SUSE-SU-2025:21180-1

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).
• CVE-2025-38653: proc: use the same treatment to check proclseek as ones for procread_iter et.al (bsc#1248630).
• CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
• CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
• CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
• CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
• CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).
• CVE-2025-39812: sctp: initialize more fields in sctpv6from_sk() (bsc#1250202).
• CVE-2025-39866: fs: writeback: fix use-after-free in __markinodedirty() (bsc#1250455).
• CVE-2025-39876: net: fec: Fix possible NPD in fecenetphyresetafterclkenable() (bsc#1250400).
• CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
• CVE-2025-39895: sched: Fix schednumafindnthcpu() if mask offline (bsc#1250721).
• CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).
• CVE-2025-39911: i40e: fix IRQ freeing in i40evsirequestirqmsix error path (bsc#1250704).
• CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
• CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
• CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
• CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).
• CVE-2025-39955: tcp: Clear tcpsk(sk)->fastopenrsk in tcp_disconnect() (bsc#1251804).
• CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809).
• CVE-2025-39963: iouring: fix incorrect iokiocb reference in iolinkskb (bsc#1251819).
• CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
• CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
• CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
• CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
• CVE-2025-39972: i40e: fix idx validation in i40evalidatequeue_map (bsc#1252039).
• CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
• CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2tcadd_flow() (bsc#1252069).
• CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).
• CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
• CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).
• CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89coretxkickoffandwait() (bsc#1252062).
• CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
• CVE-2025-40012: net/smc: fix warning in smcrxsplice() when calling get_page() (bsc#1252330).
• CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup (bsc#1252688).
• CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
• CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
• CVE-2025-40056: vhost: vringh: Fix copytoiter return value check (bsc#1252826).
• CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
• CVE-2025-40078: bpf: Explicitly check accesses to bpfsockaddr (bsc#1252789).
• CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
• CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).

The following non security issues were fixed:

• add bug reference to existing hv_netvsc change (bsc#1252265)
• amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).
• cgroup/cpuset: Remove remotepartitioncheck() & make updatecpumaskshier() handle remote partition (bsc#1241166).
• cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
• cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
• doc/README.SUSE: Correct the character used for TAINTNOSUPPORT The character was previously 'N', but upstream used it for TAINTTEST, which prompted the change of TAINTNO_SUPPORT to 'n'.
• dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
• dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
• dpll: zl3073x: Add low-level flash functions (bsc#1252253).
• dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
• dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
• dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
• dpll: zl3073x: Fix double free in zl3073xdevlinkflash_update() (bsc#1252253).
• dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
• dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
• dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
• dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
• drm/amd/pm: fix smu table id bound check issue in smucmnupdate_table() (git-fixes).
• drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
• ixgbe: handle IXGBEVFFEATURES_NEGOTIATE mbox cmd (bsc#1247222).
• ixgbe: handle IXGBEVFGETPFLINK_STATE mailbox operation (bsc#1247222).
• ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
• ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
• kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).
• kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
• kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
• nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
• perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).
• phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
• powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
• proc: fix missing pdesetflags() for net proc files (bsc#1248630)
• proc: fix type confusion in pdesetflags() (bsc#1248630)
• rpm/check-for-config-changes: ignore CONFIGSCHEDPROXY_EXEC, too (bsc#1250946)
• scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
• x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).
• x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
• x86/resctrl: Refactor resctrlarchrmid_read() (bsc#1252734).
• x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).