SUSE-SU-2025:01995-1

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
• CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt (bsc#1238032).
• CVE-2022-49767: 9p/transfd: always use ONONBLOCK read/write (bsc#1242493).
• CVE-2022-49769: gfs2: Check sbbsizeshift after reading superblock (bsc#1242440).
• CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
• CVE-2022-49775: tcp: cdg: allow tcpcdgrelease() to be called multiple times (bsc#1242245).
• CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
• CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
• CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
• CVE-2024-56558: nfsd: make sure exp active before svcexportshow (bsc#1235100).
• CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
• CVE-2025-21999: proc: fix UAF in procgetinode() (bsc#1240802).
• CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).

The following non-security bugs were fixed:

• HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745).
• devm-helpers: Add resource managed version of work init (bsc#1242745).
• mtd: phram: Add the kernel lock down check (bsc#1232649).
• ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
• workqueue: Add resource managed version of delayed work init (bsc#1242745).
• Remove debug flavor (bsc#1243919).