SUSE-SU-2025:03614-1

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{devname,shortname} (bsc#1246968).
• CVE-2022-50242: drivers: net: qlcnic: Fix potential memory leak in qlcnicsriovinit() (bsc#1249696).
• CVE-2022-50244: cxl: fix possible null-ptr-deref in cxlpciinit_afu|adapter() (bsc#1249647).
• CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
• CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmfcpreinit_dcmds() (bsc#1249947).
• CVE-2022-50265: kcm: annotate data-races around kcm->rx_wait (bsc#1249744).
• CVE-2022-50278: PNP: fix name memory leak in pnpallocdev() (bsc#1249715).
• CVE-2022-50285: mm,hugetlb: take hugetlblock before decrementing h->resvhuge_pages (bsc#1249803).
• CVE-2022-50288: qlcnic: prevent ->dcb use-after-free on qlcnicdcbenable() failure (bsc#1249802).
• CVE-2022-50291: kcm: annotate data-races around kcm->rx_psock (bsc#1249798).
• CVE-2022-50294: wifi: libertas: fix memory leak in lbsinitadapter() (bsc#1249799).
• CVE-2022-50297: wifi: ath9k: verify the expected usb_endpoints are present (bsc#1250250).
• CVE-2022-50304: mm: export bdi_unregister (bsc#1249725).
• CVE-2022-50311: cxl: Fix refcount leak in cxlcalccapp_routing (bsc#1249720).
• CVE-2022-50312: drivers: serial: jsm: fix some leaks in probe (bsc#1249716).
• CVE-2022-50321: wifi: brcmfmac: fix potential memory leak in brcmfnetdevstart_xmit() (bsc#1249706).
• CVE-2022-50330: crypto: cavium - prevent integer overflow loading firmware (bsc#1249700).
• CVE-2022-50349: misc: tifm: fix possible memory leak in tifm7xx1switch_media() (bsc#1249920).
• CVE-2022-50352: net: hns: fix possible memory leak in hnaeaeregister() (bsc#1249922).
• CVE-2022-50359: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (bsc#1250269).
• CVE-2022-50365: skbuff: Account for tail adjustment during pull operations (bsc#1250084).
• CVE-2022-50375: tty: serial: fsllpuart: disable dma rx/tx use flags in lpuartdma_shutdown (bsc#1250132).
• CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
• CVE-2022-50396: net: sched: fix memory leak in tcindexsetparms (bsc#1250104).
• CVE-2022-50402: drivers/md/md-bitmap: check the return value of mdbitmapget_counter() (bsc#1250363).
• CVE-2022-50405: net/tunnel: wait until all skuserdata reader finish before releasing the sock (bsc#1250155).
• CVE-2022-50406: iomap: iomap: fix memory corruption when recording errors during writeback (bsc#1250165).
• CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstart_xmit() (bsc#1250391).
• CVE-2022-50409: net: If sock is dead do not access sock's skwq in skstreamwaitmemory (bsc#1250392).
• CVE-2022-50419: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times (bsc#1250394).
• CVE-2023-53148: igb: Do not bring the device up after non-fatal error (bsc#1249842).
• CVE-2023-53153: wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (bsc#1249877).
• CVE-2023-53176: serial: 8250: Fix oops for port->pm on uartchangepm() (bsc#1249991).
• CVE-2023-53178: mm: zswap: fix missing folio cleanup in writeback race path (bsc#1249827 git-fix).
• CVE-2023-53199: wifi: ath9k: hifusb: clean up skbs if ath9khifusbrx_stream() fails (bsc#1249683).
• CVE-2023-53201: RDMA/bnxt_re: wraparound mbox producer index (bsc#1249687).
• CVE-2023-53226: wifi: mwifiex: Fix oob check condition in mwifiexprocessrx_packet (bsc#1249658).
• CVE-2023-53248: drm/amdgpu: install stub fence into potential unused fence pointers (bsc#1249779).
• CVE-2023-53254: drivers: base: cacheinfo: Fix sharedcpumap changes in event of CPU hotplug (bsc#1249871).
• CVE-2023-53272: net: ena: fix shift-out-of-bounds in exponential backoff (bsc#1249917).
• CVE-2023-53277: wifi: iwl3945: Add missing check for createsinglethreadworkqueue (bsc#1249936).
• CVE-2023-53288: drm/client: Fix memory leak in drmclientmodeset_probe (bsc#1250058).
• CVE-2023-53298: nfc: fix memory leak of seio context in nfcgenlseio (bsc#1249944).
• CVE-2023-53302: wifi: iwl4965: Add missing check for createsinglethreadworkqueue() (bsc#1249958).
• CVE-2023-53305: Bluetooth: L2CAP: Fix use-after-free (bsc#1250049).
• CVE-2023-53309: drm/radeon: Fix integer overflow in radeoncsparser_init (bsc#1250055).
• CVE-2023-53317: ext4: fix WARNING in mbfindextent (bsc#1250081).
• CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
• CVE-2023-53335: RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (bsc#1250072).
• CVE-2023-53344: can: bcm: bcmtxsetup(): fix KMSAN uninit-value in vfs_write (bsc#1250023).
• CVE-2023-53348: btrfs: fix deadlock when aborting transaction during relocation with scrub (bsc#1250018).
• CVE-2023-53365: ip6mr: Fix skbunderpanic in ip6mrcachereport() (bsc#1249988).
• CVE-2023-53384: wifi: mwifiex: avoid possible NULL skb pointer dereference (bsc#1250127).
• CVE-2023-53393: RDMA/mlx5: Fix mlx5ibgethwstats when used for device (bsc#1250114).
• CVE-2023-53395: ACPICA: Add AMLNOOPERAND_RESOLVE flag to Timer (bsc#1250358).
• CVE-2023-53397: modpost: fix off by one in isexecutablesection() (bsc#1250125).
• CVE-2023-53400: ALSA: hda: Fix Oops by 9.1 surround channel names (bsc#1250328).
• CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
• CVE-2023-53441: bpf: cpumap: Fix memory leak in cpumapupdate_elem (bsc#1250150).
• CVE-2024-53194: PCI: Fix use-after-free of slot->bus on hot remove (bsc#1235459).
• CVE-2024-58240: tls: separate no-async decryption request handling from async (bsc#1248847).
• CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
• CVE-2025-38527: smb: client: fix use-after-free in cifsoplockbreak (bsc#1248199).
• CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
• CVE-2025-38572: ipv6: reject malicious packets in ipv6gsosegment() (bsc#1248399).
• CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
• CVE-2025-38602: wifi: iwlwifi: Fix error code in iwlopmodedvmstart() (bsc#1248341).
• CVE-2025-38604: wifi: rtl818x: Kill URBs before clearing tx status queue (bsc#1248333).
• CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
• CVE-2025-38624: PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1248617).
• CVE-2025-38632: pinmux: fix race causing muxowner NULL with active muxusecount (bsc#1248669).
• CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
• CVE-2025-38665: can: netlink: canchangelink(): fix NULL pointer deref of struct canpriv::dosetmode (bsc#1248648).
• CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
• CVE-2025-38701: ext4: do not BUG when INLINEDATAFL lacks system.data xattr (bsc#1249258).
• CVE-2025-38702: fbdev: fix potential buffer overflow in doregisterframebuffer() (bsc#1249254).
• CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334).
• CVE-2025-38712: hfsplus: do not use BUGON() in hfspluscreateattributesfile() (bsc#1249194).
• CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
• CVE-2025-38729: ALSA: usb-audio: Validate UAC3 power domain descriptors, too (bsc#1249164).
• CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).
• CVE-2025-39677: net/sched: Fix backlog accounting in qdiscdequeueinternal (bsc#1249300).
• CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
• CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295).
• CVE-2025-39706: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (bsc#1249413).
• CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
• CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol (bsc#1249538).
• CVE-2025-39754: mm/smaps: fix race between smapshugetlbrange and migration (bsc#1249524).
• CVE-2025-39757: ALSA: usb-audio: Fix size validation in convertchmapv3() (bsc#1249515).
• CVE-2025-39760: usb: core: config: Prevent OOB read in SS endpoint companion parsing (bsc#1249598).
• CVE-2025-39763: ACPICA: Fix error code path in acpidscallcontrolmethod() (bsc#1249615).
• CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513).
• CVE-2025-39773: net: bridge: fix soft lockup in brmulticastquery_expired() (bsc#1249504).
• CVE-2025-39782: jbd2: prevent softlockup in jbd2logdo_checkpoint() (bsc#1249526).
• CVE-2025-39787: soc: qcom: mdtloader: Deal with zero eshentsize (bsc#1249545).
• CVE-2025-39800: btrfs: abort transaction on unexpected eb generation at btrfscopyroot() (bsc#1250177).
• CVE-2025-39808: HID: hid-ntrig: fix unable to handle page fault in ntrigreportversion() (bsc#1250088).
• CVE-2025-39824: HID: asus: fix UAF via HIDCLAIMEDINPUT validation (bsc#1250007).
• CVE-2025-39833: mISDN: hfcpci: Fix warning when deleting uninitialized timer (bsc#1250028).
• CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
• CVE-2025-39847: ppp: fix memory leak in padcompressskb (bsc#1250292).
• CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
• CVE-2025-39860: Bluetooth: Fix use-after-free in l2capsockcleanup_listen() (bsc#1250247).
• CVE-2025-39863: wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work (bsc#1250281).
• CVE-2025-39865: tee: fix NULL pointer dereference in teeshmput (bsc#1250294).
• CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queueprioritymap (bsc#1250406).
• CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
• CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).

The following non-security bugs were fixed:

• Bluetooth: hcicore: Fix calling mgmtdevice_connected (git-fixes).
• CONFIG & no reference -> OK temporarily, must be resolved eventually
• Do not self obsolete older kernel variants
• Limit patch filenames to 100 characters (bsc#1249604).
• build_bug.h: Add KABI assert (bsc#1249186).
• buildbug.h: add wrapper for _Staticassert (bsc#1249186).
• dma-buf: add dmafenceget_stub (bsc#1249779)
• kernel-binary: Another installation ordering fix (bsc#1241353).
• kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
• kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346).
• l2tp: remove unused listhead member in l2tptunnel (git-fixes).
• pptp: fix pptp_xmit() error path (git-fixes).
• rpm: Configure KABI checkingness macro (bsc#1249186).
• rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
• rpm: Link arch-symbols script from scripts directory.
• rpm: Link guards script from scripts directory.
• tipc: improve function tipcwaitfor_cond() (bsc#1249037).
• use uniform permission checks for all mount propagation changes (git-fixes).
• x86/tsc: Append the 'tsc=' description for the 'tsc=unstable' boot parameter (git-fixes).