Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-18809

kernel update [SLES15 SP6 6.4.0-150600.23.42.2]

Details

    • Task
    • Resolution: Unresolved
    • Minor
    • None
    • Lustre 2.17.0
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
      bugfixes.

      The following security bugs were fixed:

      • CVE-2024-26708: mptcp: fix inconsistent state on fastopen race
        (bsc#1222672).
      • CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock
        (bsc#1227937).
      • CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp
        (bsc#1230235).
      • CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req
        (bsc#1230438).
      • CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available
        (bsc#1230439).
      • CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync
        (bsc#1231949).
      • CVE-2024-50036: net: do not delay dst_entries_add() in dst_release()
        (bsc#1231912).
      • CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
        (bsc#1232508).
      • CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when
        sel.family is unset (bsc#1233028).
      • CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption
        (bsc#1233109).
      • CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls
        (bsc#1233483).
      • CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
      • CVE-2024-53147: exfat: fix out-of-bounds access of directory entries
        (bsc#1234857).
      • CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop
        their dentry (bsc#1234894).
      • CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error
        paths (bsc#1234896).
      • CVE-2024-53178: smb: Do not leak cfid when reconnect races with
        open_cached_dir (bsc#1234895).
      • CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device
        bound (bsc#1235032).
      • CVE-2024-56633: selftests/bpf: Add apply_bytes test to
        test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
      • CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug
        (bsc#1235435).
      • CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data
        (bsc#1235592).
      • CVE-2024-57994: ptr_ring: do not block hard interrupts in
        ptr_ring_resize_multiple() (bsc#1237901).
      • CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using
        current->nsproxy (bsc#1236113).
      • CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy
        (bsc#1236114).
      • CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy
        (bsc#1236115).
      • CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy
        (bsc#1236122).
      • CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
        (bsc#1236123).
      • CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow
        fairness counts (bsc#1236133).
      • CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits
        (bsc#1236684).
      • CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits
        (bsc#1236681).
      • CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition
        (bsc#1236682).
      • CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname
        (bsc#1236689).
      • CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries
        (bsc#1236700).
      • CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with
        carrier (bsc#1236702).
      • CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls
        (bsc#1237045).
      • CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
      • CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one
        parent to another (bsc#1237159).
      • CVE-2025-21728: bpf: Send signals asynchronously if !preemptible
        (bsc#1237879).
      • CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
      • CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
      • CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump()
        (bsc#1237891).
      • CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries
        (bsc#1238860).
      • CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in
        iova_bitmap_offset_to_index() (bsc#1238863).
      • CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
      • CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling
        get_random_u32() in atomic context (bsc#1238509).
      • CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value
        (bsc#1238753).
      • CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
      • CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in
        am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
      • CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling
        (bsc#1238751).

      The following non-security bugs were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. LU-18721 kernel update [SLES15 SP6 6.4.0-150600.23.38.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: