Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-20129

kernel update [SLES15 SP7 6.4.0-150700.53.34.1]

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Medium
    • Lustre 2.18.0
    • Lustre 2.18.0
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security
      issues

      The following security issues were fixed:

      • CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
        (bsc#1254992).
      • CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for
        reply queue (bsc#1243055).
      • CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET
        (bsc#1249587).
      • CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
        (bsc#1249998).
      • CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in
        af_alg_sendmsg (bsc#1251966).
      • CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input
        (bsc#1252911).
      • CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink
        (bsc#1252924).
      • CVE-2025-40201: kernel/sys.c: fix the racy usage of
        task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455).
      • CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
      • CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd
        (bsc#1255379).
      • CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon()
        (bsc#1255129).
      • CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
      • CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation
        (bsc#1255811).
      • CVE-2025-68736: landlock: Fix handling of disconnected directories
        (bsc#1255698).
      • CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in
        the current transaction (bsc#1256683).
      • CVE-2025-68785: net: openvswitch: fix middle attribute validation in
        push_nsh() action (bsc#1256640).
      • CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing
        memslot (bsc#1256679).
      • CVE-2025-71066: net/sched: ets: Always remove class from active list before
        deleting in ets_qdisc_change (bsc#1256645).
      • CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral
        (bsc#1256802).
      • CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with
        periodic HV timer (bsc#1256708).
      • CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via
        sock_kmalloc (bsc#1256716).
      • CVE-2025-71125: tracing: Do not register unsupported perf events
        (bsc#1256784).
      • CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time
        (bsc#1256755).
      • CVE-2025-71148: net/handshake: restore destructor on submit failure
        (bsc#1257159).
      • CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode
        eviction (bsc#1257635).
      • CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored
        transaction type (bsc#1257687).
      • CVE-2025-71225: md: suspend array while updating raid_disks via sysfs
        (bsc#1258411).
      • CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets
        (bsc#1257228).
      • CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a
        lag (bsc#1257179).
      • CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in
        nvmet_tcp_build_pdu_iovec (bsc#1257209).
      • CVE-2026-23003: geneve: Fix incorrect inner network header offset when
        innerprotoinherit is set (bsc#1257246).
      • CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and
        rt_del_uncached_list() (bsc#1257231).
      • CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
      • CVE-2026-23017: idpf: fix error handling in the init_task on load
        (bsc#1257552).
      • CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556).
      • CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of
        priv (bsc#1257559).
      • CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio()
        (bsc#1257718).
      • CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
      • CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to
        match ESP/ESN spec (bsc#1257735).
      • CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
      • CVE-2026-23069: vsock/virtio: fix potential underflow in
        virtio_transport_get_credit() (bsc#1257755).
      • CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709).
      • CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc
        (bsc#1257749).
      • CVE-2026-23083: fou: Don't allow 0 for FOU_ATTR_IPPROTO (bsc#1257745).
      • CVE-2026-23084: be2net: Fix NULL pointer dereference in
        be_cmd_get_mac_from_list (bsc#1257830).
      • CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses
        (bsc#1257758).
      • CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size
        (bsc#1257757).
      • CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage
        (bsc#1257814).
      • CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
        (bsc#1257790).
      • CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
      • CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices
        (bsc#1257816).
      • CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode
        state (bsc#1257772).
      • CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
      • CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class
        is active in qfq_rm_from_ag (bsc#1257775).
      • CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring
        ZA (bsc#1257762).
      • CVE-2026-23110: scsi: core: Wake up the error handler when final completions
        race against each other (bsc#1257761).
      • CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in
        nft_map_catchall_activate() (bsc#1258181).
      • CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
        (bsc#1258184).
      • CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
        (bsc#1258278).
      • CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask
        for 8mq vpu (bsc#1258277).
      • CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect()
        (bsc#1258273).
      • CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after
        SCTP_CMD_PEER_INIT (bsc#1258293).
      • CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has
        been performed (bsc#1258304).
      • CVE-2026-23141: btrfs: send: check for inline extents in
        range_is_hole_in_parent() (bsc#1258377).
      • CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO
        (bsc#1258286).
      • CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
        (bsc#1258272).
      • CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
        (bsc#1258389).
      • CVE-2026-23171: net: bonding: update the slave array for broadcast mode
        (bsc#1258349).
      • CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers
        (bsc#1258520).
      • CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
        (bsc#1258394).
      • CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
      • CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd
        (bsc#1258321).
      • CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful()
        (bsc#1258340).
      • CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames
        (bsc#1258468).
      • CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink()
        (bsc#1258518).
      • CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild
        (bsc#1258517).
      • CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
        (bsc#1258465).
      • CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only
        (bsc#1258464).
      • CVE-2026-23268: apparmor: fix unprivileged local user can do privileged
        policy management (bsc#1258850).
      • CVE-2026-23269: apparmor: validate DFA start states are in bounds in
        unpack_pdb (bsc#1259857).

      The following non security issues were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2026-March/024953.html

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. LU-20225 kernel update [SLES15 SP7 6.4.0-150700.53.40.1]

          • Medium -
          • Open
          is related to

          Task - A task that needs to be done. LU-19899 kernel update [SLES15 SP7 6.4.0-150700.53.31.1]

          • Medium -
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: