kernel update [SLES15 SP6 6.4.0-150600.23.22.1]

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in
  starting tx ba session (bsc#1229827).
• CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c
  (bsc#1229754).
• CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage.
  (bsc#1229503)
• CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct
  objagg_ops (bsc#1229481).
• CVE-2024-43866: net/mlx5: Always drain health in shutdown callback
  (bsc#1229495).
• CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header
  context (bsc#1229496).
• CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio
  (bsc#1229342).
• CVE-2024-43854: block: initialize integrity buffer to zero before writing it
  to media (bsc#1229345)
• CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during
  bwmon_remove (bsc#1229316).
• CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb
  structures (bsc#1229301).
• CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map
  (bsc#1229297).
• CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy()
  (bsc#1229314)
• CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi
  (bsc#1229309).
• CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference
  (bsc#1229315).
• CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service
  (bsc#1229347)
• CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer
  (bsc#1229351).
• CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level()
  (bsc#1229353).
• CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357)
• CVE-2024-42308: Update DRM patch reference (bsc#1229411)
• CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407).
• CVE-2024-42295: nilfs2: handle inconsistent state in
  nilfs_btnode_create_block() (bsc#1229370).
• CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters
  (bsc#1229374).
• CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management
  correctly (bsc#1229379).
• CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on
  error (bsc#1229382)
• CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops
  (bsc#1229383)
• CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size
  (bsc#1229386).
• CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
  (bsc#1229409).
• CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in
  iptable_nat_table_init() (bsc#1229404).
• CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in
  ip6table_nat_table_init() (bsc#1229402).
• CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload
  (bsc#1229391).
• CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory
  accesses (bsc#1228988).
• CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in
  xs_tcp_setup_socket (bsc#1228989).
• CVE-2024-42245: Revert "sched/fair: Make sure to try to detach at least one
  movable task" (bsc#1228978).
• CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed
  (bsc#1228986).
• CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list
  (bsc#1228723).
• CVE-2024-42162: gve: Account for stopped queues when reading NIC stats
  (bsc#1228706).
• CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD
  (bsc#1228756).
• CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754).
• CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
  (bsc#1228720).
• CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727).
• CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure
  (bsc#1228722).
• CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys
  (bsc#1228733).
• CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds
  (bsc#1228487).
• CVE-2024-42145: IB/core: Implement a limit on UMAD receive List
  (bsc#1228743).
• CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed
  (bsc#1228491).
• CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503).
• CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in
  case of invalid INI file (bsc#1228500).
• CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible
  (bsc#1228705).
• CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc
  (bsc#1228591).
• CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
  (bsc#1228568).
• CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call
  netif_rx() from __netif_rx() (bsc#1228501).
• CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work
  before notifier (bsc#1228505).
• CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494).
• CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2
  (bsc#1228493).
• CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
• CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
  (bsc#1228446).
• CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack
  (bsc#1228680).
• CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
• CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush
  (bsc#1228672).
• CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on
  Spectrum-4 systems (bsc#1228457).
• CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store
  to data registers (bsc#1228470).
• CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup
  (bsc#1228472).
• CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
• CVE-2024-41080: io_uring: fix possible deadlock in
  io_register_iowq_max_workers() (bsc#1228616).
• CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable
  failure (bsc#1228655).
• CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label
  (bsc#1228649).
• CVE-2024-41075: cachefiles: add consistency check for copen/cread
  (bsc#1228646).
• CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen
  (bsc#1228643).
• CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in
  kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
• CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
• CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579).
• CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
• CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes
  (bsc#1228599).
• CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release
  (bsc#1228576).
• CVE-2024-41058: cachefiles: fix slab-use-after-free in
  fscache_withdraw_volume() (bsc#1228459).
• CVE-2024-41057: cachefiles: fix slab-use-after-free in
  cachefiles_withdraw_cookie() (bsc#1228462).
• CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when
  dropping object (bsc#1228468).
• CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse
  (bsc#1228499).
• CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
• CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets
  (bsc#1228530).
• CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()
  (bsc#1228520).
• CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
• CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant
  (bsc#1228496).
• CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask
  (bsc#1228460).
• CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path
  (bsc#1228427).
• CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry()
  (bsc#1228409).
• CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is
  detected (bsc#1228247).
• CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021).
• CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
• CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
  (bsc#1227863).
• CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867).
• CVE-2024-40995: net/sched: act_api: fix possible infinite loop in
  tcf_idr_check_alloc() (bsc#1227830).
• CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store
  (bsc#1227829).
• CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on
  teardown (bsc#1227823).
• CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute
  (bsc#1227929).
• CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in
  xfrm6_get_saddr() (bsc#1227884).
• CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net
  (bsc#1227812).
• CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in
  End.DX4 and End.DX6 behaviors (bsc#1227811).
• CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in
  irq_process_work_list (bsc#1227810).
• CVE-2024-40954: net: do not leave a dangling sk pointer, when socket
  creation fails (bsc#1227808)
• CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of
  region creation fail (bsc#1227799).
• CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840).
• CVE-2024-40921: net: bridge: mst: pass vlan group directly to
  br_mst_vlan_set_state (bsc#1227784).
• CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in
  br_mst_set_state (bsc#1227781).
• CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free()
  (bsc#1227798).
• CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from()
  (bsc#1227761)
• CVE-2024-39506: liquidio: adjust a NULL pointer handling path in
  lio_vf_rep_copy_packet (bsc#1227729).
• CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623)
• CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating
  sockmap/sockhash (bsc#1226885).
• CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604).
• CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in
  nsh_gso_segment() (bsc#1225832).
• CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs
  (bsc#1225814).
• CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
• CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
• CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't
  be re-encrypted (bsc#1225744).
• CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected
  (bsc#1225718).
• CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874)
• CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in
  instance_destroy_rcu() (bsc#1226801)
• CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-
  IP-has-been-disabled-on.patch (bsc#1226798)
• CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
  (bsc#1224700).
• CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure
  (bsc#1224535).
• CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending
  basechain deletion (bsc#1224510).
• CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ
  (bsc#1222625).
• CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path
  in clk_mt8135_apmixed_probe() (bsc#1224711).
• CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init()
  (bsc#1224415).
• CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742).
• CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down
  (bsc#1223777).
• CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path
  (bsc#1223803).
• CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion
  (bsc#1223720).
• CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length
  out of range (bsc#1223074)
• CVE-2024-26837: net: bridge: switchdev: race between creation of new group
  memberships and generation of the list of MDB events to replay
  (bsc#1222973).
• CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register
  failure (bsc#1222967).
• CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808).
• CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only
  from destroy path (bsc#1222633).
• CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
  inet/ingress basechain (bsc#1222634).
• CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref
  (bsc#1222372).
• CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ("rxrpc: Fix delayed ACKs
  to not set the reference serial number") (bsc#1222387)
• CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload
  (bsc#1222350).
• CVE-2024-26668: netfilter: nft_limit: reject configurations that cause
  integer overflow (bsc#1222335).
• CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
  (bsc#1221630).
• CVE-2024-26590: erofs: fix inconsistent per-file compression format
  (bsc#1220252).
• CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during
  sock creation (bsc#1229287).
• CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails
  (bsc#1225582).
• CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255
  elements expired (bsc#1220877).
• CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage
  (bsc#1221326).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2024-September/019497.html