kernel update [SLES15 SP5 5.14.21-150500.55.83.1]

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2022-48901: btrfs: do not start relocation until in progress drops are
  done (bsc#1229607).
• CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance.
  (bsc#1229633).
• CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment
  (bsc#1229662)
• CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit
  (bsc#1229619)
• CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags
  (bsc#1221610).
• CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900
  (bsc#1230269).
• CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
• CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
• CVE-2024-26767: drm/amd/display: fixed integer types and null check
  locations (bsc#1230339).
• CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth
  (bsc#1222629).
• CVE-2024-26837: net: bridge: switchdev: race between creation of new group
  memberships and generation of the list of MDB events to replay
  (bsc#1222973).
• CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
• CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len
  bytes (bsc#1226606).
• CVE-2024-38596: af_unix: Fix data races in
  unix_release_sock/unix_stream_sendmsg (bsc#1226846).
• CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
• CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP
  (bsc#1227890).
• CVE-2024-40983: tipc: force a dst refcount before doing decryption
  (bsc#1227819).
• CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
• CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command
  (bsc#1228620 CVE-2024-41082).
• CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
• CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation
  (bsc#1229156)
• CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from
  mispredictions (bsc#1229334).
• CVE-2024-42304: ext4: make sure the first directory block is not a hole
  (bsc#1229364).
• CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir
  indexed (bsc#1229363).
• CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer
  (bsc#1229362).
• CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit
  (bsc#1229394).
• CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
• CVE-2024-43898: ext4: sanity check for NULL pointer after
  ext4_force_shutdown (bsc#1229753).
• CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths
  (bsc#1229830)
• CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after
  reassembling (bsc#1229790).
• CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock()
  (bsc#1229810).
• CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate
  expect ID (bsc#1229899).
• CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket
  (bsc#1230015).
• CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special
  register set (bsc#1230180).
• CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race
  (bsc#1230178).
• CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
  (bsc#1230209).
• CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in
  bcm_sf2_mdio_register() (bsc#1230211).
• CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
• CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
• CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
• CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference
  (bsc#1230193).
• CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok
  (bsc#1230194).
• CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx()
  (bsc#1230171).
• CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
• CVE-2024-45003: Don't evict inode under the inode lru traversing context
  (bsc#1230245).
• CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
• CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
• CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl()
  (bsc#1230442).
• CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to
  (bsc#1230444)
• CVE-2024-45018: netfilter: flowtable: initialise extack before use
  (bsc#1230431).
• CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops
  (bsc#1230434).
• CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe
  (bsc#1230451).
• CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure
  (bsc#1230506).
• CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe
  error path (bsc#1230507).
• CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
• CVE-2024-46679: ethtool: check device is present when getting link settings
  (bsc#1230556).
• CVE-2024-46685: pinctrl: single: fix potential NULL dereference in
  pcs_get_function() (bsc#1230515)
• CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in
  smb2_new_read_req() (bsc#1230517).
• CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB
  (bsc#1230524)
• CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is
  removed (bsc#1230589)
• CVE-2024-46707: KVM: arm64: Make ICC_ SGI _EL1 undef in the absence of a
  vGICv3 (bsc#1230582).
• CVE-2024-46715: driver: iio: add missing checks on iio_info's callback
  access (bsc#1230700).
• CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
• CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
• CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before
  using (bsc#1230703)
• CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1
  (bsc#1230701)
• CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in
  interrupt map walk (bsc#1230756).
• CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at
  btrfs_lookup_extent_info() (bsc#1230786).
• CVE-2024-46752: btrfs: reduce nesting for extent processing at
  btrfs_lookup_extent_info() (bsc#1230794).
• CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly
  (bsc#1230796).
• CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used
  (bsc#1230772).
• CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg()
  (bsc#1230810).
• CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
• CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
• CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing
  CPU entry (bsc#1231120).
• CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling
  KVM_SET_VCPU_EVENTS (bsc#1231116).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2024-October/019576.html