SUSE-SU-2026:20149-1

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues

The following security issues were fixed:

• CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
• CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672).
• CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248301).
• CVE-2025-38572: ipv6: reject malicious packets in ipv6gsosegment() (bsc#1248400).
• CVE-2025-38588: ipv6: prevent infinite loop in rt6nlmsgsize() (bsc#1249241).
• CVE-2025-38608: bpf, ktls: Fix data corruption when using bpfmsgpop_data() in ktls (bsc#1248670).
• CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537).
• CVE-2025-38617: net/packet: fix a race in packetsetring() and packet_notifier() (bsc#1249208).
• CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY (bsc#1249207).
• CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg() (bsc#1248631).
• CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1250192).
• CVE-2025-39963: iouring: fix incorrect iokiocb reference in iolinkskb (bsc#1251982).
• CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
• CVE-2025-40212: nfsd: fix refcount leak in nfsdsetfh_dentry() (bsc#1254196).

The following non security issues were fixed:

• Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).
• powerpc64/modules: correctly iterate over stubs in setupftraceool_stubs (bsc#1251956).
• fix addrbitset() issue on big-endian machines (bsc#1256928).