Description of the patch:
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).
- CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075).
- CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098).
- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).
- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).
- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).
- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).
- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).
- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).
- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).
- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).
- CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).
- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).
- CVE-2025-21925: llc: do not use skb_get() before...