This update for the SUSE Linux Enterprise kernel 4.12.14-122.231 fixes various security issues
The following security issues were fixed:
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1232818).
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237930).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238324).
- CVE-2022-49179: block, bfq: don't move oom_bfqq (bsc#1241331).
- CVE-2022-49465: blk-throttle: set BIO_THROTTLED when bio has been throttled (bsc#1238920).
- CVE-2022-49545: ALSA: usb-audio: cancel pending work at closing a MIDI substream (bsc#1238730).
- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788).
- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249847).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250302).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230998).
- CVE-2024-46818: drm/amd/display: check gpio_id before used as array index (bsc#1231204).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231676).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231993).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231943).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231862).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1233019).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929).
- CVE-2024-50154: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink() (bsc#1233072).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233712).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when...