The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-26921: Preserve kabi for sk_buff . * CVE-2022-48686: Fix UAF when detecting digest errors . Update blacklist.conf: remove entry * CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl . * CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free . * CVE-2022-48697: Fix a use-after-free . Update blacklist.conf: drop entry from it * CVE-2024-26846: Do not wait in vain when unloading module . * CVE-2021-47496: Fix flipped sign in tls_err_abort calls * CVE-2023-42755: Check user supplied offsets . * CVE-2023-52664: Eliminate double free in error handling logic . * CVE-2023-52796: Add ipvlan_route_v6_outbound helper . * CVE-2021-47246: Fix page reclaim for dead peer hairpin . * CVE-2023-52732: Blocklist the kclient when receiving corrupted snap trace . * CVE-2024-35936: Add missing mutex_unlock in btrfs_relocate_sys_chunks * CVE-2021-47548: Fixed a possible array out-of=bounds * CVE-2024-36029: Pervent access to suspended controller * CVE-2024-26625: Call sock_orphan at release time * CVE-2021-47352: Add validation for used length . * CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass * CVE-2021-47431: Fix gart.bo pin_count leak . * CVE-2024-35935: Handle path ref underflow in header iterate_inode_ref * CVE-2024-26828: Fixed underflow in parse_server_interfaces . * CVE-2021-47423: Fix file release memory leak . * CVE-2022-48710: Fix a possible null pointer dereference . * CVE-2021-47497: Fixed shift-out-of-bound with byte size cells . * CVE-2024-35932: Do not check if plane-greater thanstate-greater thanfb == state-greater thanfb . * CVE-2021-47500: Fixed trigger reference couting . * CVE-2024-35809: Drain runtime-idle callbacks before driver removal . * CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit . * CVE-2021-47511: Fixed negative period/buffer sizes . * CVE-2021-47509: Limit the period size to 16MB . * CVE-2024-35877: Fixed VM_PAT handling in COW mappings . * CVE-2024-35982: Avoid infinite loop trying to resize local TT * CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr . * CVE-2021-47277: Avoid speculation-based attacks from out-of-range memslot accesses . * CVE-2024-35791: Flush pages under kvm-greater thanlock to fix UAF in svm_register_enc_region . * CVE-2021-47401: Fix stack information leak . * CVE-2023-52867: Fix possible buffer overflow . * CVE-2023-52821: Fix a possible null pointer dereference . * CVE-2021-47265: Verify port when creating flow rule * CVE-2021-47362: Update intermediate power state for SI . * CVE-2021-47361: Fix error handling in mcb_alloc_bus . * CVE-2023-52864: Fix opening of char device . * CVE-2022-48708: Fix potential NULL dereference . * CVE-2024-35944: Fixed memcpy run-time warning in dg_dispatch_as_host . * CVE-2021-47238: Fix memory leak in ip_mc_add1_src * CVE-2023-52730: Fix possible resource leaks in some error paths . * CVE-2021-47355: Fix possible use-after-free in nicstar_cleanup . * CVE-2021-47245: Fix out of bounds when parsing TCP options * CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf . * CVE-2023-52747: Restore allocated resources on failed copyout * CVE-2021-47249: Fix memory leak in rds_recvmsg * CVE-2021-47397: Break out if skb_header_pointer returns NULL in sctp_rcv_ootb * CVE-2021-47250: Fix memory leak in netlbl_cipsov4_add_std * CVE-2024-35849: Fix information leak in btrfs_ioctl_logical_to_ino . * CVE-2024-27436: Stop parsing channels bits when all channels are found . * CVE-2021-47281: Fix race of snd_seq_timer_open . * CVE-2024-35789: Clear fast rx for non-4addr in VLAN netdev . * CVE-2024-35830: Register v4l2 async device only after successful setup . * CVE-2021-47334: Fix two use after free in ibmasm_init_one . * CVE-2021-47357: Fix possible use-after-free in ia_module_exit . * CVE-2023-52875: Add check for mtk_alloc_clk_data . * CVE-2023-52865: Add check for mtk_alloc_clk_data . * CVE-2024-35887: Fix use-after-free bugs caused by ax25_ds_del_timer * CVE-2021-47483: Fixed possible double-free in regcache_rbtree_exit . * CVE-2024-26957: Fix reference counting on zcrypt card objects . * CVE-2023-52691: Fix a double-free in si_dpm_init . * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout . * CVE-2023-52586: Fixed mutex lock in control vblank irq . * CVE-2024-27062: Fixed nouveau lock inside client object tree . * CVE-2024-26984: Fix instmem race condition around ptr stores * CVE-2021-46933: Fixed possible underflow in ffs_data_clear . * CVE-2024-27396: Fixed Use-After-Free in gtp_dellink . * CVE-2023-52655: Check packet for fixup for true limit . * CVE-2024-26900: Fixed kmemleak of rdev-greater thanserial . * CVE-2024-27401: Fixed user_length taken into account when fetching packet contents . * CVE-2024-26775: Fixed potential deadlock at set_capacity . * CVE-2024-26958: Fixed UAF in direct writes . * CVE-2022-48704: Add a force flush to delay work when radeon * CVE-2021-47206: Check return value after calling platform_get_resource . * CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit * CVE-2024-26996: Fix UAF ncm object at re-bind after usb transport error . * CVE-2024-26874: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter . The following non-security bugs were fixed: * af_unix: