Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-19634

kernel update [SLES15 SP6 6.4.0-150600.23.78.1]

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Medium
    • Lustre 2.17.0
    • Lustre 2.17.0
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security
      issues

      The following security issues were fixed:

      • CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory
        handling (bsc#1244939).
      • CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister
        notifier (bsc#1248211).
      • CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation
        (bsc#1248230).
      • CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for
        proc_read_iter et.al (bsc#1248630).
      • CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
      • CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if
        memory is allocated (bsc#1249182).
      • CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv
        (bsc#1249161).
      • CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path
        (bsc#1249320).
      • CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference
        (bsc#1249302).
      • CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user
        failed (bsc#1249286).
      • CVE-2025-39697: nfs: remove dead code for the old swap over NFS
        implementation (bsc#1249319).
      • CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time
        (bsc#1249317).
      • CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding
        INT_MAX (bsc#1249512).
      • CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
      • CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk()
        (bsc#1250202).
      • CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during
        ftrace_dump (bsc#1250032).
      • CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in
        atmtcp_recv_control() (bsc#1250205).
      • CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop
        object (bsc#1250296).
      • CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty()
        (bsc#1250455).
      • CVE-2025-39876: net: fec: Fix possible NPD in
        fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
      • CVE-2025-39881: kernfs: Fix UAF in polling when open file is released
        (bsc#1250379).
      • CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline
        (bsc#1250721).
      • CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in
        object_err() (bsc#1250702).
      • CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error
        path (bsc#1250704).
      • CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task
        (bsc#1251230).
      • CVE-2025-39946: tls: make sure to abort the stream if headers are bogus
        (bsc#1251114).
      • CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind
        (bsc#1251232).
      • CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
      • CVE-2025-39949: qed: Don't collect too many protection override GRC elements
        (bsc#1251177).
      • CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
        (bsc#1251804).
      • CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
      • CVE-2025-39969: i40e: fix validation of VF state in get resources
        (bsc#1252044).
      • CVE-2025-39970: i40e: fix input validation logic for action_meta
        (bsc#1252051).
      • CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
      • CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map
        (bsc#1252039).
      • CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
      • CVE-2025-39978: octeontx2-pf: Fix potential use after free in
        otx2_tc_add_flow() (bsc#1252069).
      • CVE-2025-40000: wifi: rtw89: fix use-after-free in
        rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
      • CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind
        during busy (bsc#1252349).
      • CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup
        (bsc#1252688).
      • CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
      • CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check
        (bsc#1252826).
      • CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures
        (bsc#1252848).
      • CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr
        (bsc#1252789).
      • CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
      • CVE-2025-40100: btrfs: do not assert we found block group item when creating
        free space tree (bsc#1252918).

      The following non security issues were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2025-November/023305.html

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. LU-19753 kernel update [SLES15 SP6 6.4.0-150600.23.81.3]

          • Medium -
          • Resolved
          is related to

          Task - A task that needs to be done. LU-19508 kernel update [SLES15 SP6 6.4.0-150600.23.73.1]

          • Medium -
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: