SUSE-SU-2025:20206-1

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).
• CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
• CVE-2024-53124: net: fix data-races around sk->skforwardalloc (bsc#1234074).
• CVE-2024-53139: sctp: fix possible UAF in sctpv6available() (bsc#1234157).
• CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
• CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
• CVE-2025-21729: wifi: rtw89: fix race between cancelhwscan and hw_scan completion (bsc#1237874).
• CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
• CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
• CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
• CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
• CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
• CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
• CVE-2025-21881: uprobes: Reject the shared zeropage in uprobewriteopcode() (bsc#1240185).
• CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
• CVE-2025-21887: ovl: fix UAF in ovldentryupdatereval by moving dput() in ovllink_up (bsc#1240176).
• CVE-2025-21889: perf/core: Add RCU read lock protection to perfiteratectx() (bsc#1240167).
• CVE-2025-21894: net: enetc: VFs do not support HWTSTAMPTXONESTEP_SYNC (bsc#1240581).
• CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmuctxlist (bsc#1240585).
• CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
• CVE-2025-21908: NFS: fix nfsreleasefolio() to not deadlock via kcompactd writeback (bsc#1240600).
• CVE-2025-21913: x86/amdnb: Use rdmsrsafe() in amdgetmmconfig_range() (bsc#1240591).
• CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
• CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclgeptpget_cycle returns an error (bsc#1240720).
• CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
• CVE-2025-21960: eth: bnxt: do not update checksum in bnxtxdpbuild_skb() (bsc#1240815).
• CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
• CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
• CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
• CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
• CVE-2025-21975: net/mlx5: handle errors in mlx5chainscreate_table() (bsc#1240812).
• CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
• CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
• CVE-2025-21993: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic() (bsc#1240797).
• CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).

The following non-security bugs were fixed:

• ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
• ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
• ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
• ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
• ASoC: imx-card: Add NULL check in imxcardprobe() (git-fixes).
• ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
• ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
• ASoC: qdsp6: q6asm-dai: fix q6asmdaicomprsetparams error path (git-fixes).
• HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
• HID: i2c-hid: improve i2chidget_report error message (stable-fixes).
• Input: pm8941-pwrkey - fix devdbg() output in pm8941pwrkey_irq() (git-fixes).
• Input: synaptics - hide unused smbuspnpids[] array (git-fixes).
• PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
• PCI: Fix reference leak in pciregisterhost_bridge() (git-fixes).
• PCI: histb: Fix an error handling path in histbpcieprobe() (git-fixes).
• acpi: nfit: fix narrowing conversion in acpinfitctl (git-fixes).
• affs: do not write overlarge OFS data block size fields (git-fixes).
• affs: generate OFS sequence numbers starting at 1 (git-fixes).
• archtopology: Make registercpucapacitysysctl() tolerant to late (bsc#1238052)
• archtopology: init capacityfreq_ref to 0 (bsc#1238052)
• arm64/amu: Use capacityreffreq() to set AMU ratio (bsc#1238052)
• arm64: Do not call NULL in docompatalignment_fixup() (git-fixes)
• arm64: Provide an AMU-based version of archfreqgetoncpu (bsc#1238052)
• arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
• arm64: Utilize foreachcpu_wrap for reference lookup (bsc#1238052)
• arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
• arm64: mm: Correct the update of max_pfn (git-fixes)
• bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
• bpf: Fix theoretical prog_array UAF in __uprobeperffunc() (git-fixes).
• bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
• bpf: fix potential error return (git-fixes).
• bpf: unify VMWRITE vs VMMAYWRITE use in BPF map mmaping logic (git-fixes).
• counter: fix privdata alignment (git-fixes).
• counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
• counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
• cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
• cpufreq: Allow archfreqgetoncpu to return an error (bsc#1238052)
• cpufreq: Introduce an optional cpuinfoavgfreq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64
• drm/amd/pm/smu11: Prevent division by zero (git-fixes).
• drm/amd/pm: Prevent division by zero (git-fixes).
• drm/amd: Keep display off while going into S4 (stable-fixes).
• drm/amdgpu/dmabuf: fix pagelink check (git-fixes).
• drm/amdgpu/gfx11: fix num_mec (git-fixes).
• drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
• drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
• drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
• drm/nouveau: prime: fix ttmbodelayed_delete oops (git-fixes).
• drm/sti: remove duplicate object names (git-fixes).
• exfat: fix the infinite loop in exfatfindlast_cluster() (git-fixes).
• firmware: csdsp: Ensure csdsp_load_coeff returns 0 on success (git-fixes).
• gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
• hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
• lib: scatterlist: fix sgsplitphys to preserve original scatterlist offsets (git-fixes).
• libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Hide/reduce scope of MAXNRCPUS (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Remove use of perfcpumap__read() (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Rename perfcpumapdefaultnew() to perfcpu_mapnewonlinecpus() and prefer sysfs (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Rename perfcpumapdummynew() to perfcpu_mapnewanycpu() (bsc#1234698 jsc#PED-12309).
• libperf cpumap: Rename perfcpumapempty() to perfcpumaphasanycpuoris_empty() (bsc#1234698 jsc#PED-12309).
• mmc: sdhci-pxav3: set NEEDRSPBUSY capability (stable-fixes).
• mtd: inftlcore: Add error check for inftlreadoob() (git-fixes).
• mtd: rawnand: Add status chack in r852_ready() (git-fixes).
• net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
• net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
• nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
• nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
• nfsd: put dlstid if fail to queue dlrecall (git-fixes).
• ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
• ntb: intel: Fix using link status DB's (git-fixes).
• ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
• ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans (git-fixes).
• ntbperf: Delete duplicate dmaengineunmapput() call in perfcopy_chunk() (git-fixes).
• ntb_perf: Fix printk format (git-fixes).
• objtool, media: dib8000: Prevent divide-by-zero in dib8000setdds() (git-fixes).
• objtool, spi: amd: Fix out-of-bounds stack access in amdsetspi_freq() (git-fixes).
• objtool: Fix segfault in ignoreunreachableinsn() (git-fixes).
• perf cpumap: Reduce transitive dependencies on libperf MAXNRCPUS (bsc#1234698 jsc#PED-12309).
• perf pmu: Remove use of perfcpumap__read() (bsc#1234698 jsc#PED-12309).
• perf tools: annotate asmpureloop.S (bsc#1239906).
• perf: Increase MAXNRCPUS to 4096 (bsc#1234698 jsc#PED-12309).
• platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
• platform/x86: ISST: Correct command storage data length (git-fixes).
• platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
• powercap: dtpmdevfreq: Fix error check against devpmqosadd_request() (git-fixes).
• powercap: intelrapltpmi: Fix System Domain probing (git-fixes).
• powercap: intelrapltpmi: Fix bogus register reading (git-fixes).
• powercap: intelrapltpmi: Ignore minor version change (git-fixes).
• rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
• s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
• s390/pci: Fix zpcibusisisolatedvf() for non-VFs (git-fixes bsc#1240978).
• sched/topology: Add a new archscalefreq_ref() method (bsc#1238052)
• security, lsm: Introduce securitymptcpadd_subflow() (bsc#1240375).
• selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
• selinux: Implement mptcpaddsubflow hook (bsc#1240375).
• serial: 8250dma: terminate correct DMA in txdma_flush() (git-fixes).
• smb: client: fix opencacheddir retries with 'hard' mount option (bsc#1240616).
• staging: rtl8723bs: select CONFIGCRYPTOLIB_AES (git-fixes).
• topology: Set capacityfreqref in all cases (bsc#1238052)
• tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
• tpm: tis: Double the timeout B to 4s (bsc#1235870).
• tpm_tis: Move CRC check to generic send routine (bsc#1235870).
• tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
• tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
• tty: serial: 8250: Add some more device IDs (stable-fixes).
• tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
• tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
• ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
• usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
• usb: xhci: correct debug message page size calculation (git-fixes).
• usbnet:fix NPE during rx_complete (git-fixes).
• wifi: ath11k: fix memory leak in ath11kxxxremove() (git-fixes).
• wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
• wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
• wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
• wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
• xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
• xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
• xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).