kernel update [SLES15 SP5 5.14.21-150500.55.62.2]

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case
  (bsc#1222596).
• CVE-2024-27389: Fixed pstore inode handling with d_invalidate()
  (bsc#1223705).
• CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
• CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists
  (bsc#1223822).
• CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure
  (bsc#1223827).
• CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places
  (bsc#1223824).
• CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in
  amdgpu_dm_fini() (bsc#1223714).
• CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree()
  (bsc#1223821).
• CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
• CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts
  (bsc#1223790).
• CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS
  (bsc#1223735).
• CVE-2024-27013: Fixed tun limit printing rate when illegal packet received
  by tun device (bsc#1223745).
• CVE-2024-26993: Fixed fs/sysfs reference leak in
  sysfs_break_active_protection() (bsc#1223693).
• CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value
  of zero (bsc#1223634).
• CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table
  arrays (bsc#1223644).
• CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table
  arrays (bsc#1223645).
• CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table
  arrays (bsc#1223646).
• CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table
  arrays (bsc#1223648).
• CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and
  swapoff() (bsc#1223655).
• CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead
  instead of empty list (bsc#1223660).
• CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead
  of peer (bsc#1223661).
• CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in
  dc_state_release (bsc#1223664).
• CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch
  (bsc#1223525).
• CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent
  kernel-infoleak (bsc#1223198).
• CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
• CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC
  transport cleanup path (bsc#1223196).
• CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches
  (bsc#1223190).
• CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches
  (bsc#1223189).
• CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches
  (bsc#1223035).
• CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in
  ip_tunnel_rcv() (bsc#1223034).
• CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08
  devices (bsc#1223041).
• CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps
  (bsc#1223066).
• CVE-2024-26878: Fixed quota for potential NULL pointer dereference
  (bsc#1223060).
• CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant
  spi_controller_put call (bsc#1223024).
• CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing
  (bsc#1223111).
• CVE-2024-26861: Fixed wireguard/receive annotate data-race around
  receiving_counter.counter (bsc#1223076).
• CVE-2024-26857: Fixed geneve to make sure to pull inner header in
  geneve_rx() (bsc#1223058).
• CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry
  (bsc#1223052).
• CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in
  ice_bridge_setlink() (bsc#1223051).
• CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT
  (bsc#1223061).
• CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in
  ip6_route_mpath_notify() (bsc#1223057).
• CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
• CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for
  workstations (bsc#1222968).
• CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove
  administratively set MAC (bsc#1223012).
• CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid
  integer overflow (bsc#1222812).
• CVE-2024-26816: Fixed relocations in .notes section when building with
  CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
• CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM
  hooks (bsc#1222801).
• CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in
  netlink (bsc#1222630).
• CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink()
  in gtp (bsc#1222428).
• CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a
  wrong zone index (bsc#1222615).
• CVE-2024-26773: Fixed ext4 block allocation from corrupted group in
  ext4_mb_try_best_found() (bsc#1222618).
• CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group
  in ext4_mb_find_by_goal() (bsc#1222613).
• CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine
  ti edma (bsc#1222610)
• CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs()
  (bsc#1222726).
• CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct
  aio_kiocb conversion (bsc#1222721).
• CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on
  device in dm-crypt (bsc#1222720).
• CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in
  gtp_genl_dump_pdp() in gtp (bsc#1222632).
• CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table
  (bsc#1222724).
• CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid
  parameter in rdma/srpt (bsc#1222449).
• CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in
  rdma/qedr (bsc#1222677).
• CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free
  and bpf_timer_cancel (bsc#1222557).
• CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
• CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already
  gets read (bsc#1222536).
• CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
• CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len
  in ext4 (bsc#1222422).
• CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers()
  (bsc#1222549).
• CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
• CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup
  (bsc#1222435).
• CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write
  (bsc#1222437).
• CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA
  channels (bsc#1222445).
• CVE-2024-26681: Fixed netdevsim to avoid potential loop in
  nsim_dev_trap_report_work() (bsc#1222431).
• CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring
  (bsc#1222427).
• CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
• CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization
  (bsc#1222368).
• CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
• CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder
  creation (bsc#1222266).
• CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
• CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
• CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay
  (bsc#1220342).
• CVE-2024-23850: Fixed double free of anonymous device after snapshot
  creation failure (bsc#1219126).
• CVE-2024-23848: Fixed media/cec for possible use-after-free in
  cec_queue_msg_fh (bsc#1219104).
• CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
  and ARM md, raid, raid5 modules (bsc#1219169).
• CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security
  (bsc#1219170).
• CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super
  function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
• CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock
  found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
• CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts
  (bsc#1218562).
• CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device()
  (bsc#1223686).
• CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd
  (bsc#1223033).
• CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in
  msgr2 (bsc#1222247).
• CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop]
  (bsc#1222294).
• CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace
  (bsc#1222051).
• CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous
  sets never used from userspace (bsc#1221825).
• CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in
  mpi_ec_init (bsc#1221612).
• CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show
  (bsc#1221617).
• CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in
  wfx_set_mfp_ap() (bsc#1221042).
• CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via
  directory renaming (bsc#1221044).
• CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory
  renaming (bsc#1221088).
• CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
• CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in
  amdgpu_ras_query_error_status_helper() (bsc#1221080).
• CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash
  memory region (bsc#1220935).
• CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in
  amdtee_close_session (bsc#1220915).
• CVE-2023-52488: Fixed serial/sc16is7xx convert from raw to noinc regmap
  functions for FIFO (bsc#1221162).
• CVE-2022-48662: Fixed a general protection fault (GPF) in
  i915_perf_open_ioctl (bsc#1223505).
• CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails
  (bsc#1223498).
• CVE-2022-48658: Fixed mm/slub to avoid a problem in
  flush_cpu_slab()/__free_slab() task context (bsc#1223496).
• CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset
  skb->mac_header (bsc#1223513).
• CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at
  nf_tables_addchain() (bsc#1223478).
• CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in
  bond_rr_gen_slave_id (bsc#1223499).
• CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries
  == 0 and eh_depth > 0 (bsc#1223475).
• CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in
  hugetlb_mcopy_atomic_pte() (bsc#1222710).
• CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions
  (bsc#1222878)
• CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within
  drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
• CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex
  (bsc#1222832).
• CVE-2021-47189: Fixed denial of service due to memory ordering issues
  between normal and ordered work functions in btrfs (bsc#1222706).
• CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer
  (bsc#1222669).
• CVE-2021-47183: Fixed a null pointer dereference during link down processing
  in scsi lpfc (bsc#1192145, bsc#1222664).
• CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling
  (bsc#1222662).
• CVE-2021-47181: Fixed a null pointer dereference caused by calling
  platform_get_resource() (bsc#1222660).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html