SUSE-SU-2026:0473-1

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2022-50347: mmc: rtsxusbsdmmc: fix return value check of mmcaddhost() (bsc#1249928).
• CVE-2022-50580: blk-throttle: prevent overflow while calculating wait time (bsc#1252542).
• CVE-2022-50676: net: rds: don't hold sock lock when cancelling work from rdstcpreset_callbacks() (bsc#1254689).
• CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
• CVE-2022-50709: wifi: ath9k: avoid uninit memory read in ath9khtcrx_msg() (bsc#1255565).
• CVE-2022-50716: wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (bsc#1255839).
• CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844).
• CVE-2022-50719: ALSA: line6: fix stack overflow in line6miditransmit (bsc#1255939).
• CVE-2022-50740: wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs() (bsc#1256155).
• CVE-2022-50744: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1256165).
• CVE-2022-50749: acct: fix potential integer overflow in encodecompt() (bsc#1256191).
• CVE-2022-50751: configfs: fix possible memory leak in configfscreatedir() (bsc#1256184).
• CVE-2022-50760: drm/amdgpu: Fix PCI device refcount leak in amdgpuatrmget_bios() (bsc#1255983).
• CVE-2022-50770: ocfs2: fix memory leak in ocfs2mountvolume() (bsc#1256221).
• CVE-2022-50777: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (bsc#1256320).
• CVE-2022-50780: net: fix UAF issue in nfqnlnfhookdrop() when opsinit() failed (bsc#1256305).
• CVE-2022-50782: ext4: fix bug_on in __estreesearch caused by bad quota inode (bsc#1256282).
• CVE-2022-50786: media: s5p-mfc: Clear workbit to handle error condition (bsc#1256258).
• CVE-2022-50816: ipv6: ensure sane device mtu in tunnels (bsc#1256038).
• CVE-2022-50834: nfc: Fix potential resource leaks (bsc#1256219).
• CVE-2022-50865: tcp: fix a signed-integer-overflow bug in tcpaddbacklog() (bsc#1256168).
• CVE-2022-50868: hwrng: amd - Fix PCI device refcount leak (bsc#1256386).
• CVE-2022-50880: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate() (bsc#1256132).
• CVE-2022-50881: ath9k: Fix typo in function name (bsc#1256130).
• CVE-2022-50884: drm: Prevent drmcopyfield() to attempt copying a NULL pointer (bsc#1256127).
• CVE-2022-50885: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdo_cleanup() when socket create failed (bsc#1256122).
• CVE-2022-50887: regulator: core: fix unbalanced of node refcount in regulatordevlookup() (bsc#1256125).
• CVE-2023-50756: nvme-pci: fix mempool alloc size (bsc#1256216).
• CVE-2023-53685: tun: Fix memory leak for detached NAPI queue (bsc#1251770).
• CVE-2023-53747: vcscreen: reload load of struct vcdata pointer in vcs_write() to avoid UAF (bsc#1254572).
• CVE-2023-53751: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname (bsc#1254986).
• CVE-2023-53825: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg() (bsc#1254707).
• CVE-2023-53853: netlink: annotate accesses to nlk->cb_running (bsc#1254673).
• CVE-2023-53863: netlink: do not hard code device address lenth in fdb dumps (bsc#1254657).
• CVE-2023-53992: wifi: cfg80211: ocb: don't leave if not joined (bsc#1256058).
• CVE-2023-54012: net: fix stack overflow when LRO is disabled for virtual interfaces (bsc#1255571).
• CVE-2023-54047: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (bsc#1256398).
• CVE-2023-54048: RDMA/bnxt_re: Prevent handling any completions after qp destroy (bsc#1256395).
• CVE-2023-54067: btrfs: fix race when deleting free space root from the dirty cow roots list (bsc#1256369).
• CVE-2023-54111: pinctrl: rockchip: Fix refcount leak in rockchippinctrlparse_groups (bsc#1256149).
• CVE-2023-54112: kcm: Fix memory leak in error path of kcm_sendmsg() (bsc#1256354).
• CVE-2023-54118: serial: sc16is7xx: setup GPIO controller later in probe (bsc#1256131).
• CVE-2023-54121: btrfs: fix incorrect splitting in btrfsdropextentmaprange (bsc#1256267).
• CVE-2023-54134: autofs: fix memory leak of waitqueues in autofscatatonicmode (bsc#1256106).
• CVE-2023-54198: tty: fix out-of-bounds access in ttydriverlookup_tty() (bsc#1255970).
• CVE-2023-54202: drm/i915: fix race condition UAF in i915perfaddconfigioctl (bsc#1255880).
• CVE-2023-54207: HID: uclogic: Correct devm device reference for hidinput input_dev name (bsc#1255961).
• CVE-2023-54218: sock: Make sock->sk_stamp thread-safe (bsc#1256229).
• CVE-2023-54230: amba: bus: fix refcount leak (bsc#1255925).
• CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
• CVE-2023-54265: ipv6: Fix an uninit variable access bug in __ip6makeskb() (bsc#1255874).
• CVE-2023-54274: RDMA/srpt: Add a check for valid 'mad_agent' pointer (bsc#1255905).
• CVE-2023-54282: media: tuners: qt1010: replace BUG_ON with a regular error (bsc#1255810).
• CVE-2023-54287: tty: serial: imx: disable Ageing Timer interrupt request irq (bsc#1255804).
• CVE-2023-54311: ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1255773).
• CVE-2023-54321: driver core: fix potential null-ptr-deref in device_add() (bsc#1255762).
• CVE-2024-41007: tcp: use signed arithmetic in tcprtxprobe0timedout() (bsc#1227863).
• CVE-2025-40115: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (bsc#1253318).
• CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
• CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerrwork is cancelled in nvmefcdeletectrl() (bsc#1254839).
• CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
• CVE-2025-40271: fs/proc: fix uaf in procreaddirde() (bsc#1255297).
• CVE-2025-40323: fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094).
• CVE-2025-40339: drm/amdgpu: fix nullptr err of vmhandlemoved (bsc#1255428).
• CVE-2025-40345: usb: storage: sddr55: Reject out-of-bound new_pba (bsc#1255279).
• CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
• CVE-2025-68188: tcp: use dstdevrcu() in tcpfastopenactivedisableofo_check() (bsc#1255269).
• CVE-2025-68190: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpuatomexecutetablelocked() (bsc#1255131).
• CVE-2025-68192: net: usb: qmiwwan: initialize MAC header offset in qmimuxrx_fixup (bsc#1255246).
• CVE-2025-68241: ipv4: route: Prevent rtbindexception() from rebinding stale fnhe (bsc#1255157).
• CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
• CVE-2025-68261: ext4: add idatasem protection in ext4destroyinlinedatanolock() (bsc#1255164).
• CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
• CVE-2025-68286: drm/amd/display: Check NULL before accessing (bsc#1255351).
• CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
• CVE-2025-68303: platform/x86: intel: punit_ipc: fix memory corruption (bsc#1255122).
• CVE-2025-68305: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (bsc#1255169).
• CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
• CVE-2025-68337: jbd2: avoid bugon in jbd2journalgetcreate_access() when file system corrupted (bsc#1255482).
• CVE-2025-68349: NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid (bsc#1255544).
• CVE-2025-68354: regulator: core: Protect regulatorsupplyaliaslist with regulatorlist_mutex (bsc#1255553).
• CVE-2025-68362: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb() (bsc#1255611).
• CVE-2025-68366: nbd: defer config unlock in nbdgenlconnect (bsc#1255622).
• CVE-2025-68367: macintosh/machid: fix race condition in machidtoggleemumouse (bsc#1255547).
• CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
• CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
• CVE-2025-68740: ima: Handle error code returned by imafilterrule_match() (bsc#1255812).
• CVE-2025-68757: drm/vgem-fence: Fix potential deadlock on release (bsc#1255943).
• CVE-2025-68767: hfsplus: Verify inode mode when loading from disk (bsc#1256580).
• CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2findvictim_chain (bsc#1256582).
• CVE-2025-68774: hfsplus: fix missing hfsbnodeget() in __hfsbnodecreate (bsc#1256585).
• CVE-2025-68783: ALSA: usb-mixer: us16x08: validate meter packet indices (bsc#1256650).
• CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
• CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
• CVE-2025-68797: char: applicom: fix NULL pointer dereference in ac_ioctl (bsc#1256660).
• CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
• CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
• CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
• CVE-2025-71082: Bluetooth: btusb: revert use of devm_kzalloc in btusb (bsc#1256611).
• CVE-2025-71085: ipv6: BUG() in pskbexpandhead() as part of calipsoskbuffsetattr() (bsc#1256623).
• CVE-2025-71087: iavf: fix off-by-one issues in iavfconfigrss_reg() (bsc#1256628).
• CVE-2025-71091: team: fix check for port enabled in teamqueueoverrideportprio_changed() (bsc#1256773).
• CVE-2025-71093: e1000: fix OOB in e1000tbishould_accept() (bsc#1256777).
• CVE-2025-71096: RDMA/core: Check for the presence of LSNLATYPE_DGID correctly (bsc#1256606).
• CVE-2025-71098: ip6gre: make ip6greheader() robust (bsc#1256591).
• CVE-2025-71108: usb: typec: ucsi: Handle incorrect num_connectors capability (bsc#1256774).
• CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
• CVE-2025-71119: powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1205462).
• CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxy_verf (bsc#1256779).
• CVE-2026-22976: net_sched: qfq: Fix double list add in class with netem as child qdisc (bsc#1257035).
• CVE-2026-22978: wifi: avoid kernel-infoleak from struct iw_point (bsc#1257227).
• CVE-2026-22999: net/sched: schqfq: do not free existing class in qfqchange_class() (bsc#1257236).
• CVE-2026-23001: macvlan: Use 'hash' iterators to simplify code (bsc#1257232).
• CVE-2026-23011: ipv4: ipgre: make ipgreheader() robust (bsc#1257207).

The following non security issues were fixed:

• RDMA/rxe: Fix the error caused by qp->sk (bsc#1256122).
• RDMA/srpt: Fix disabling device management (bsc#1255905).
• RDMA/srpt: Fix handling of SR-IOV and iWARP ports (bsc#1255905).
• configfs: factor dirent removal into helpers (bsc#1256184).
• drm/amdgpu: Remove explicit wait after VM validate (bsc#1255428).
• drm/amdgpu: update mappings not managed by KFD (bsc#1255428).
• hwrng: amd - Convert PCIBIOS_* return codes to errnos (bsc#1256386).
• nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1255844).