SUSE-SU-2025:4128-1

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
• CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
• CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
• CVE-2025-38653: proc: use the same treatment to check proclseek as ones for procread_iter et.al (bsc#1248630).
• CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
• CVE-2025-38700: scsi: libiscsi: Initialize iscsiconn->dddata only if memory is allocated (bsc#1249182).
• CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
• CVE-2025-39673: ppp: fix race conditions in pppfillforward_path (bsc#1249320).
• CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
• CVE-2025-39683: tracing: Limit access to parser->buffer when tracegetuser failed (bsc#1249286).
• CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
• CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
• CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
• CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
• CVE-2025-39812: sctp: initialize more fields in sctpv6from_sk() (bsc#1250202).
• CVE-2025-39813: ftrace: Fix potential warning in traceprintkseq during ftrace_dump (bsc#1250032).
• CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
• CVE-2025-39866: fs: writeback: fix use-after-free in _markinode_dirty() (bsc#1250455).
• CVE-2025-39876: net: fec: Fix possible NPD in fecenetphyresetafterclkenable() (bsc#1250400).
• CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
• CVE-2025-39895: sched: Fix schednumafindnthcpu() if mask offline (bsc#1250721).
• CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
• CVE-2025-39911: i40e: fix IRQ freeing in i40evsirequestirqmsix error path (bsc#1250704).
• CVE-2025-39945: cnic: Fix use-after-free bugs in cnicdeletetask (bsc#1251230).
• CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
• CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
• CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
• CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
• CVE-2025-39955: tcp: Clear tcpsk(sk)->fastopenrsk in tcp_disconnect() (bsc#1251804).
• CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
• CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
• CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
• CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
• CVE-2025-39972: i40e: fix idx validation in i40evalidatequeue_map (bsc#1252039).
• CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
• CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2tcadd_flow() (bsc#1252069).
• CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89coretxkickoffandwait() (bsc#1252062).
• CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
• CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup (bsc#1252688).
• CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
• CVE-2025-40056: vhost: vringh: Fix copytoiter return value check (bsc#1252826).
• CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
• CVE-2025-40078: bpf: Explicitly check accesses to bpfsockaddr (bsc#1252789).
• CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
• CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).

The following non security issues were fixed:

• ACPI: battery: Add synchronization between interface updates (git-fixes).
• KVM: PPC: Fix misleading interrupts comment in kvmppcprepareto_enter() (bsc#1215199).
• KVM: x86: Plumb in the vCPU to kvmx86ops.hwapicisrupdate() (git-fixes).
• KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
• bpf: Allow helper bpfget[ns]currentpid_tgid() for all prog types (bsc#1252364).
• cpufreq: intelpstate: Fix object lifecycle issue in updateqos_request() (stable-fixes git-fixes).
• drm/amd/pm: fix smu table id bound check issue in smucmnupdate_table() (git-fixes).
• ext4: fix checks for orphan inodes (bsc#1250119).
• hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat() (git-fixes).
• kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
• module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
• net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
• netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
• perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
• perf/x86/intel: Fix crash in iclupdatetopdown_event() (git-fixes).
• phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
• powerpc/boot: Fix build with gcc 15 (bsc#1215199).
• powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
• powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
• powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
• powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
• proc: fix missing pdesetflags() for net proc files (bsc#1248630)
• proc: fix type confusion in pdesetflags() (bsc#1248630)
• sched/idle: Conditionally handle tick broadcast in defaultidlecall() (bsc#1248517).
• skmsg: Return copied bytes in skmsgmemcopyfromiter (bsc#1250650).
• smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
• smb: client: fix potential cfid UAF in smb2queryinfo_compound (bsc#1248886).
• tcpbpf: Fix copied value in tcpbpf_sendmsg (bsc#1250650).
• tracing: Remove unneeded goto out logic (bsc#1249286).
• x86/idle: Sanitize X86BUGAMD_E400 handling (bsc#1248517).