Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-19899

kernel update [SLES15 SP7 6.4.0-150700.53.31.1]

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Medium
    • Lustre 2.18.0
    • Lustre 2.18.0
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security
      issues

      The following security issues were fixed:

      • CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim
        (bsc#1256280).
      • CVE-2025-39880: libceph: fix invalid accesses to ceph_connection_v1_info
        (bsc#1250388).
      • CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
      • CVE-2025-40254: net: openvswitch: remove never-working support for setting
        nsh fields (bsc#1254852).
      • CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
      • CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
      • CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
        nvme_fc_delete_ctrl() (bsc#1254839).
      • CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
      • CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid()
        (bsc#1254624).
      • CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff
        for striding RQ (bsc#1255260).
      • CVE-2025-40355: sysfs: check visibility before changing group attribute
        ownership (bsc#1255261).
      • CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output
        (bsc#1255102).
      • CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
      • CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition
        (bsc#1255327).
      • CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy
        (bsc#1255266).
      • CVE-2025-68188: tcp: use dst_dev_rcu() in
        tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
      • CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
      • CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path
        (bsc#1255226).
      • CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
      • CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding
        stale fnhe (bsc#1255157).
      • CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing
        incorrect cleanup (bsc#1255268).
      • CVE-2025-68261: ext4: add i_data_sem protection in
        ext4_destroy_inline_data_nolock() (bsc#1255164).
      • CVE-2025-68284: libceph: prevent potential out-of-bounds writes in
        handle_auth_session_key() (bsc#1255377).
      • CVE-2025-68285: libceph: fix potential use-after-free in
        have_mon_and_osd_map() (bsc#1255401).
      • CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon
        setup (bsc#1255128).
      • CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted
        directories (bsc#1255403).
      • CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path
        (bsc#1255120).
      • CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
      • CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in
        cake_drop (bsc#1255417).
      • CVE-2025-68327: usb: renesas_usbhs: Fix synchronous external abort on unbind
        (bsc#1255488).
      • CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when
        file system corrupted (bsc#1255482).
      • CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
        pnfs_mark_layout_stateid_invalid (bsc#1255544).
      • CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu
        (bsc#1255552).
      • CVE-2025-68365: fs/ntfs3: Initialize allocated memory before use
        (bsc#1255548).
      • CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
      • CVE-2025-68367: macintosh/mac_hid: fix race condition in
        mac_hid_toggle_emumouse (bsc#1255547).
      • CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
      • CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize
        failure (bsc#1255695).
      • CVE-2025-68727: ntfs3: Fix uninit buffer allocated by __getname()
        (bsc#1255568).
      • CVE-2025-68728: ntfs3: fix uninit memory after failed mi_read in
        mi_format_new (bsc#1255539).
      • CVE-2025-68733: smack: fix bug: unprivileged task can create labels
        (bsc#1255615).
      • CVE-2025-68764: NFS: Automounted filesystems should inherit
        ro,noexec,nodev,sync flags (bsc#1255930).
      • CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
      • CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
      • CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain
        (bsc#1256582).
      • CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket
        (bsc#1256665).
      • CVE-2025-68776: net/hsr: fix NULL pointer dereference in
        prp_get_untagged_frame() (bsc#1256659).
      • CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for
        special files (bsc#1256638).
      • CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query
        (bsc#1256688).
      • CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF
        (bsc#1256689).
      • CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating
        multicast route stats (bsc#1256646).
      • CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free
        (bsc#1256653).
      • CVE-2025-68803: nfsd: set security label during create operations
        (bsc#1256770).
      • CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path
        (bsc#1256641).
      • CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep()
        (bsc#1256651).
      • CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it
        changes to strict (bsc#1256680).
      • CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters
        (bsc#1256674).
      • CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode()
        (bsc#1256754).
      • CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for
        resources (bsc#1256654).
      • CVE-2025-71066: net/sched: ets: Always remove class from active list before
        deleting in ets_qdisc_change (bsc#1256645).
      • CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
      • CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
        (bsc#1256608).
      • CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference
        (bsc#1256622).
      • CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of
        calipso_skbuff_setattr() (bsc#1256623).
      • CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg()
        (bsc#1256628).
      • CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
      • CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
      • CVE-2025-71091: team: fix check for port enabled in
        team_queue_override_port_prio_changed() (bsc#1256773).
      • CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
      • CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size
        (bsc#1256597).
      • CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action
        (bsc#1256605).
      • CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID
        correctly (bsc#1256606).
      • CVE-2025-71097: ipv4: Fix reference count leak when using error routes with
        nexthop objects (bsc#1256607).
      • CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
      • CVE-2025-71112: net: hns3: add VLAN id validation before using
        (bsc#1256726).
      • CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted
        osdmaps (bsc#1256744).
      • CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length
        gss_token in gss_read_proxy_verf (bsc#1256779).
      • CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options()
        (bsc#1256757).
      • CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event
        (bsc#1256733).
      • CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in
        raid5_store_group_thread_cnt() (bsc#1256761).
      • CVE-2025-71137: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
        (bsc#1256760).
      • CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value
        on update (bsc#1257164).
      • CVE-2025-71156: gve: defer interrupt enabling until NAPI registration
        (bsc#1257167).
      • CVE-2025-71157: RDMA/core: always drop device refcount in
        ib_del_sub_device_and_put() (bsc#1257168).
      • CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating
        inactive aggregate in qfq_reset (bsc#1257035).
      • CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue
        (bsc#1257053).
      • CVE-2026-22984: libceph: prevent potential out-of-bounds reads in
        handle_auth_done() (bsc#1257217).
      • CVE-2026-22990: libceph: replace overzealous BUG_ON in
        osdmap_apply_incremental() (bsc#1257221).
      • CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial
        allocation (bsc#1257220).
      • CVE-2026-22992: libceph: return the handler error from
        mon_handle_auth_done() (bsc#1257218).
      • CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool
        operations (bsc#1257180).
      • CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
      • CVE-2026-22999: net/sched: sch_qfq: do not free existing class in
        qfq_change_class() (bsc#1257236).
      • CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure
        (bsc#1257234).
      • CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source()
        (bsc#1257232).
      • CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever
        XFD[i]=1 (bsc#1257245).
      • CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).

      The following non security issues were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2026-February/024124.html

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. LU-20129 kernel update [SLES15 SP7 6.4.0-150700.53.34.1]

          • Medium -
          • Resolved
          is related to

          Task - A task that needs to be done. LU-19754 kernel update [SLES15 SP7 6.4.0-150700.53.25.1]

          • Medium -
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: