kernel update [SLES15 SP6 6.4.0-150600.23.25.1]

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags
  (bsc#1221610).
• CVE-2023-52752: smb: client: fix use-after-free bug in
  cifs_debug_data_proc_show() (bsc#1225487).
• CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900
  (bsc#1230269).
• CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
• CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
• CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth
  (bsc#1222629).
• CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len
  bytes (bsc#1226606).
• CVE-2024-38596: af_unix: Fix data races in
  unix_release_sock/unix_stream_sendmsg (bsc#1226846).
• CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer
  (bsc#1227885).
• CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP
  (bsc#1227890).
• CVE-2024-40983: tipc: force a dst refcount before doing decryption
  (bsc#1227819).
• CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
• CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
  (bsc#1229001).
• CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004).
• CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from
  mispredictions (bsc#1229334).
• CVE-2024-42294: block: fix deadlock between sd_remove & sd_release
  (bsc#1229371).
• CVE-2024-42304: ext4: make sure the first directory block is not a hole
  (bsc#1229364).
• CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir
  indexed (bsc#1229363).
• CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer
  (bsc#1229362).
• CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit
  (bsc#1229394).
• CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio
  reference (bsc#1229380).
• CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename()
  (bsc#1229389).
• CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
• CVE-2024-43898: ext4: sanity check for NULL pointer after
  ext4_force_shutdown (bsc#1229753).
• CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after
  reassembling (bsc#1229790).
• CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock()
  (bsc#1229810).
• CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate
  expect ID (bsc#1229899).
• CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket
  (bsc#1230015).
• CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special
  register set (bsc#1230180).
• CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181).
• CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
  (bsc#1230209).
• CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in
  bcm_sf2_mdio_register() (bsc#1230211).
• CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
  (bsc#1230240).
• CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206).
• CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
• CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
• CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference
  (bsc#1230193).
• CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok
  (bsc#1230194).
• CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch
  (bsc#1230195).
• CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx()
  (bsc#1230171).
• CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
• CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling
  (bsc#1230169).
• CVE-2024-45003: Don't evict inode under the inode lru traversing context
  (bsc#1230245).
• CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl()
  (bsc#1230442).
• CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430).
• CVE-2024-45018: netfilter: flowtable: initialise extack before use
  (bsc#1230431).
• CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter
  (bsc#1230432).
• CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops
  (bsc#1230434).
• CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with
  high order fallback to order 0 (bsc#1230435).
• CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow
  disk (bsc#1230455).
• CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe
  (bsc#1230451).
• CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457).
• CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure
  (bsc#1230506).
• CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
• CVE-2024-46679: ethtool: check device is present when getting link settings
  (bsc#1230556).
• CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in
  smb2_new_read_req() (bsc#1230517).
• CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside
  btrfs_submit_chunk() (bsc#1230518).
• CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section
  (bsc#1230526).
• CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call
  (bsc#1230520).
• CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes
  (bsc#1230521).
• CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers
  (bsc#1230540).
• CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
• CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop
  (bsc#1230704).
• CVE-2024-46735: ublk_drv: fix NULL pointer dereference in
  ublk_ctrl_start_recovery() (bsc#1230727).
• CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in
  interrupt map walk (bsc#1230756).
• CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at
  btrfs_lookup_extent_info() (bsc#1230786).
• CVE-2024-46752: btrfs: reduce nesting for extent processing at
  btrfs_lookup_extent_info() (bsc#1230794).
• CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly
  (bsc#1230796).
• CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used
  (bsc#1230772).
• CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg()
  (bsc#1230810).
• CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
• CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
• CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing
  CPU entry (bsc#1231120).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2024-October/019580.html