SUSE-SU-2025:4301-1

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
• CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
• CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
• CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
• CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
• CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
• CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
• CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
• CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
• CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
• CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319 bsc#1252236).
• CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
• CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
• CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
• CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
• CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
• CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
• CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
• CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
• CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
• CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
• CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
• CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
• CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
• CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
• CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
• CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
• CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
• CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
• CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
• CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
• CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
• CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
• CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
• CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
• CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
• CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
• CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
• CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
• CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
• CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
• CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
• CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
• CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
• CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
• CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).

The following non security issues were fixed:

• ACPI: battery: Add synchronization between interface updates (git-fixes).
• KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
• KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
• KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
• bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
• cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
• drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
• ext4: fix checks for orphan inodes (bsc#1250119).
• hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
• kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
• module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
• net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
• netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). No CVE available yet, please see the bugzilla ticket referenced.
• perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
• perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
• phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
• powerpc/boot: Fix build with gcc 15 (bsc#1215199).
• powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
• powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
• powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
• powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
• powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
• powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
• proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
• proc: fix type confusion in pde_set_flags() (bsc#1248630)
• sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
• serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244).
• skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
• smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
• smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
• tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
• tracing: Remove unneeded goto out logic (bsc#1249286).
• x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).