kernel update [SLES15 SP6 6.4.0-150600.23.50.1]

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

• CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching
  (bsc#1242006).
• CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in
  subflow_finish_connect() (bsc#1224597).
• CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to
  load on IPv6 (bsc#1231910).
• CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP
  (bsc#1233075).
• CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not
  overlap (bsc#1233098).
• CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc
  (bsc#1234074).
• CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
• CVE-2024-57924: fs: relax assertions on failure to encode file handles
  (bsc#1236086).
• CVE-2024-58018: nvkm: correctly calculate the available space of the GSP
  cmdq buffer (bsc#1238990).
• CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not
  initialized (bsc#1238961).
• CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in
  PREEMPT_RT (bsc#1238983).
• CVE-2024-58071: team: prevent adding a device which is already a team device
  lower (bsc#1238970).
• CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
• CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak
  (bsc#1236704).
• CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
• CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
• CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan
  completion (bsc#1237874).
• CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
• CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack()
  (bsc#1238737).
• CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6
  lwtunnels (bsc#1238714).
• CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE
  sockopt (bsc#1238745).
• CVE-2025-21806: net: let net.core.dev_weight always be non-zero
  (bsc#1238746).
• CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in
  generic mode (bsc#1238742).
• CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
• CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
  (bsc#1239108).
• CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade
  (bsc#1239066).
• CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting
  unconnected (bsc#1239470).
• CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
• CVE-2025-21867: bpf, test_run: Fix use-after-free issue in
  eth_skb_pkt_type() (bsc#1240181).
• CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails
  (bsc#1240184).
• CVE-2025-21875: mptcp: always handle address removal under msk socket lock
  (bsc#1240168).
• CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode()
  (bsc#1240185).
• CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
• CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in
  ovl_link_up (bsc#1240176).
• CVE-2025-21889: perf/core: Add RCU read lock protection to
  perf_iterate_ctx() (bsc#1240167).
• CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
  (bsc#1240581).
• CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered
  pmu_ctx_list (bsc#1240585).
• CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe()
  (bsc#1240576).
• CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
• CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd
  writeback (bsc#1240600).
• CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
  (bsc#1240591).
• CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
• CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if
  hclge_ptp_get_cycle returns an error (bsc#1240720).
• CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit()
  (bsc#1240713).
• CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).
• CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned
  folio (bsc#1240709).
• CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2
  (bsc#1240742).
• CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
  (bsc#1240815).
• CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
• CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount
  option (bsc#1240655).
• CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount
  option (bsc#1240717).
• CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount
  option (bsc#1240740).
• CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
• CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check
  (bsc#1240819).
• CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
• CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table()
  (bsc#1240812).
• CVE-2025-21980: sched: address a potential NULL pointer dereference in the
  GRED scheduler (bsc#1240809).
• CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
• CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).
• CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-
  less NUMA nodes (bsc#1240795).
• CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in
  ibft_attr_show_nic() (bsc#1240797).
• CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
• CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
• CVE-2025-22015: mm/migrate: fix shmem xarray update during migration
  (bsc#1240944).
• CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).
• CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).
• CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).
• CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec
  (bsc#1241378).
• CVE-2025-22036: exfat: fix random stack corruption after get_block
  (bsc#1241426).
• CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal
  PMDs (bsc#1241433).
• CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging
  (bsc#1241373).
• CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
• CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
• CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption
  (bsc#1241526).
• CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is
  dormant (bsc#1241413).
• CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de()
  (bsc#1241416).
• CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements
  (bsc#1241537).
• CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release
  (bsc#1241456).
• CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
• CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452
  bsc#1241548).
• CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in
  sja1105_table_delete_entry() (bsc#1241575).
• CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).
• CVE-2025-22115: btrfs: fix block group refcount race in
  btrfs_create_pending_block_groups() (bsc#1241578).
• CVE-2025-22121: ext4: fix out-of-bound read in
  ext4_xattr_inode_dec_ref_all() (bsc#1241593).
• CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution
  (bsc#1239684).
• CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead
  reg worker (bsc#1241451).
• CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
• CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow
  (bsc#1242596).
• CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
• CVE-2025-37798: codel: remove sch->q.qlen check before
  qdisc_tree_reduce_backlog() (bsc#1242414).
• CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
  (bsc#1242283).
• CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init()
  (bsc#1241626).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html