SUSE-SU-2026:20720-1

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui() (bsc#1254992).
• CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
• CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587).
• CVE-2025-39964: crypto: afalg - Disallow concurrent writes in afalg_sendmsg (bsc#1251966).
• CVE-2025-40099: cifs: parsedfsreferrals: prevent oob on malformed input (bsc#1252911).
• CVE-2025-40103: smb: client: Fix refcount leak for cifssbtlink (bsc#1252924).
• CVE-2025-68283: libceph: replace BUGON with bounds check for map->maxosd (bsc#1255379).
• CVE-2025-68295: smb: client: fix memory leak in cifsconstructtcon() (bsc#1255129).
• CVE-2025-68374: md: fix rcu protection in mdwakeupthread (bsc#1255530).
• CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698).
• CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683).
• CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
• CVE-2025-68810: KVM: Disallow toggling KVMMEMGUEST_MEMFD on an existing memslot (bsc#1256679).
• CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
• CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
• CVE-2025-71113: crypto: afalg - zero initialize memory allocated via sockkmalloc (bsc#1256716).
• CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755).
• CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
• CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635).
• CVE-2025-71194: btrfs: fix deadlock in waitcurrenttrans() due to ignored transaction type (bsc#1257687).
• CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
• CVE-2026-22979: net: fix memory leak in skbsegmentlist for GRO packets (bsc#1257228).
• CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
• CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec (bsc#1257209).
• CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246).
• CVE-2026-23004: dst: fix races in rt6uncachedlistdel() and rtdeluncachedlist() (bsc#1257231).
• CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
• CVE-2026-23035: net/mlx5e: Pass netdev to mlx5edestroynetdev instead of priv (bsc#1257559).
• CVE-2026-23053: NFS: Fix a deadlock involving nfsreleasefolio() (bsc#1257718).
• CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
• CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
• CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
• CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
• CVE-2026-23083: fou: Don't allow 0 for FOUATTRIPPROTO (bsc#1257745).
• CVE-2026-23084: be2net: Fix NULL pointer dereference in becmdgetmacfrom_list (bsc#1257830).
• CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
• CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
• CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in sndusbmixer_free() (bsc#1257790).
• CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
• CVE-2026-23099: bonding: limit BONDMODE8023AD to Ethernet devices (bsc#1257816).
• CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772).
• CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
• CVE-2026-23105: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfrom_ag (bsc#1257775).
• CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
• CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
• CVE-2026-23111: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate() (bsc#1258181).
• CVE-2026-23112: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec (bsc#1258184).
• CVE-2026-23113: iouring/io-wq: check IOWQBITEXIT inside work run loop (bsc#1258278).
• CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
• CVE-2026-23119: bonding: provide a net pointer to __skbflowdissect() (bsc#1258273).
• CVE-2026-23139: netfilter: nfconncount: update lastgc only when GC has been performed (bsc#1258304).
• CVE-2026-23141: btrfs: send: check for inline extents in rangeisholeinparent() (bsc#1258377).
• CVE-2026-23166: ice: Fix NULL pointer dereference in icevsisetnapiqueues (bsc#1258272).
• CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349).
• CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
• CVE-2026-23179: nvmet-tcp: fixup hang in nvmettcplistendataready() (bsc#1258394).
• CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
• CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
• CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
• CVE-2026-23209: macvlan: fix error recovery in macvlancommonnewlink() (bsc#1258518).
• CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465).
• CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).

The following non security issues were fixed:

• ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
• ALSA: usb-audio: fix broken logic in sndaudigy2nxled_update() (git-fixes).
• ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
• HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
• PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
• Update "drm/mgag200: fix mgag200bmcstop_scanout()" bug number (bsc#1258153)
• Update upstreamed net and powerpc patch references and sorting
• bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
• btrfs: scrub: always update btrfsscrubprogress::last_physical (git-fixes).
• clocksource: Print durations for sync check unconditionally (bsc#1241345).
• clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).
• drm/radeon: delete radeonfenceprocess in is_signaled, no deadlock (stable-fixes).
• ext4: fix iloc.bh leak in ext4xattrinodeupdateref (git-fixes).
• landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
• media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrreg_update() (git-fixes).
• shrinkslabmemcg: clear_bits of skipped shrinkers (bsc#1256564).
• spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
• spi: tegra210-quad: Protect currxfer in tegraqspicombinedseq_xfer (bsc#1257952)
• spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
• staging: rtl8723bs: fix missing status update on sdioallocirq() failure (stable-fixes).
• wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).
• workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)