SUSE-SU-2025:01983-1

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2021-47670: can: peak_usb: fix use after free bugs (bsc#1241407).
• CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt (bsc#1238032).
• CVE-2022-49145: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (bsc#1238162).
• CVE-2022-49168: btrfs: do not clean up repair bio if submit fails (bsc#1238109).
• CVE-2022-49190: kernel/resource: fix kfree() of bootmem memory again (bsc#1238130).
• CVE-2022-49212: mtd: rawnand: atmel: fix refcount issue in atmelnandcontroller_init (bsc#1238331).
• CVE-2022-49216: drm/tegra: Fix reference leak in tegradsiganged_probe (bsc#1238338).
• CVE-2022-49235: ath9k_htc: fix uninit value bugs (bsc#1238333).
• CVE-2022-49248: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (bsc#1238284).
• CVE-2022-49253: media: usb: go7007: s2250-board: fix leak in probe() (bsc#1238420).
• CVE-2022-49320: dmaengine: zynqmpdma: In struct zynqmpdmachan fix descsize data type (bsc#1238394).
• CVE-2022-49326: rtl818x: Prevent using not initialized queues (bsc#1238646).
• CVE-2022-49371: driver core: fix deadlock in _deviceattach (bsc#1238546).
• CVE-2022-49382: soc: rockchip: Fix refcount leak in rockchipgrfinit (bsc#1238306).
• CVE-2022-49396: phy: qcom-qmp: fix reset-controller leak on probe errors (bsc#1238289).
• CVE-2022-49420: net: annotate races around sk->skbounddev_if (bsc#1238887).
• CVE-2022-49441: tty: fix deadlock caused by calling printk() under tty_port->lock (bsc#1238263).
• CVE-2022-49445: pinctrl: renesas: core: Fix possible null-ptr-deref in shpfcmap_resources() (bsc#1238019).
• CVE-2022-49460: PM / devfreq: rk3399_dmc: Disable edev on remove() (bsc#1238892).
• CVE-2022-49467: drm: msm: fix possible memory leak in mdp5crtccursor_set() (bsc#1238815).
• CVE-2022-49474: Bluetooth: fix dangling scoconn and use-after-free in scosock_timeout (bsc#1238071).
• CVE-2022-49491: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (bsc#1238539).
• CVE-2022-49503: ath9khtc: fix potential out of bounds access with invalid rxstatus->rskeyix (bsc#1238868).
• CVE-2022-49592: net: stmmac: fix dma queue left shift overflow issue (bsc#1238311).
• CVE-2022-49625: sfc: fix kernel panic when creating VF (bsc#1238411).
• CVE-2022-49635: drm/i915/selftests: fix subtraction overflow bug (bsc#1238806).
• CVE-2022-49652: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate (bsc#1238871).
• CVE-2022-49715: irqchip/gic-v3: Fix refcount leak in gicpopulateppi_partitions (bsc#1238818).
• CVE-2022-49728: kABI workaround for changeing the variable length type to size_t (bsc#1239111).
• CVE-2022-49729: nfc: nfcmrvl: Fix memory leak in nfcmrvlplaydeferred (bsc#1239060).
• CVE-2022-49751: w1: fix WARNING after calling w1_process() (bsc#1240254).
• CVE-2022-49761: btrfs: always report error in runonedelayed_ref() (bsc#1240261).
• CVE-2022-49772: ALSA: usb-audio: Drop sndBUGON() from sndusbmidioutput_open() (bsc#1242147).
• CVE-2022-49775: tcp: cdg: allow tcpcdgrelease() to be called multiple times (bsc#1242245).
• CVE-2022-49776: macvlan: enforce a consistent minimal mtu (bsc#1242248).
• CVE-2022-49787: mmc: sdhci-pci: Fix possible memory leak caused by missing pcidevput() (bsc#1242352).
• CVE-2022-49788: misc/vmwvmci: fix an infoleak in vmcihostdoreceive_datagram() (bsc#1242353).
• CVE-2022-49813: net: ena: Fix error handling in ena_init() (bsc#1242497).
• CVE-2022-49821: mISDN: fix possible memory leak in mISDNdspelement_register() (bsc#1242542).
• CVE-2022-49826: ata: libata-transport: fix double atahostput() in atatportadd() (bsc#1242549).
• CVE-2022-49829: drm/scheduler: fix fence ref counting (bsc#1242691).
• CVE-2022-49832: pinctrl: devicetree: fix null pointer dereferencing in pinctrldtto_map (bsc#1242154).
• CVE-2022-49835: ALSA: hda: fix potential memleak in 'addwidgetnode' (bsc#1242385).
• CVE-2022-49840: bpf, testrun: Fix alignment problem in bpfprogtestrun_skb() (bsc#1242447).
• CVE-2022-49842: ASoC: soc-utils: Remove _exit for sndsocutilexit() (bsc#1242484).
• CVE-2022-49853: net: macvlan: fix memory leaks of macvlancommonnewlink (bsc#1242688).
• CVE-2022-49861: dmaengine: mvxorv2: Fix a resource leak in mvxorv2_remove() (bsc#1242580).
• CVE-2022-49862: tipc: fix the msg->req tlv len check in tipcnlcompatnametabledumpheader (bsc#1242755).
• CVE-2022-49865: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (bsc#1242570).
• CVE-2022-49871: net: tun: call napischeduleprep() to ensure we own a napi (bsc#1242558).
• CVE-2022-49872: net: gso: fix panic on frag_list with mixed head alloc types (bsc#1242594).
• CVE-2022-49874: HID: hyperv: fix possible memory leak in mousevsc_probe() (bsc#1242478).
• CVE-2022-49898: btrfs: fix tree mod log mishandling of reallocated nodes (bsc#1242472).
• CVE-2022-49907: net: mdio: fix undefined behavior in bit shift for _mdiobusregister (bsc#1242450).
• CVE-2022-49913: btrfs: fix inode list leak during backref walking at findparentnodes() (bsc#1242470).
• CVE-2022-49914: btrfs: fix inode list leak during backref walking at resolveindirectrefs() (bsc#1242427).
• CVE-2022-49922: nfc: nfcmrvl: Fix potential memory leak in nfcmrvli2cnci_send() (bsc#1242378).
• CVE-2022-49923: nfc: nxp-nci: Fix potential memory leak in nxpncisend() (bsc#1242394).
• CVE-2022-49924: nfc: fdp: Fix potential memory leak in fdpncisend() (bsc#1242426).
• CVE-2022-49925: RDMA/core: Fix null-ptr-deref in ibcorecleanup() (bsc#1242371).
• CVE-2022-49931: IB/hfi1: Correctly move list in sc_disable() (bsc#1242382).
• CVE-2023-52868: thermal: core: prevent potential string overflow (bsc#1225044).
• CVE-2023-52975: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (bsc#1240322).
• CVE-2023-52988: ALSA: hda/via: Avoid potential array out-of-bound in addsecretdac_path() (bsc#1240293).
• CVE-2023-52989: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (bsc#1240266).
• CVE-2023-52993: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (bsc#1240297).
• CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
• CVE-2023-53045: usb: gadget: u_audio: do not let userspace block driver unbind (bsc#1242756).
• CVE-2023-53066: qed/qedsriov: guard against NULL derefs from qediovgetvf_info (bsc#1242227).
• CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
• CVE-2023-53080: xsk: Add missing overflow check in xdpumemreg (bsc#1242287).
• CVE-2023-53094: tty: serial: fsl_lpuart: fix race on RX DMA shutdown (bsc#1242288).
• CVE-2023-53103: bonding: Fix memory leak when changing bond type to Ethernet (bsc#1242408).
• CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
• CVE-2023-53139: nfc: fdp: add null check of devmkmallocarray in fdpncii2creaddevice_properties (bsc#1242361).
