SUSE-SU-2025:20656-1 Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3: - CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands bsc1245403. None security fixes: - Rebase cloud-init to 24.4 or higher bsc1239715, jscPED-8680. - Fixed cloud-init --debug status bsc1228414. -...

CVE-2023-53123 PCI: s390: Fix use-after-free of PCI resources with per-function hotplug

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device VFs may be removed...

CVE-2023-53123

The CVE-2023-53123 issue affects Linux kernel on s390 where per-function PCI hot-plugging left stale MMIO resources in the PCI and zpci_bus structures, enabling a use-after-free when a VFs are removed and re-added. The fix removes the individually hot-unplugged PCI function’s resources from the P...

CVE-2025-21816 hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHPAPHRTIMERSDYING hrtimers are migrated away from the dying CPU to any online target at the CPUHPAPHRTIMERSDYING stage in order not to delay bandwidth timers handling tasks...

CVE-2024-26891 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through...