openSUSE-SU-2025:20172-1

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498).
CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499).
CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034).
CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977).
CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746).
CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723).
CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817).
CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054).
CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301).
CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779).
CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790).
CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794).
CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923).
CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901).
CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328).
CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423).
CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426).
CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394).
CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455).
CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457).

The following non security issues were fixed:

ACPI: scan: Update honor list for RPMI System MSI (stable-fixes).
ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062).
Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923)
KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes).
PCI/ERR: Update device error_state already after reset (stable-fixes).
PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes).
Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (git-fixes).
Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (git-fixes).
Update config files: enable zstd module decompression (jsc#PED-14115).
bpf/selftests: Fix test_tcpnotify_user (bsc#1253635).
btrfs: do not clear read-only when adding sprout device (bsc#1253238).
btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
drm/amd/display: update color on atomic commit time (stable-fixes).
drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes).
media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
mount: handle NULL values in mnt_ns_release() (bsc#1254308)
net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357).
net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353).
net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353).
net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353).
net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353).
net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353).
net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353).
net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353).
net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353).
net: phy: realtek: use string choices helpers (jsc#PED-14353).
net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746)
net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746)
net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746)
nvmet-auth: update sc_c in host response (git-fixes bsc#1249397).
nvmet-auth: update sc_c in target host hash calculation (git-fixes).
perf list: Add IBM z17 event descriptions (jsc#PED-13611).
platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes).
powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949).
pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes).
r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353).
r8169: add support for Intel Killer E5000 (jsc#PED-14353).
r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
r8169: add support for RTL8125D rev.b (jsc#PED-14353).
r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353).
r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353).
r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353).
r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353).
r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353).
r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353).
r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353).
r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353).
r8169: implement additional ethtool stats ops (jsc#PED-14353).
r8169: improve __rtl8169_set_wol (jsc#PED-14353).
r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353).
r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353).
r8169: remove leftover locks after reverted change (jsc#PED-14353).
r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353).
r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
r8169: remove support for chip version 11 (jsc#PED-14353).
r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353).
r8169: replace custom flag with disable_work() et al (jsc#PED-14353).
r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353).
r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353).
ring-buffer: Update pages_touched to reflect persistent buffer content (git-fixes).
s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643).
sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843).
sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792).
sched/fair: Proportional newidle balance (bsc#1248792).
sched/fair: Proportional newidle balance -KABI (bsc#1248792).
sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792).
sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792).
sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792).
sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792).
scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
selftests/run_kselftest.sh: Add --skip argument option (bsc#1254221).
smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843).
soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
spi: tegra210-quad: Fix timeout handling (bsc#1253155)
spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181).
wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315).
wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315).
wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315).
wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315).
wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315).
wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315).
wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315).
wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315).
wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315).
wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315).
wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315).
wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315).
wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315).
wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315).
wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315).
wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315).
wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315).
x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843).
x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843).
x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843).

openSUSE-SU-2025:20172-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline