The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
The following non security issues were fixed:
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes).
- cifs: Fix copy offload to flush destination region (bsc#1252511).
- cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511).
- cifs: add new field to track the last access time of cfid (git-fixes).
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087).
-...