SUSE-IU-2025:730-1: Security update of suse/sle-micro/kvm-5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 12 08:05:14 UTC 2025 

SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:730-1
Image Tags        : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.292 , suse/sle-micro/kvm-5.5:latest
Image Release     : 3.5.292
Severity          : important
Type              : security
References        : 1208995 1220946 1225742 1232472 1232919 1233701 1233749 1234154
                        1234650 1234853 1234891 1234963 1235054 1235061 1235073 1235111
                        1236133 1236289 1236576 1236661 1236677 1236757 1236758 1236760
                        1236761 1236777 1236951 1237025 1237028 1237139 1237316 1237693
                        1238033 CVE-2022-49080 CVE-2023-1192 CVE-2023-52572 CVE-2024-50115
                        CVE-2024-53135 CVE-2024-53173 CVE-2024-53226 CVE-2024-53239 CVE-2024-56539
                        CVE-2024-56548 CVE-2024-56605 CVE-2024-57948 CVE-2025-21647 CVE-2025-21690
                        CVE-2025-21692 CVE-2025-21699 
-----------------------------------------------------------------

The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:833-1
Released:    Tue Mar 11 11:53:19 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576)
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).

The following non-security bugs were fixed:

- cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777).
- iavf: fix the waiting time for initial reset (bsc#1235111).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: introduce a function to check if a netdev name is in use (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: minor __dev_alloc_name() optimization (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472).
- rcu: Remove rcu_is_idle_cpu() (bsc#1236289).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289).
- x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289).
- x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289).
- x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289).
- x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289).
- x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289).
- x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289).
- x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289).
- x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289).
- x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
- x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (bsc#1236951).


The following package changes have been done:

- kernel-default-base-5.14.21-150500.55.97.1.150500.6.45.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.152 updated

More information about the sle-container-updates mailing list