SUSE-SU-2025:0231-1

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
• CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
• CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice() (bsc#1234846).
• CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
• CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
• CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
• CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
• CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
• CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
• CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexconfigscan() (bsc#1234963).
• CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
• CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
• CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
• CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc() (bsc#1235056).
• CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate() (bsc#1235061).
• CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfsfindentry() (bsc#1235224).
• CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE (bsc#1230697).

The following non-security bugs were fixed:

• KVM: x86: fix sending PV IPI (git-fixes).
• idpf: add support for SW triggered interrupts (bsc#1235507).
• idpf: enable WBONITR (bsc#1235507).
• idpf: trigger SW interrupt when exiting wbonitr mode (bsc#1235507).
• kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
• kernel/fork: beware of _puttaskstruct() calling context (bsc#1189998 (PREEMPTRT prerequisite backports)).
• net: mana: Increase the DEFRXBUFFERSPERQUEUE to 1024 (bsc#1235246).
• rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
• scsi: storvsc: Do not flag MAINTENANCEIN return of SRBSTATUSDATAOVERRUN as an error (git-fixes).
• smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
• usb: roles: Call trymoduleget() from usbroleswitchfindby_fwnode() (git-fixes).
• usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
• x86/bug: Merge annotatereachable() into _BUGFLAGS() asm (git-fixes).
• x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
• x86/fpu/xstate: Fix the ARCHREQXCOMP_PERM implementation (git-fixes).
• x86/fpu: Remove unused supervisor only offsets (git-fixes).
• x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
• x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
• x86/mce: Allow instrumentation during task work queueing (git-fixes).
• x86/mce: Mark mce_end() noinstr (git-fixes).
• x86/mce: Mark mce_panic() noinstr (git-fixes).
• x86/mce: Mark mcereadaux() noinstr (git-fixes).
• x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
• x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
• x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
• x86/uaccess: Move variable into switch case statement (git-fixes).
• x86: Annotate callonstack() (git-fixes).