kernel update [SLES15 SP6 6.4.0-150600.23.30.1]

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2024-53095: smb: client: Fix use-after-free of network namespace
  (bsc#1233642).
• CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
• CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in
  precision tracking (bsc#1232823).
• CVE-2023-6270: aoe: fix the potential use-after-free problem in more places
  (bsc#1218562).
• CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-
  DSA netdevice events (bsc#1220355).
• CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after
  check_estalblished() (bsc#1222587).
• CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
• CVE-2024-26953: net: esp: fix bad handling of pages from page_pool
  (bsc#1223656).
• CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink
  dump (bsc#1223733).
• CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head
  (bsc#1224518).
• CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge
  (bsc#1224548).
• CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to
  entire cycle too (bsc#1226797).
• CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
• CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
• CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
  (bsc#1225742).
• CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb()
  (bsc#1225813).
• CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append
  (bsc#1225764).
• CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
  (bsc#1226130).
• CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl()
  (bsc#1226748).
• CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio
  (bsc#1227842).
• CVE-2024-41023: sched/deadline: Fix task_struct reference leak
  (bsc#1228430).
• CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed
  (bsc#1228454).
• CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command
  (bsc#1228620).
• CVE-2024-42102: Revert "mm/writeback: fix possible divide-by-zero in
  wb_dirty_limits(), again" (bsc#1233132).
• CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc
  (bsc#1230179).
• CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during
  resetting (bsc#1230231).
• CVE-2024-45016: netem: fix return value if duplicate enqueue fails
  (bsc#1230429).
• CVE-2024-45025: fix bitmap corruption on close_range() with
  CLOSE_RANGE_UNSHARE (bsc#1230456).
• CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex
  (bsc#1230550).
• CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing
  driver (bsc#1230557).
• CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
• CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
• CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops
  (bsc#1230801).
• CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
• CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections
  (bsc#1230762).
• CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow
  (bsc#1230763).
• CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
• CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
• CVE-2024-46800: sch/netem: fix use after free in netem_dequeue
  (bsc#1230827).
• CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links
  (bsc#1231191).
• CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums
  greater than max_links (bsc#1231197).
• CVE-2024-46826: ELF: fix kernel.randomize_va_space double read
  (bsc#1231115).
• CVE-2024-46828: sched: sch_cake: fix bulk flow accounting logic for host
  fairness (bsc#1231114).
• CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test
  (bsc#1231117).
• CVE-2024-46834: ethtool: fail closed if we can't get max channel used in
  indirection tables (bsc#1231096).
• CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete
  (bsc#1231105).
• CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from
  btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
• CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added
  (bsc#1231100).
• CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
• CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
• CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs
  (bsc#1231087).
• CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35
  (bsc#1231435).
• CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled
  (bsc#1231436).
• CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
• CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency
  provided by the firmware (bsc#1231442).
• CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case
  (bsc#1231673).
• CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput()
  (bsc#1231930).
• CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us()
  (bsc#1231987).
• CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
  (bsc#1231998).
• CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
• CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
• CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath
  the filesystem (bsc#1231920).
• CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
• CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before
  using it (bsc#1231944).
• CVE-2024-47705: block: fix potential invalid pointer dereference in
  blk_add_partition (bsc#1231872).
• CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain
  (bsc#1231942).
• CVE-2024-47707: ipv6: avoid possible NULL deref in
  rt6_uncached_list_flush_dev() (bsc#1231935).
• CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free()
  (bsc#1232049).
• CVE-2024-47727: x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116).
• CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue
  (bsc#1232075).
• CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status
  clearing (bsc#1232117).
• CVE-2024-47739: padata: use integer wrap around to prevent deadlock on
  seq_nr overflow (bsc#1232124).
• CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek
  using same fd (bsc#1231869).
• CVE-2024-47745: mm: call the security_mmap_file() LSM hook in
  remap_file_pages() (bsc#1232135).
• CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver
  Due to Race Condition (bsc#1232145).
• CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch
  warning (bsc#1232130).
• CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch
  warning (bsc#1231868).
• CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder
  smatch warning (bsc#1232131).
• CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in
  efc_nport_vport_del() (bsc#1232819).
• CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread
  creation (bsc#1232256).
• CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner
  kthread during umount (bsc#1232262).
• CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a
  new trasacntion (bsc#1232272).
• CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
• CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path
  (bsc#1232200).
• CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent()
  (bsc#1232199).
• CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
• CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it
  (bsc#1232217).
• CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default
  to 1 (bsc#1232220).
• CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware
  format translation (bsc#1232354).
• CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma
  hardware format translation (bsc#1232352).
• CVE-2024-49896: drm/amd/display: Check stream before comparing them
  (bsc#1232221).
• CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used
  (bsc#1232355).
• CVE-2024-49898: drm/amd/display: Check null-initialized variables
  (bsc#1232222).
• CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1
  (bsc#1232358).
• CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid
  nullptrs (bsc#1232305).
• CVE-2024-49906: drm/amd/display: Check null pointer before try to access it
  (bsc#1232332).
• CVE-2024-49907: drm/amd/display: Check null pointers before using
  dc->clk_mgr (bsc#1232334).
• CVE-2024-49908: drm/amd/display: Add null check for 'afb' in
  amdgpu_dm_update_cursor (bsc#1232335).
• CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in
  dcn32_set_output_transfer_func (bsc#1232337).
• CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in
  dcn20_set_output_transfer_func (bsc#1232366).
• CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in
  'planes_changed_for_existing_stream' (bsc#1232367).
• CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in
  commit_planes_for_stream (bsc#1232307).
• CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in
  (bsc#1232369).
• CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and
  clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
• CVE-2024-49918: drm/amd/display: Add null check for head_pipe in
  dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
• CVE-2024-49919: drm/amd/display: Add null check for head_pipe in
  dcn201_acquire_free_pipe_for_layer (bsc#1231968).
• CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses
  (bsc#1232313).
• CVE-2024-49921: drm/amd/display: Check null pointers before used
  (bsc#1232371).
• CVE-2024-49922: drm/amd/display: Check null pointers before using them
  (bsc#1232374).
• CVE-2024-49923: drm/amd/display: Pass non-null to
  dcn20_validate_apply_pipe_split_flags (bsc#1232361).
• CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core
  (bsc#1232224)
• CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
• CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid
  dentry.d_name.name (bsc#1232387).
• CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash()
  (bsc#1232424).
• CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in
  sctp_listen_start (bsc#1232166).
• CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the
  associated structure (bsc#1232165).
• CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input()
  (bsc#1232164).
• CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with
  UFO (bsc#1232160).
• CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
• CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption
  (bsc#1232157).
• CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete()
  twice (bsc#1232156).
• CVE-2024-49954: static_call: Replace pointless WARN_ON() in
  static_call_module_notify() (bsc#1232155).
• CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching
  reflink tree (bsc#1232151).
• CVE-2024-49959: jbd2: stop waiting for space when
  jbd2_cleanup_journal_tail() returns error (bsc#1232149).
• CVE-2024-49960: ext4: fix timer use-after-free on failed mount
  (bsc#1232395).
• CVE-2024-49967: ext4: no need to continue when the number of entries is 1
  (bsc#1232140).
• CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted
  with siphash (bsc#1232264).
• CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color
  transformation (bsc#1232519).
• CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails
  (bsc#1232315).
• CVE-2024-49973: r8169: add tally counter fields added with RTL8125
  (bsc#1232105).
• CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous
  (bsc#1232383).
• CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid
  double-free (bsc#1232096).
• CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on
  platform_device_register() errors (bsc#1232093).
• CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...)
  (bsc#1232258).
• CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module
  unload (bsc#1232483).
• CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
  (bsc#1232282).
• CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called
  with 0 count (bsc#1232316).
• CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
• CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points
  (bsc#1232089).
• CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
  (bsc#1232085).
• CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit
  (bsc#1232084).
• CVE-2024-50002: static_call: Handle module init failure correctly in
  static_call_del_module() (bsc#1232083).
• CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT
  monitor (bsc#1232385).
• CVE-2024-50004: drm/amd/display: update DML2 policy
  EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
• CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate()
  (bsc#1232442).
• CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return
  value (bsc#1232318).
• CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node
  (bsc#1232386).
• CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path
  (bsc#1232446).
• CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when
  partially writing (bsc#1232079).
• CVE-2024-50020: ice: Fix improper handling of refcount in
  ice_sriov_set_msix_vec_count() (bsc#1231989).