annote lockless accesses to unix_tot_inflight gc_in_progress . * af_unix: Do not use atomic ops for unix_sk-greater thaninflight . * af_unix: Replace BUG_ON with WARN_ON_ONCE . * ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value . * assoc_array: Fix BUG_ON during garbage collect. * autofs: fix a leak in autofs_expire_indirect * Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working . * btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit * btrfs: check if root is readonly while setting security xattr * btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag * btrfs: do not get an EINTR during drop_snapshot for reloc * btrfs: do not stop integrity writeback too early * btrfs: Explicitly handle btrfs_update_root failure * btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP * btrfs: fix btrfs_prev_leaf to not return the same key twice * btrfs: fix deadlock when writing out space cache * Btrfs: fix incorrect {node,sector}size endianness from BTRFS_IOC_FS_INFO * btrfs: fix lockdep splat and potential deadlock after failure running delayed items * btrfs: fix lost error handling when looking up extended ref on log replay * btrfs: Fix NULL pointer exception in find_bio_stripe * btrfs: Fix out of bounds access in btrfs_search_slot * btrfs: fix race when deleting quota root from the dirty cow roots list * btrfs: fix range_end calculation in extent_write_locked_range * btrfs: fix return value mixup in btrfs_get_extent * btrfs: fix unaligned access in readdir * btrfs: limit device extents to the device size * btrfs: prevent to set invalid default subvolid * btrfs: record delayed inode root in transaction * btrfs: scrub: reject unsupported scrub flags * btrfs: send: ensure send_fd is writable * btrfs: send: in case of IO error log it * btrfs: send: limit number of clones and allocated memory size * btrfs: sysfs: use NOFS for device creation Adjustment: add #include * btrfs: tree-checker: add missing return after error in root_item * btrfs: tree-checker: add missing returns after data_ref alignment checks * btrfs: tree-checker: do not error out if extent ref hash does not match * btrfs: tree-checker: fix inline ref size in error messages * btrfs: tree-checker: Fix misleading group system information * btrfs: undo writable superblocke when sprouting fails * btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl * ecryptfs: fix a memory leak bug in ecryptfs_init_messaging * ecryptfs: fix a memory leak bug in parse_tag_1_packet * ecryptfs: fix kernel panic with null dev_name * ecryptfs: Fix typo in message * ep_create_wakeup_source: dentry name can change under you * exportfs_decode_fh: negative pinned may become positive without the parent locked * fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes * fscrypt: clean up some BUG_ONs in block encryption/decryption * ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping . * ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data . * kprobes: Fix possible use-after-free issue on kprobe registration . * KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M . * l2tp: pass correct message length to ip6_append_data . * lib/mpi: use kcalloc in mpi_resize . * list: fix a data-race around ep-greater thanrdllist . * net: 9p: avoid freeing uninit memory in p9pdu_vreadf . * net: tcp: fix unexcepted socket die when snd_wnd is 0 . * net: usb: ax88179_178a: stop lying about skb-greater thantruesize . * net: usb: smsc95xx: stop lying about skb-greater thantruesize . * net: usb: sr9700: stop lying about skb-greater thantruesize . * net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete . * net/smc: fix fallback failed while sendmsg with fastopen . * netfilter: nf_queue: augment nfqa_cfg_policy . * netfilter: nft_compat: explicitly reject ERROR and standard target . * netfilter: x_tables: set module owner for icmp matches . * nfc: change order inside nfc_se_io error path . * powerpc/pseries/lparcfg: drop error message from guest name lookup . * ppdev: Add an error check in register_device . * rds: avoid unenecessary cong_update in loop transport . * rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp . * ring-buffer: Clean ring_buffer_poll_wait error return . * ring-buffer: Fix a race between readers and resize checks . * rxrpc: Do not put crypto buffers on the stack . * rxrpc: Fix a memory leak in rxkad_verify_response . * rxrpc: Provide a different lockdep key for call-greater thanuser_mutex for kernel calls . * rxrpc: The mutex lock returned by rxrpc_accept_call needs releasing . * rxrpc: Work around usercopy check . * s390/cpum_cf: make crypto counters upward compatible across machine types . * s390/pci: fix max size calculation in zpci_memcpy_toio . * tcp: tcp_make_synack can be called from process context . * tracing: Fix blocked reader of snapshot buffer . * tracing: hide unused ftrace_event_id_fops . * tracing: Use .flush call to wake up readers . * tracing: Use strncpy instead of memcpy when copying comm in trace.c . * usb: aqc111: stop lying about skb-greater thantruesize . * wifi: cfg80211: avoid leaking stack data into trace . * wifi: radiotap: fix kernel-doc notation warnings . ## Special Instructions and Notes: * Please reboot the system after installing this update.