SUSE-SU-2026:21352-1

CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow (bsc#1252073).
CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759).
CVE-2026-23072: l2tp: Fix memleak in l2tpudpencap_recv() (bsc#1257708).
CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
CVE-2026-23120: l2tp: avoid one data-race in l2tptunneldel_work() (bsc#1258280).
CVE-2026-23125: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT (bsc#1258293).
CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301).
CVE-2026-23140: bpf, testrun: Subtract size of xdpframe from allowed metadata size (bsc#1258305).
CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount() (bsc#1258414).
CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
CVE-2026-23204: net: add skbheaderpointer_careful() helper (bsc#1258340).
CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount() (bsc#1258447).
CVE-2026-23231: netfilter: nftables: fix use-after-free in nftables_addchain() (bsc#1259188).
CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
CVE-2026-23240: tls: Fix race condition in tlsswcancelworktx() (bsc#1259484).
CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumad_write (bsc#1259797).
CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
CVE-2026-23281: wifi: libertas: fix use-after-free in lbsfreeadapter() (bsc#1260464).
CVE-2026-23292: scsi: target: Fix recursive locking in __configfsopenfile() (bsc#1260500).
CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
CVE-2026-23297: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit() (bsc#1260490).
CVE-2026-23304: ipv6: fix NULL pointer deref in ip6rtgetdevrcu() (bsc#1260544).
CVE-2026-23319: bpf: Fix a UAF issue in bpftrampolinelinkcgroupshim (bsc#1260735).
CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).
CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdmacreateuser_ah() (bsc#1260550).
CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
CVE-2026-23386: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL (bsc#1260799).
CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
CVE-2026-23398: icmp: fix NULL pointer dereference in icmptagvalidation() (bsc#1260730).
CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
CVE-2026-23414: tls: Purge asynchold in tlsdecryptasyncwait() (bsc#1261496).
CVE-2026-23419: net/rds: Fix circular locking dependency in rdstcptune (bsc#1261507).
CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).
CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).

The following non security issues were fixed:

KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
Update config files (bsc#1254307).
apparmor: Fix double free of nsname in aareplace_profiles() (bsc#1258849).
apparmor: fix differential encoding verification (bsc#1258849).
apparmor: fix memory leak in verify_header (bsc#1258849).
apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
apparmor: fix race on rawdata dereference (bsc#1258849).
apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459).
btrfs: tracepoints: get correct superblock from dentry in event btrfssyncfile() (bsc#1257777).
dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).
firmware: microchip: fail auto-update probe if no flash found (git-fixes).
kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).
nvme: expose active quirks in sysfs (bsc#1243208).
nvme: fix memory leak in quirksparamset() (bsc#1243208).
powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).
s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
s390: Disable ARCHWANTOPTIMIZEHUGETLBVMEMMAP (bsc#1254306).
scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
scsi: fnic: Add stats and related functionality (jsc#PED-15441).
scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).
scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).
scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).
scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
scsi: fnic: Code cleanup (jsc#PED-15441).
scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
scsi: fnic: Fix crash in fnicwqcmpl_handler when FDMI times out (jsc#PED-15441).
scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).
scsi: fnic: Fix missing DMA mapping error in fnicsendframe() (jsc#PED-15441).
scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
scsi: fnic: Increment driver version (jsc#PED-15441).
scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
scsi: fnic: Propagate SCSI error code from fnicscsidrv_init() (jsc#PED-15441).
scsi: fnic: Remove always-true ISFNICFCP_INITIATOR macro (jsc#PED-15441).
scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).
scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).
scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).
scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
scsi: fnic: Replace shostprintk() with devinfo()/dev_err() (jsc#PED-15441).
scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).
scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).
scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).
scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
scsi: hisisas: Fix NULL pointer exception during userscan() (bsc#1255687).
scsi: scsitransportsas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).
scsi: smartpqi: Fix memory leak in pqireportphys_luns() (git-fixes, jsc#PED-15042).
selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
tg3: Fix race for querying speed/duplex (bsc#1257183).
x86/platform/uv: Handle deconfigured sockets (bsc#1260347).

References

SUSE-SU-2026:21352-1

Affected packages