• CVE-2024-50021: ice: Fix improper handling of refcount in
  ice_dpll_init_rclk_pins() (bsc#1231957).
• CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping()
  (bsc#1231956).
• CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
• CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone
  (bsc#1231951).
• CVE-2024-50028: thermal: core: Reference count the zone in
  thermal_zone_get_by_id() (bsc#1231950).
• CVE-2024-50033: slip: make slhc_remember() more robust against malicious
  packets (bsc#1231914).
• CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
• CVE-2024-50040: igb: Do not bring the device up after non-fatal error
  (bsc#1231908).
• CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to
  mac_filter_hash (bsc#1231907).
• CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
• CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb
  (bsc#1231903).
• CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in
  nfs42_complete_copies() (bsc#1231902).
• CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
• CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in
  switchtec_ntb_remove due to race condition (bsc#1232345).
• CVE-2024-50060: io_uring: check if we need to reschedule during overflow
  flush (bsc#1232417).
• CVE-2024-50063: bpf: Prevent tail call between progs attached to different
  hooks (bsc#1232435).
• CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
• CVE-2024-50080: ublk: do not allow user copy for unprivileged device
  (bsc#1232502).
• CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx
  (bsc#1232501).
• CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs.
  rq_qos_wake_function race (bsc#1232500).
• CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in
  vcap_api_encode_rule_test() (bsc#1232494).
• CVE-2024-50087: btrfs: fix uninitialized pointer free on
  read_alloc_one_name() error (bsc#1232499).
• CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref()
  (bsc#1232498).
• CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
  (bsc#1232881).
• CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping
  (bsc#1232885).
• CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
  (bsc#1232919).
• CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
• CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
• CVE-2024-50127: net: sched: fix use-after-free in taprio_change()
  (bsc#1232907).
• CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
• CVE-2024-50130: netfilter: bpf: must hold reference on net namespace
  (bsc#1232894).
• CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
• CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
• CVE-2024-50145: octeon_ep: add SKB allocation failures handling in
  __octep_oq_process_rx() (bsc#1233044).
• CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in
  target_alloc_device() (bsc#1233061).
• CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink()
  (bsc#1233070).
• CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices
  (bsc#1233050).
• CVE-2024-50167: be2net: fix potential memory leak in be_xmit()
  (bsc#1233049).
• CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
• CVE-2024-50171: net: systemport: fix potential memory leak in
  bcm_sysport_xmit() (bsc#1233057).
• CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1
  (bsc#1233115).
• CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct
  map (bsc#1233129).
• CVE-2024-50184: virtio_pmem: Check device status before requesting flush
  (bsc#1233135).
• CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails
  (bsc#1233110).
• CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE
  (bsc#1233106).
• CVE-2024-50195: posix-clock: Fix missing timespec64 check in
  pc_clock_settime() (bsc#1233103).
• CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
• CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked
  flag (bsc#1233206).
• CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
• CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
• CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks
  (bsc#1233226).
• CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote
  IPv6 address (bsc#1233201).
• CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
• CVE-2024-50261: macsec: Fix use-after-free while sending the offloading
  packet (bsc#1233253).
• CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer
  occurring in vsk->trans (bsc#1233453).
• CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
• CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from
  the list (bsc#1233462).
• CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings
  (bsc#1233463).
• CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps
  (bsc#1233464).
• CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb
  (bsc#1233465).
• CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when
  resizing (bsc#1233468).
• CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
• CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single
  (bsc#1233484).
• CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver
  (bsc#1233485).
• CVE-2024-50298: net: enetc: allocate vf_state during PF probes
  (bsc#1233487).
• CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in
  ip_tunnel_init_flow() (bsc#1233540).
• CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
• CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM
  (bsc#1233721).
• CVE-2024-53051: drm/i915/hdcp: Add encoder check in
  intel_hdcp_get_capability (bsc#1233547).
• CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction
  (bsc#1233550).
• CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in
  mtk_crtc_destroy() (bsc#1233568).
• CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged
  SKB data (bsc#1233552).
• CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking
  (bsc#1233570).
• CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
• CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error
  (bsc#1234085).
• CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active
  (bsc#1234078).
• CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting
  (bsc#1234223).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html