kernel update [SLES15 SP6 6.4.0-150600.23.38.1]

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing,
  fix null-deref (bsc#1236703).
• CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle
  (bsc#1236698).
• CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error
  (bsc#1236696).
• CVE-2025-21675: net/mlx5: Clear port select structure when fail to create
  (bsc#1236694).
• CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling
  IPsec tunnel (bsc#1236688).
• CVE-2025-21670: vsock/bpf: return early if transport is not assigned
  (bsc#1236685).
• CVE-2025-21669: vsock/virtio: discard packets if the transport changes
  (bsc#1236683).
• CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
  (bsc#1236680).
• CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first
  function (bsc#1236262).
• CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device
  tree (bsc#1236260).
• CVE-2025-21662: net/mlx5: Fix variable not being completed when function
  returns (bsc#1236198).
• CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another
  RCU period (bsc#1236163).
• CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
  (bsc#1236161).
• CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink()
  (bsc#1236160).
• CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145).
• CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out
  of bounds issue (bsc#1236144).
• CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08
  devices (bsc#1236143).
• CVE-2025-21632: x86/fpu: Ensure shadow stack is active before "getting"
  registers (bsc#1236106).
• CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend
  (bsc#1236247).
• CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in
  sctp_association_init() (bsc#1236182).
• CVE-2024-57933: gve: guard XSK operations on the existence of queues
  (bsc#1236178).
• CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues
  (bsc#1236190).
• CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
• CVE-2024-57929: dm array: fix releasing a faulty array block twice in
  dm_array_cursor_end (bsc#1236096).
• CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap
  (bsc#1236127).
• CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967).
• CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner
  kthread during unmount (bsc#1235965).
• CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer
  dqi_priv (bsc#1235964).
• CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop
  in throttle_direct_reclaim() (bsc#1235948).
• CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
• CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946).
• CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings
  (bsc#1235798).
• CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL
  (bsc#1235793).
• CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched
  in sysfs (bsc#1235779).
• CVE-2024-57802: netrom: check buffer length before accessing it
  (bsc#1235941).
• CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without
  loaded flag (bsc#1235940).
• CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device
  (bsc#1235906).
• CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable
  errors (bsc#1235768).
• CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining
  clc data (bsc#1235759).
• CVE-2024-56775: drm/amd/display: Fix handling of plane refcount
  (bsc#1235657).
• CVE-2024-56774: btrfs: add a sanity check for btrfs root in
  btrfs_search_slot() (bsc#1235653).
• CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write
  (bsc#1235638).
• CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing
  is enabled (bsc#1235645).
• CVE-2024-56748: scsi: qedf: Fix a possible memory leak in
  qedf_alloc_and_init_sb() (bsc#1235627).
• CVE-2024-56747: scsi: qedi: Fix a possible memory leak in
  qedi_alloc_and_init_sb() (bsc#1234934).
• CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops
  (bsc#1235503).
• CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in
  otx2_ethtool.c (bsc#1235656).
• CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in
  otx2_flows.c (bsc#1235583).
• CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
  (bsc#1235582).
• CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in
  otx2_dcbnl.c (bsc#1235578).
• CVE-2024-56716: netdevsim: prevent bad user input in
  nsim_dev_health_break_write() (bsc#1235587).
• CVE-2024-56715: ionic: Fix netdev notifier unregister on failure
  (bsc#1235612).
• CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path
  (bsc#1235565).
• CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload
  (bsc#1235564).
• CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in
  otx2_dmac_flt.c (bsc#1235545).
• CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
• CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS
  (bsc#1235412).
• CVE-2024-56693: brd: defer automatic disk creation until module
  initialization succeeds (bsc#1235418).
• CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in
  otx2_common.c (bsc#1235498).
• CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
  (bsc#1235555).
• CVE-2024-56665: bpf,perf: Fix invalid prog_array access in
  perf_event_detach_bpf_prog (bsc#1235489).
• CVE-2024-56664: bpf, sockmap: Fix race between element replace and close()
  (bsc#1235249).
• CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference
  (bsc#1235437).
• CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439).
• CVE-2024-56658: net: defer final 'struct net' free in netns dismantle
  (bsc#1235441).
• CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X
  chips (bsc#1235444).
• CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check()
  (bsc#1235430).
• CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not
  support (bsc#1235449).
• CVE-2024-56648: net: hsr: avoid potential out-of-bound access in
  fill_frame_info() (bsc#1235451).
• CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv
  (bsc#1235132).
• CVE-2024-56641: net/smc: initialize close_work early to avoid warning
  (bsc#1235526).
• CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a
  module (bsc#1235523).
• CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb()
  (bsc#1235520).
• CVE-2024-56635: net: avoid potential UAF in default_operstate()
  (bsc#1235519).
• CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release()
  (bsc#1235480).
• CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251).
• CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
  (bsc#1235227).
• CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done
  from the primary CPU (bsc#1235429).
• CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements
  (bsc#1235426).
• CVE-2024-56614: xsk: fix OOB map writes when deleting elements
  (bsc#1235424).
• CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at
  least one VMA in a MM (bsc#1235391).
• CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock
  (bsc#1235390).
• CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in
  'dcn21_link_encoder_create' (bsc#1235487).
• CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in
  can_create() (bsc#1235415).
• CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in
  ieee802154_create() (bsc#1235521).
• CVE-2024-56601: net: inet: do not leave a dangling sk pointer in
  inet_create() (bsc#1235230).
• CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in
  inet6_create() (bsc#1235217).
• CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket()
  (bsc#1235244).
• CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption
  model (bsc#1235241).
• CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs
  initialization (bsc#1235123).
• CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function
  (bsc#1235035).
• CVE-2024-56569: ftrace: Fix regression with module command in
  stack_trace_filter (bsc#1235031).
• CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device
  bound (bsc#1235032).
• CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753).
• CVE-2024-55881: KVM: x86: Play nice with protected guests in
  complete_hypercall_exit() (bsc#1235745).
• CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree
  node (bsc#1235737).
• CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720).
• CVE-2024-53236: xsk: Free skb when TX metadata options are invalid
  (bsc#1235000).
• CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050).
• CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit()
  (bsc#1235011).
• CVE-2024-53203: usb: typec: fix potential array underflow in
  ucsi_ccg_sync_control() (bsc#1235001).
• CVE-2024-53198: xen: Fix the issue of resource not being properly released
  in xenbus_dev_probe() (bsc#1234923).
• CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction
  (bsc#1234906).
• CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use
  (bsc#1234957).
• CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947).
• CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey()
  (bsc#1234901).
• CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns
  (bsc#1234893).
• CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching
  (bsc#1234898).
• CVE-2024-53170: block: fix uaf for flush rq while iterating tags
  (bsc#1234888).
• CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
• CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in
  tls_sw_has_ctx_tx/rx (bsc#1233638).
• CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in
  ip_tunnel_find() (bsc#1233522).
• CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb()
  (bsc#1233488).
• CVE-2024-50258: net: fix crash when config small
  gso_max_size/gso_ipv4_max_size (bsc#1233221).
• CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before
  calling skb_checksum() (bsc#1233248).
• CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
• CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request
  (bsc#1233055).
• CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087).
• CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from
  frag_list (bsc#1232101).
• CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
  (bsc#1232158).
• CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init()
  (bsc#1232161).
• CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
  (bsc#1235727).
• CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
• CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop
  request (bsc#1235705).
• CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803).
• CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage
  (bsc#1221326).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020336.html