes to ones supported by git
• tar-up: Remove mkspec and its inputs as from target directory (bsc#1250522).
• tar-up: Remove the $build_dir prefix when in $build_dir
• tar-up: Set owner of files in generated tar archives to root rather than nobody
• tar_up: Handle symlinks in rpm directory
• use uniform permission checks for all mount propagation changes (git-fixes).