kernel update [SLES15 SP6 6.4.0-150600.23.47.2]

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2023-52927: netfilter: allow exp not to be removed in
  nf_ct_find_expectation (bsc#1239644).
• CVE-2024-35910: tcp: properly terminate timers for kernel sockets
  (bsc#1224489).
• CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active
  (bsc#1227858).
• CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
• CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal
  msg (bsc#1235711).
• CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace
  kABI workaround (bsc#1235712).
• CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when
  receiving proposal msg (bsc#1235733).
• CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount
  underflow (bsc#1232812).
• CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
  (bsc#1232389).
• CVE-2024-50140: net: sched: use RCU read-side critical section in
  taprio_dump() (bsc#1233060).
• CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
  (bsc#1233551).
• CVE-2024-53140: netlink: terminate outstanding dump on socket close
  (bsc#1234222).
• CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in
  ip_vs_protocol_init() (bsc#1235715).
• CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock
  (bsc#1235729).
• CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area
  handling under softirq" (bsc#1235524).
• CVE-2024-56640: net/smc: fix LGR and link use-after-free issue
  (bsc#1235436).
• CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
• CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next
  hop churn (bsc#1235455).
• CVE-2024-56718: net/smc: protect link down work from execute after lgr freed
  (bsc#1235589).
• CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops
  (bsc#1235591).
• CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
• CVE-2024-56758: btrfs: check folio mapping after unlock in
  relocate_one_folio() (bsc#1235621).
• CVE-2024-56770: net/sched: netem: account for backlog updates from child
  qdisc (bsc#1235637).
• CVE-2024-57900: ila: serialize calls to nf_register_net_hooks()
  (bsc#1235973).
• CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill
  (bsc#1236333).
• CVE-2024-57974: udp: Deal with race between UDP socket address change and
  rehash (bsc#1238532).
• CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
• CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit
  (bsc#1239076).
• CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during
  params (bsc#1239104).
• CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message
  queue (bsc#1238997).
• CVE-2024-58083: KVM: Explicitly verify target vCPU is online in
  kvm_get_vcpu() (bsc#1239036).
• CVE-2025-21635: rds: sysctl: rds_tcp_ {rcv,snd}

  buf: avoid using
  current->nsproxy (bsc#1236111).

• CVE-2025-21659: netdev: prevent accessing NAPI instances from another
  namespace (bsc#1236206).
• CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU
  hotunplug (bsc#1237029).
• CVE-2025-21701: net: avoid race between device unregistration and ethnl ops
  (bsc#1237164).
• CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
  (bsc#1237313).
• CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
• CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
• CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
• CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted
  transaction (bsc#1237875).
• CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent
  after transaction abort (bsc#1238496).
• CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send()
  (bsc#1238738).
• CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb()
  (bsc#1238763).
• CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
  (bsc#1238775).
• CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
• CVE-2025-21763: neighbour: use RCU protection in __neigh_notify()
  (bsc#1237897).
• CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss()
  (bsc#1237906).
• CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu()
  (bsc#1238754).
• CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
• CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer
  (bsc#1238971).
• CVE-2025-21844: smb: client: Add check for next_buffer in
  receive_encrypted_standard() (bsc#1239512).
• CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
  (bsc#1239479).
• CVE-2025-21856: s390/ism: add release function for struct device
  (bsc#1239486).
• CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL
  dereference (bsc#1239478).
• CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in
  migrate_device_finalize() (bsc#1239483).
• CVE-2025-21862: drop_monitor: fix incorrect initialization order
  (bsc#1239474).
• CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we
  currently drop (bsc#1239482).
• CVE-2025-21865: gtp: Suppress list corruption splat in
  gtp_net_exit_batch_rtnl() (bsc#1239481).
• CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH
  copiers (bsc#1240191).
• CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
• CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
• CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
• CVE-2025-21891: ipvlan: ensure network headers are in skb linear part
  (bsc#1240186).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2025-April/020675.html