kernel update [SLES15 SP5 5.14.21-150500.55.59.1]

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
• CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-
  acpi (bsc#1220478).
• CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use
  get_user_pages_unlocked() (bsc#1220443).
• CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump()
  (bsc#1220482).
• CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
• CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq()
  (bsc#1220486).
• CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
• CVE-2021-46934: Fixed a bug by validating user data in compat ioctl
  (bsc#1220469).
• CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
• CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
• CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek:
  (bsc#1220917).
• CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
• CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path
  (bsc#1220959).
• CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core
  (bsc#1220978).
• CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
• CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
• CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi
  (bsc#1220981).
• CVE-2021-47097: Fixed stack out of bound access in
  elantech_change_report_id() (bsc#1220982).
• CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations
  hwmon: (lm90) (bsc#1220983).
• CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are
  cloned (bsc#1220955).
• CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
• CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
• CVE-2021-47102: Fixed incorrect structure access In line: upper =
  info->upper_dev in net/marvell/prestera (bsc#1221009).
• CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts()
  (bsc#1220960).
• CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
• CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
• CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in
  drm/mediatek (bsc#1220986).
• CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
  escalation in TUN/TAP device driver functionality (bsc#1209635).
• CVE-2022-48626: Fixed a potential use-after-free on remove path moxart
  (bsc#1220366).
• CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer
  (bsc#1220845).
• CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
• CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
• CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in
  crypto: qcom-rng (bsc#1220990).
• CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to
  potentially crash the system (bsc#1209657).
• CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
• CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work()
  (bsc#1212514).
• CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
  that could lead to potential information disclosure or a denial of service
  (bsc#1215221).
• CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
  (bsc#1220251).
• CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology()
  (bsc#1220237).
• CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
• CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU
  length (bsc#1220320).
• CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer
  (bsc#1220325).
• CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
• CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register
  (bsc#1220433).
• CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table
  (bsc#1220411).
• CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
• CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec
  user SDMA requests (bsc#1220445).
• CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI
  during vsyscall (bsc#1220703).
• CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors
  (bsc#1220790).
• CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520
  (bsc#1220887).
• CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors
  (bsc#1220735).
• CVE-2023-52484: Fixed a soft lockup triggered by
  arm_smmu_mm_invalidate_range (bsc#1220797).
• CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
• CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration
  function __dma_async_device_channel_register() (bsc#1221276).
• CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
• CVE-2023-52494: Fixed missing alignment check for event ring read pointer in
  bus/mhi/host (bsc#1221273).
• CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
• CVE-2023-52500: Fixed information leaking when processing
  OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
• CVE-2023-52501: Fixed possible memory corruption in ring-buffer
  (bsc#1220885).
• CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
  nfc_llcp_sock_get_sn() (bsc#1220831).
• CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a
  5-level paging machine (bsc#1221553).
• CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
• CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid()
  (bsc#1221015).
• CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work()
  (bsc#1220836).
• CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
• CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
• CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
• CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
• CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO
  drain in spi/sun6i (bsc#1221055).
• CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
• CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc
  (bsc#1220920).
• CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi
  (bsc#1220921).
• CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf
  (bsc#1220926).
• CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
• CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet()
  (bsc#1220840).
• CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg()
  (bsc#1220843).
• CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
• CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
  (bsc#1220930).
• CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
• CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
• CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend
  (bsc#1220933).
• CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson
  (bsc#1220937).
• CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux()
  (bsc#1220938).
• CVE-2023-52566: Fixed potential use after free in
  nilfs_gccache_submit_read_data() (bsc#1220940).
• CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ
  polling (irq = 0) (bsc#1220839).
• CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to
  insert delayed dir index item (bsc#1220918).
• CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
• CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off
  (bsc#1220871).
• CVE-2023-52576: Fixed potential use after free in memblock_isolate_range()
  (bsc#1220872).
• CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
• CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph
  (bsc#1221058).
• CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
• CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via
  directory renaming (bsc#1221044).
• CVE-2023-52594: Fixed potential array-index-out-of-bounds read in
  ath9k_htc_txstatus() (bsc#1221045).
• CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
• CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
• CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace
  (bsc#1221060).
• CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs
  (bsc#1221062).
• CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
• CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs
  (bsc#1221068).
• CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs
  (bsc#1221070).
• CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot()
  (bsc#1221066).
• CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree()
  (bsc#1221067).
• CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
• CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib
  (bsc#1221069).
• CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add
  kasprintf() (bsc#1221061).
• CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi
  (bsc#1221375).
• CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp
  (bsc#1221616).
• CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
• CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove
  (bsc#1221613).
• CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd
  number in pstore/ram (bsc#1221618).
• CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
• CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
• CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
• CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd
  (bsc#1222274).
• CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939
  (bsc#1222291).
• CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed
  (bsc#1222300).
• CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts
  (bsc#1218562).
• CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
  (bsc#1217987).
• CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
  (bsc#1217988).
• CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
  (bsc#1217989).
• CVE-2023-7042: Fixed a null-pointer-dereference in
  ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
• CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in
  net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
• CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super
  function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
• CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
• CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security
  (bsc#1219170).
• CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
  and ARM md, raid, raid5 modules (bsc#1219169).
• CVE-2024-25739: Fixed possible crash in create_empty_lvol() in
  drivers/mtd/ubi/vtbl.c (bsc#1219834).
• CVE-2024-25742: Fixed insufficient validation during #VC instruction
  emulation in x86/sev (bsc#1221725).
• CVE-2024-25743: Fixed insufficient validation during #VC instruction
  emulation in x86/sev (bsc#1221725).
• CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate()
  (bsc#1220365).
• CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2
  (bsc#1220340).
• CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
• CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
• CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences
  (bsc#1221291).
• CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks
  (bsc#1221293).
• CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap
  (bsc#1221298).
• CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
• CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in
  nfsd (bsc#1221379).
• CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter
  nf_tables (bsc#1221830).
• CVE-2024-26645: Fixed missing visibility when inserting an element into
  tracing_map (bsc#1222056).
• CVE-2024-26646: Fixed potential memory corruption when resuming from suspend
  or hibernation in thermal/intel/hfi (bsc#1222070).
• CVE-2024-26651: Fixed possible oops via malicious devices in sr9800
  (bsc#1221337).
• CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
• CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun
  events in xhci (bsc#1222317).
• CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in
  hwmon coretemp (bsc#1222355).
• CVE-2024-26667: Fixed null pointer reference in
  dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
• CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in
  kernel arm64 (bsc#1222356).
• CVE-2024-26695: Fixed null pointer dereference in
  __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
• CVE-2024-26717: Fixed null pointer dereference on failed power up in HID
  i2c-hid-of (bsc#1222360).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html