SUSE-SU-2025:03383-1

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
• CVE-2024-53177: smb: prevent use-after-free due to opencacheddir error paths (bsc#1234896).
• CVE-2024-58239: tls: stop recv() if initial processrxlist gave us non-DATA (bsc#1248614).
• CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
• CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
• CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers() and posixcputimerdel() (bsc#1246911).
• CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
• CVE-2025-38498: dochangetype(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
• CVE-2025-38499: cloneprivatemnt(): make sure that caller has CAPSYSADMIN in the right userns (bsc#1247976).
• CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
• CVE-2025-38555: usb: gadget : fix use-after-free in compositedevcleanup() (bsc#1248297).
• CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
• CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
• CVE-2025-38608: bpf, ktls: Fix data corruption when using bpfmsgpop_data() in ktls (bsc#1248338).
• CVE-2025-38617: net/packet: fix a race in packetsetring() and packet_notifier() (bsc#1248621).
• CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY (bsc#1248511).
• CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).

The following non-security bugs were fixed:

• NFSv4.1: fix backchannel maxrespsz verification check (bsc#1247518).
• Disable N_GSM (bsc#1244824 jsc#PED-8240).