Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-20332

kernel update [SLES15 SP7 6.4.0-150700.53.60.1]

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Medium Medium
    • Lustre 2.18.0
    • Lustre 2.18.0
    • None
    • 3
    • 9223372036854775807

      The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security
      issues.

      The following security issues were fixed:

      • CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
      • CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources
        in Zen2's op cache (bsc#1264013).
      • CVE-2025-68310: s390/pci: Use pci_uevent_ers() in PCI recovery
        (bsc#1255160).
      • CVE-2025-71183: btrfs: always detect conflicting inodes when logging inode
        refs (bsc#1257631).
      • CVE-2026-23168: flex_proportions: make fprop_new_period() hardirq safe
        (bsc#1258826).
      • CVE-2026-23239: espintcp: Fix race condition in espintcp_close()
        (bsc#1259485).
      • CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx()
        (bsc#1259484).
      • CVE-2026-23245: net/sched: act_gate: snapshot parameters with RCU on replace
        (bsc#1259799).
      • CVE-2026-23262: gve: Fix stats report corruption on queue count change
        (bsc#1259870).
      • CVE-2026-23271: perf: Fix __perf_event_overflow() vs
        perf_remove_from_context() race (bsc#1260018).
      • CVE-2026-23276: net: move dev_xmit_recursion() helpers to net/core/dev.h
        (bsc#1260012).
      • CVE-2026-23300: net: ipv6: fix panic when IPv4 route references loopback
        IPv6 nexthop (bsc#1260538).
      • CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
        (bsc#1260544).
      • CVE-2026-23306: scsi: pm8001: Fix use-after-free in pm8001_queue_command()
        (bsc#1260501).
      • CVE-2026-23313: i40e: Fix preempt count leak in napi poll tracepoint
        (bsc#1260555).
      • CVE-2026-23321: mptcp: pm: in-kernel: always mark signal+subflow endp as
        used (bsc#1260505).
      • CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
        (bsc#1260550).
      • CVE-2026-23340: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race
        for lockless qdiscs (bsc#1260523).
      • CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative
        (bsc#1260527).
      • CVE-2026-23346: mm/ioremap: define generic_ioremap_prot() and
        generic_iounmap() (bsc#1260529).
      • CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim
        phase (bsc#1260526).
      • CVE-2026-23354: x86/fred: Correct speculative safety in fred_extint()
        (bsc#1260801).
      • CVE-2026-23368: net: phy: register phy led_triggers during probe to avoid
        AB-BA deadlock (bsc#1260530).
      • CVE-2026-23374: blktrace: fix __this_cpu_read/write in preemptible context
        (bsc#1260811).
      • CVE-2026-23378: net/sched: act_ife: Fix metalist update behavior
        (bsc#1260546).
      • CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent
        atomic tearing (bsc#1260497).
      • CVE-2026-23391: netfilter: xt_CT: drop pending enqueued packets on template
        removal (bsc#1260566).
      • CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace
        period on error (bsc#1260531).
      • CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
        (bsc#1260522).
      • CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple
        L2CAP_ECRED_CONN_REQ (bsc#1260580).
      • CVE-2026-23397: nfnetlink_osf: validate individual option lengths in
        fingerprints (bsc#1260728).
      • CVE-2026-23399: nf_tables: nft_dynset: fix possible stateful expression
        memleak in error path (bsc#1261020).
      • CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers
        are done (bsc#1261412).
      • CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune
        (bsc#1261507).
      • CVE-2026-23440: net/mlx5e: Fix race condition during IPSec ESN update
        (bsc#1261641).
      • CVE-2026-23441: net/mlx5e: Prevent concurrent access to IPSec ASO context
        (bsc#1261768).
      • CVE-2026-23442: ipv6: add NULL checks for idev in SRv6 paths (bsc#1261581).
      • CVE-2026-23445: igc: fix page fault in XDP TX timestamps handling
        (bsc#1261702).
      • CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit
        (bsc#1261779).
      • CVE-2026-23450: net/smc: fix NULL dereference and UAF in
        smc_tcp_syn_recv_sock() (bsc#1261584).
      • CVE-2026-23455: netfilter: nf_conntrack_h323: check for zero length in
        DecodeQ931() (bsc#1261687).
      • CVE-2026-23456: netfilter: nf_conntrack_h323: fix OOB read in decode_int()
        CONS case (bsc#1261703).
