Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
• CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
• CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
• CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
• CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
• CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
• CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
• CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
• CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
• CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
• CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
• CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
• CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
• CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
• CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
• CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
• CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
• CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
• CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
• CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
• CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
• CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
• CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
• CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
• CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).

The following non-security bugs were fixed:

• Revert ‘build initrd without systemd’ (bsc#1195775)
• cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
• cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
• cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
• cgroup: Remove unnecessary list_empty() (bsc#1222254).
• cgroup: preserve KABI of cgroup_root (bsc#1222254).
• mkspec-dtb: add toplevel symlinks also on arm
• ocfs2: adjust enabling place for la window (bsc#1219224).
• ocfs2: fix sparse warnings (bsc#1219224).
• ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
• ocfs2: speed up chain-list searching (bsc#1219224).
• random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
• rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
• rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
• rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
• rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 (‘ARM: dts: Move .dts files to vendor sub-directories’). So switch to them.
• scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
• smb: client: ensure to try all targets when finding nested links (bsc#1224020).
• smb: client: guarantee refcounted children from parent session (bsc#1224679).
• x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
• xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).