• CVE-2024-26740: Fixed use the backlog for mirred ingress (bsc#1222563).
• CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720).
• CVE-2024-45021: memcgwriteevent_control(): fix a user-triggerable oops (bsc#1230434).
• CVE-2024-46751: btrfs: do not BUGON() when 0 reference count at btrfslookupextentinfo() (bsc#1230786).
• CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfslookupextent_info() (bsc#1230794).
• CVE-2024-50106: nfsd: fix race between laundromat and free_stateid() (bsc#1232882).
• CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
• CVE-2024-56779: nfsd: fix nfs4openowner leak when concurrent nfsd4open occur (bsc#1235632).
• CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
• CVE-2025-21702: pfifotailenqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
• CVE-2025-21704: usb: cdc-acm: Check control transfer buffer size before access (bsc#1237571).
• CVE-2025-21787: team: better TEAMOPTIONTYPE_STRING validation (bsc#1238774).
• CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
• CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
• CVE-2025-22027: media: streamzap: fix race between device disconnection and urb callback (bsc#1241369).
• CVE-2025-22050: usbnet:fix NPE during rx_complete (bsc#1241441).
• CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
• CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
• CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
• CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
• CVE-2025-23136: thermal: int340x: Add NULL check for adev (bsc#1241357).
• CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
• CVE-2025-23161: PCI: vmd: Make vmddev::cfglock a rawspinlockt type (bsc#1242792).
• CVE-2025-37749: net: ppp: Add bound checking for skb data on pppsynctxmung (bsc#1242859).
• CVE-2025-37752: netsched: schsfq: move the limit validation (bsc#1242504).
• CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
• CVE-2025-37782: hfs/hfsplus: fix slab-out-of-bounds in hfsbnoderead_key (bsc#1242770).
• CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
• CVE-2025-37794: wifi: mac80211: Purge vif txq in ieee80211dostop() (bsc#1242566).
• CVE-2025-37796: wifi: at76c50x: fix use after free access in at76_disconnect (bsc#1242727).
• CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
• CVE-2025-37823: netsched: hfsc: Fix a potential UAF in hfscdequeue() too (bsc#1242924).
• CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
• CVE-2025-37852: drm/amdgpu: handle amdgpucgscreatedevice() errors in amdpowerplay_create() (bsc#1243074).
• CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
• CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
• CVE-2025-37989: net: phy: leds: fix memory leak (bsc#1243511).
• CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).

The following non-security bugs were fixed:

• HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745).
• NFC: nxp-nci: remove unnecessary labels (bsc#1242394).
• arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
• arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
• arm64: insn: Add N immediate encoding (bsc#1242778).
• arm64: insn: Add encoder for bitwise operations using literals (bsc#1242778).
• arm64: insn: Add support for encoding DSB (bsc#1242778).
• arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1242778).
• arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
• arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
• arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
• devm-helpers: Add resource managed version of work init (bsc#1242745)
• irqchip: gic-v3: Use ofcpunodetoid helper (bsc#1238818)
• kernel: Remove debug flavor (bsc#1243919).
• mtd: phram: Add the kernel lock down check (bsc#1232649).
• net/sched: initialize noop_qdisc owner (git-fixes).
• netsched: schsfq: use a temporary work area for validating configuration (bsc#1232504)
• netfilter: Adjusted the backported patch as it caused a regression (bsc#1218752).
• ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
• pinctrl: devicetree: fix refcount leak in pinctrldtto_map() (bsc#1242154)
• workqueue: Add resource managed version of delayed work init (bsc#1242745)
• x86/bugs: Cache the value of MSRIA32ARCH_CAPABILITIES (git-fixes).
• x86/bugs: Fix BHI handling of RRSBA (git-fixes).
• x86/bugs: Fix BHI retpoline check (git-fixes).
• x86/bugs: Fix return type of spectrebhistate() (git-fixes).
• x86/smpboot: Remove unused phys_id variable (git-commit).