      • CVE-2026-23457: netfilter: nf_conntrack_sip: fix Content-Length u32
        truncation in sip_help_tcp() (bsc#1261686).
      • CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in
        ctnetlink_dump_exp_ct() (bsc#1261781).
      • CVE-2026-23461: Bluetooth: L2CAP: Fix use-after-free in
        l2cap_unregister_user (bsc#1261707).
      • CVE-2026-23462: Bluetooth: HIDP: Fix possible UAF (bsc#1261710).
      • CVE-2026-23468: drm/amdgpu: Limit BO list entry count to prevent resource
        exhaustion (bsc#1261692).
      • CVE-2026-23472: serial: core: fix infinite loop in handle_tx() for
        PORT_UNKNOWN (bsc#1261636).
      • CVE-2026-23473: io_uring/poll: fix multishot recv missing EOF on wakeup race
        (bsc#1261694).
      • CVE-2026-31395: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event
        handler (bsc#1261786).
      • CVE-2026-31400: sunrpc: fix cache_request leak in cache_release
        (bsc#1261645).
      • CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
        (bsc#1261638).
      • CVE-2026-31403: NFSD: Hold net reference for the lifetime of
        /proc/fs/nfs/exports fd (bsc#1261796).
      • CVE-2026-31404: xfs: avoid dereferencing log items after push callbacks
        (bsc#1261628).
      • CVE-2026-31407: netfilter: conntrack: add missing netlink policy validations
        (bsc#1261632).
      • CVE-2026-31411: net: atm: fix crash due to unvalidated vcc pointer in
        sigd_send() (bsc#1261752).
      • CVE-2026-31415: ipv6: avoid overflows in ip6_datagram_send_ctl()
        (bsc#1262099).
      • CVE-2026-31416: netfilter: nfnetlink_log: account for netlink header size
        (bsc#1262100).
      • CVE-2026-31420: bridge: mrp: reject zero test interval to avoid OOM panic
        (bsc#1262055).
      • CVE-2026-31421: net/sched: cls_fw: fix NULL pointer dereference on shared
        blocks (bsc#1262061).
      • CVE-2026-31422: net/sched: cls_flow: fix NULL pointer dereference on shared
        blocks (bsc#1262054).
      • CVE-2026-31423: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
        (bsc#1262063).
      • CVE-2026-31424: netfilter: x_tables: restrict xt_check_match/xt_check_target
        extensions for NFPROTO_ARP (bsc#1262053).
      • CVE-2026-31425: rds: ib: reject FRMR registration before IB connection is
        established (bsc#1262074).
      • CVE-2026-31427: netfilter: nf_conntrack_sip: fix use of uninitialized
        rtp_addr in process_sdp (bsc#1262086).
      • CVE-2026-31428: netfilter: nfnetlink_log: fix uninitialized padding leak in
        NFULA_PAYLOAD (bsc#1262087).
      • CVE-2026-31436: dmaengine: idxd: fix possible wrong descriptor completion in
        llist_abort_desc() (bsc#1262602).
      • CVE-2026-31449: ext4: validate p_idx bounds in ext4_ext_correct_indexes
        (bsc#1262616).
      • CVE-2026-31470: virt: tdx-guest: Fix handling of host controlled 'quote'
        buffer length (bsc#1262665).
      • CVE-2026-31488: drm/amd/display: Do not skip unrelated mode changes in DSC
        validation (bsc#1262746).
      • CVE-2026-31494: net: cadence: macb: Synchronize stats calculations
        (bsc#1262671).
      • CVE-2026-31496: netfilter: nf_conntrack_expect: skip expectations in other
        netns via proc (bsc#1262673).
      • CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
        (bsc#1263085).
      • CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
        (bsc#1263093).
      • CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee()
        duplicates splice pipe buffer (bsc#1263095).
      • CVE-2026-31512: Bluetooth: L2CAP: Validate PDU length before reading SDU
        length in l2cap_ecred_data_rcv() (bsc#1262734).
      • CVE-2026-31515: af_key: validate families in pfkey_send_migrate()
        (bsc#1262752).
      • CVE-2026-31519: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
        (bsc#1263012).
      • CVE-2026-31525: bpf: Fix undefined behavior in interpreter sdiv/smod for
        INT_MIN (bsc#1262725).
      • CVE-2026-31528: perf: Make sure to use pmu_ctx->pmu for groups
        (bsc#1263001).
      • CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
        tls_do_encryption (bsc#1262758).
      • CVE-2026-31547: drm/xe: Fix missing runtime PM reference in ccs_mode_store
        (bsc#1263018).
      • CVE-2026-31550: pmdomain: bcm: bcm2835-power: Increase ASB control timeout
        (bsc#1263104).
      • CVE-2026-31565: RDMA/irdma: Fix deadlock during netdev reset with active
        connections (bsc#1263064).
      • CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
        (bsc#1263065).
      • CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
        (bsc#1263176).
      • CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small
        write values (bsc#1263165).
      • CVE-2026-31602: ALSA: ctxfi: Limit PTP to a single page (bsc#1263723).
      • CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit()
        (bsc#1263600).
      • CVE-2026-31622: NFC: digital: Bounds check NFC-A cascade depth in SDD
        response handler (bsc#1263797).
      • CVE-2026-31649: net: stmmac: fix integer underflow in chain mode
        (bsc#1263582).
      • CVE-2026-31656: drm/i915/gt: fix refcount underflow in
        intel_engine_park_heartbeat (bsc#1263170).
      • CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
        (bsc#1263131).
      • CVE-2026-31668: seg6: separate dst_cache for input and output paths in seg6
        lwtunnel (bsc#1263140).
      • CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established
        (bsc#1263141).
      • CVE-2026-31675: net/sched: sch_netem: fix out-of-bounds access in packet
        corruption (bsc#1263556).
      • CVE-2026-31679: openvswitch: validate MPLS set/set_masked payload length
        (bsc#1263592).
      • CVE-2026-31681: netfilter: xt_multiport: validate range encoding in
        checkentry (bsc#1263593).
      • CVE-2026-31682: bridge: br_nd_send: linearize skb before parsing ND options
        (bsc#1263595).
      • CVE-2026-31684: net: sched: act_csum: validate nested VLAN headers
        (bsc#1263596).
      • CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
        packets (bsc#1263668).
      • CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
      • CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in
        tpacket_snd() (bsc#1263882).
      • CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create
        (bsc#1264059).
      • CVE-2026-31787: xen/privcmd: fix double free via VMA splitting
        (bsc#1262181).
      • CVE-2026-43009: bpf: Fix incorrect pruning due to atomic fetch precision
        tracking (bsc#1264014).
      • CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
        expectations (bsc#1263931).
      • CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
        cleanup (bsc#1263933).
      • CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
      • CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach()
        (bsc#1264097).
      • CVE-2026-43044: crypto: caam - fix DMA corruption on long hmac keys
        (bsc#1264087).
      • CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable()
        (bsc#1264082).
      • CVE-2026-43060: netfilter: nft_ct: drop pending enqueued packets on removal
        (bsc#1264183).
      • CVE-2026-43088: net: af_key: zero aligned sockaddr tail in PF_KEY exports
        (bsc#1264469).
      • CVE-2026-43110: wifi: brcmfmac: validate bsscfg indices in IF events
        (bsc#1264482).
      • CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr.
      • CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints
        (bsc#1264634).
      • CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
        optlen (bsc#1264848).
      • CVE-2026-43214: KVM: x86: Add SRCU protection for reading PDPTRs in
        __get_sregs2() (bsc#1264651).
      • CVE-2026-43265: KVM: x86: Ignore -EBUSY when checking nested events from
        vcpu_block() (bsc#1264427).
      • CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of
        actions (bsc#1265085).
      • CVE-2026-43330: crypto: caam - fix overflow on long hmac keys (bsc#1264801).
      • CVE-2026-43334: Bluetooth: SMP: force responder MITM requirements before
        building the pairing response (bsc#1265090).
      • CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
      • CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
        on recycle (bsc#1265116).
      • CVE-2026-43419: ceph: fix memory leaks in ceph_mdsc_build_path()
        (bsc#1264661).
      • CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
        snd_pcm_drain() (bsc#1265126).
      • CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is
        disabled (bsc#1264674).
      • CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails
        (bsc#1265626).
      • CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-
        transfer helpers (bsc#1265960).
      • CVE-2026-46300: net: skbuff: preserve shared-frag marker during coalescing
        (bsc#1265209).

      The following non security issues were fixed:
      https://lists.suse.com/pipermail/sle-security-updates/2026-June/026559.html

            yujian Jian Yu
            yujian Jian Yu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: