SUSE-SU-2022:4613-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 23 14:44:04 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:4613-1
Rating:             important
References:         #1065729 #1071995 #1156395 #1184350 #1189297 
                    #1192761 #1200845 #1201455 #1203144 #1203746 
                    #1204017 #1204142 #1204215 #1204241 #1204328 
                    #1204446 #1204631 #1204636 #1204693 #1204780 
                    #1204791 #1204810 #1204827 #1204850 #1204868 
                    #1204934 #1204957 #1204963 #1204967 #1205128 
                    #1205130 #1205186 #1205220 #1205329 #1205330 
                    #1205428 #1205473 #1205514 #1205617 #1205671 
                    #1205700 #1205705 #1205709 #1205753 #1205796 
                    #1205984 #1205985 #1205986 #1205987 #1205988 
                    #1205989 #1206032 #1206037 #1206207 
Cross-References:   CVE-2022-2602 CVE-2022-28693 CVE-2022-3567
                    CVE-2022-3628 CVE-2022-3635 CVE-2022-3707
                    CVE-2022-3903 CVE-2022-4095 CVE-2022-4129
                    CVE-2022-4139 CVE-2022-41850 CVE-2022-41858
                    CVE-2022-42895 CVE-2022-42896 CVE-2022-4378
                    CVE-2022-43945 CVE-2022-45934
CVSS scores:
                    CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
                    CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
                    CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Realtime 15-SP3
                    SUSE Linux Enterprise Real Time 15-SP3
                    openSUSE Leap 15.3
                    openSUSE Leap Micro 5.2
______________________________________________________________________________

   An update that solves 17 vulnerabilities and has 37 fixes
   is now available.

Description:

   The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
   - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file
     drivers/atm/idt77252.c (bsc#1204631).
   - CVE-2022-41850: Fixed a race condition in roccat_report_event() in
     drivers/hid/hid-roccat.c (bsc#1203960).
   - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in
     l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
   - CVE-2022-3628: Fixed potential buffer overflow in
     brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
   - CVE-2022-3567: Fixed a to race condition in
     inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
   - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in
     drivers/net/slip (bsc#1205671).
   - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation
     (bsc#1205128).
   - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
   - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver
     USB driver (bsc#1205220).
   - CVE-2022-2602: Fixed a local privilege escalation vulnerability
     involving Unix socket Garbage Collection and io_uring (bsc#1204228).
   - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU
     to access any physical memory (bsc#1205700).
   - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
     Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
     race condition and NULL pointer dereference. (bsc#1205711)
   - CVE-2022-42895: Fixed an information leak in the
     net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to
     leak kernel pointers remotely (bsc#1205705).
   - CVE-2022-42896: Fixed a use-after-free vulnerability in the
     net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req()
     which may have allowed code execution and leaking kernel memory
     (respectively) remotely via Bluetooth (bsc#1205709).
   - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver
     (bsc#1204780).

   The following non-security bugs were fixed:

   - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
   - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
   - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
   - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
   - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
     (git-fixes).
   - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source",
     "Routee" -> "Route" (git-fixes).
   - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
   - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
   - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
   - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
   - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
   - ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
   - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
   - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
     wm5102_probe" (git-fixes).
   - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
     wm5110_probe" (git-fixes).
   - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
   - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
     wm8997_probe" (git-fixes).
   - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
     (git-fixes).
   - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
   - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
     (git-fixes).
   - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
   - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
   - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
   - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus
     hardening (bsc#1204017).
   - Drivers: hv: vmbus: Drop error message when 'No request id available'
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device
     (git-fixes).
   - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero
     (bsc#1204017).
   - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
     (git-fixes).
   - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
   - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
   - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
   - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
   - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
     (git-fixes).
   - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
   - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
     (git-fixes).
   - Drivers: hv: vmbus: fix double free in the error path of
     vmbus_add_channel_work() (git-fixes).
   - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
     (git-fixes).
   - Drivers: hv: vmbus: remove unused function (git-fixes).
   - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
   - Input: i8042 - fix leaking of platform device on module removal
     (git-fixes).
   - Input: iforce - invert valid length check when fetching device IDs
     (git-fixes).
   - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
     (git-fixes).
   - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1
     (git-fixes).
   - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT)
     (git-fixes).
   - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only
     when apicv is globally disabled (git-fixes).
   - KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
   - KVM: s390: Fix handle_sske page fault handling (git-fixes).
   - KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
   - KVM: s390: get rid of register asm usage (git-fixes).
   - KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
   - KVM: s390: pv: do not allow userspace to set the clock under PV
     (git-fixes).
   - KVM: s390: pv: leak the topmost page table when destroy fails
     (git-fixes).
   - KVM: s390: reduce number of IO pins to 1 (git-fixes).
   - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
   - NFS: Refactor nfs_instantiate() for dentry referencing callers
     (bsc#1204215).
   - NFSv3: use nfs_add_or_obtain() to create and reference inodes
     (bsc#1204215).
   - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
     (bsc#1204446).
   - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
   - PCI: hv: Drop msi_controller structure (bsc#1204446).
   - PCI: hv: Fix a race condition when removing the device (bsc#1204446).
   - PCI: hv: Fix sleep while in non-sleep context when removing child
     devices from the bus (bsc#1204446).
   - PCI: hv: Fix synchronization between channel callback and
     hv_compose_msi_msg() (bsc#1204017).
   - PCI: hv: Fix synchronization between channel callback and
     hv_pci_bus_exit() (bsc#1204017).
   - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
     (bsc#1200845).
   - PCI: hv: Fix typo (bsc#1204446).
   - PCI: hv: Remove bus device removal unused refcount/functions
     (bsc#1204446).
   - PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
   - PCI: hv: Support for create interrupt v3 (bsc#1204446).
   - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors
     (bsc#1204446).
   - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus
     hardening (bsc#1204017).
   - RDMA/core/sa_query: Remove unused argument (git-fixes)
   - RDMA/hns: Fix spelling mistakes of original (git-fixes)
   - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
   - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
   - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
   - RDMA/rxe: Fix memory leak in error path code (git-fixes)
   - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
   - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
   - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
   - USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
   - USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
   - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
   - USB: serial: option: remove old LARA-R6 PID (git-fixes).
   - USB: serial: option: remove old LARA-R6 PID.
   - Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
   - add another bug reference to some hyperv changes (bsc#1205617).
   - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
   - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
   - arm64: dts: juno: Add thermal critical trip points (git-fixes)
   - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
   - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
     (git-fixes).
   - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
   - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
   - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
   - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
   - blk-crypto: fix check for too-large dun_bytes (git-fixes).
   - blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
     (git-fixes).
   - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created
     (git-fixes).
   - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
   - blktrace: Trace remapped requests correctly (git-fixes).
   - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
     (git-fixes).
   - block: Add a helper to validate the block size (git-fixes).
   - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
   - block: ataflop: fix breakage introduced at blk-mq refactoring
     (git-fixes).
   - block: ataflop: more blk-mq refactoring fixes (git-fixes).
   - block: fix infinite loop for invalid zone append (git-fixes).
   - block: limit request dispatch loop duration (git-fixes).
   - block: nbd: add sanity check for first_minor (git-fixes).
   - block: use "unsigned long" for blk_validate_block_size() (git-fixes).
   - bus: sunxi-rsb: Support atomic transfers (git-fixes).
   - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
   - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
     (git-fixes).
   - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
     (git-fixes).
   - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
   - ceph: do not access the kiocb after aio requests (bsc#1205984).
   - ceph: fix fscache invalidation (bsc#1205985).
   - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
   - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
     (bsc#1205986).
   - ceph: request Fw caps before updating the mtime in ceph_write_iter
     (bsc#1205987).
   - cifs: skip extra NULL byte in filenames (bsc#1204791).
   - dm era: commit metadata in postsuspend after worker stops (git-fixes).
   - dm integrity: set journal entry unused when shrinking device (git-fixes).
   - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
   - dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
   - dm raid: fix accesses beyond end of raid member array (git-fixes).
   - dm raid: fix address sanitizer warning in raid_resume (git-fixes).
   - dm raid: fix address sanitizer warning in raid_status (git-fixes).
   - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
     (git-fixes).
   - dm verity fec: fix misaligned RS roots IO (git-fixes).
   - dm writecache: fix writing beyond end of underlying device when
     shrinking (git-fixes).
   - dm writecache: return the exact table values that were set (git-fixes).
   - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
   - dm: fix request-based DM to not bounce through indirect dm_submit_bio
     (git-fixes).
   - dm: remove special-casing of bio-based immutable singleton target on
     NVMe (git-fixes).
   - dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
   - dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
   - dmaengine: at_hdmac: Check return code of dma_async_device_register
     (git-fixes).
   - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable
     (git-fixes).
   - dmaengine: at_hdmac: Do not start transactions at tx_submit level
     (git-fixes).
   - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
   - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of
     errors (git-fixes).
   - dmaengine: at_hdmac: Fix impossible condition (git-fixes).
   - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
     (git-fixes).
   - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
   - drivers/hv: remove obsolete TODO and fix misleading typo in comment
     (git-fixes).
   - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
   - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
   - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
   - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
   - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
   - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
   - drivers: hv: vmbus: Replace symbolic permissions by octal permissions
     (git-fixes).
   - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
   - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
   - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
   - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
   - drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
   - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
     (git-fixes).
   - drm/panel: simple: set bpc field for logic technologies displays
     (git-fixes).
   - drm/rockchip: dsi: Force synchronous probe (git-fixes).
   - drm/vc4: Fix missing platform_unregister_drivers() call in
     vc4_drm_register() (git-fixes).
   - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
     (git-fixes).
   - fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
   - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
   - ftrace: Fix char print issue in print_ip_ins() (git-fixes).
   - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
   - ftrace: Fix the possible incorrect kernel message (git-fixes).
   - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
   - ftrace: Optimize the allocation for mcount entries (git-fixes).
   - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
   - fuse: add file_modified() to fallocate (bsc#1205330).
   - fuse: fix readdir cache race (bsc#1205329).
   - hamradio: fix issue of dev reference count leakage in bpq_device_event()
     (git-fixes).
   - hv: hyperv.h: Remove unused inline functions (git-fixes).
   - hv_netvsc: Add a comment clarifying batching logic (git-fixes).
   - hv_netvsc: Add check for kvmalloc_array (git-fixes).
   - hv_netvsc: Add error handling while switching data path (bsc#1204850).
   - hv_netvsc: Allocate the recv_buf buffers after
     NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
   - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
   - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
   - hv_netvsc: Fix race between VF offering and VF association message from
     host (bsc#1204850).
   - hv_netvsc: Print value of invalid ID in
     netvsc_send_{completion,tx_complete}() (git-fixes).
   - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
   - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
   - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - hv_netvsc: Validate number of allocated sub-channels (git-fixes).
   - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
   - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
   - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
   - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
   - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
     (git-fixes).
   - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
   - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
     (git-fixes).
   - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
   - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
   - iio: adc: at91_adc: fix possible memory leak in
     at91_adc_allocate_trigger() (git-fixes).
   - iio: core: Fix entry not deleted when iio_register_sw_trigger_type()
     fails (git-fixes).
   - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
   - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
     (git-fixes).
   - iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
   - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
   - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
     (git-fixes).
   - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
     (git-fixes).
   - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
   - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
   - kABI: Fix after adding trace_iterator.wait_index (git-fixes).
   - kABI: remove new member of usbip_device (git-fixes).
   - kabi: fix transport_add_device change (git-fixes).
   - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
   - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
   - loop: Check for overflow while configuring loop (git-fixes).
   - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
   - mISDN: fix possible memory leak in mISDN_dsp_element_register()
     (git-fixes).
   - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
   - md/raid5: Ensure stripe_fill happens on non-read IO with journal
     (git-fixes).
   - md: Replace snprintf with scnprintf (git-fixes).
   - media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
   - media: meson: vdec: fix possible refcount leak in vdec_probe()
     (git-fixes).
   - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
     (git-fixes).
   - media: venus: dec: Handle the case where find_format fails (git-fixes).
   - media: vim2m: initialize the media device earlier (git-fixes).
   - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
   - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
     (git-fixes).
   - mmc: core: properly select voltage range without power cycle (git-fixes).
   - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
     (git-fixes).
   - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
   - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD#
     debounce timeout (git-fixes).
   - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
     (git-fixes).
   - nbd: Fix use-after-free in pid_show (git-fixes).
   - nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
     (git-fixes).
   - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
   - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).
   - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
   - net: ethernet: nixge: fix NULL dereference (git-fixes).
   - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
     (git-fixes).
   - net: hyperv: remove use of bpf_op_t (git-fixes).
   - net: netvsc: remove break after return (git-fixes).
   - net: phy: fix null-ptr-deref while probe() failed (git-fixes).
   - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
   - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
   - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
     (git-fixes).
   - nfc/nci: fix race with opening and closing (git-fixes).
   - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
     (git-fixes).
   - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
     (git-fixes).
   - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
     (git-fixes).
   - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
   - nfsd: set the server_scope during service startup (bsc#1203746).
   - null_blk: Fail zone append to conventional zones (git-fixes).
   - null_blk: synchronization fix for zoned device (git-fixes).
   - nvmem: core: Check input parameter for NULL in nvmem_unregister()
     (bsc#1204241).
   - panic, kexec: make __crash_kexec() NMI safe (git-fixes).
   - parport_pc: Avoid FIFO port location truncation (git-fixes).
   - phy: stm32: fix an error code in probe (git-fixes).
   - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
     (git-fixes).
   - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
   - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
   - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
   - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
   - printk: use atomic updates for klogd work (bsc#1204934).
   - printk: wake waiters for safe and NMI contexts (bsc#1204934).
   - r8152: Add MAC passthrough support to new device (git-fixes).
   - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
   - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
   - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
   - regulator: core: fix UAF in destroy_regulator() (git-fixes).
   - regulator: core: fix kobject release warning and memory leak in
     regulator_register() (git-fixes).
   - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
   - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
   - ring-buffer: Allow splice to read previous partially read pages
     (git-fixes).
   - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
     (git-fixes).
   - ring-buffer: Check pending waiters when doing wake ups as well
     (git-fixes).
   - ring-buffer: Fix race between reset page and reading page (git-fixes).
   - ring-buffer: Have the shortest_full queue be the shortest not longest
     (git-fixes).
   - ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
   - ring_buffer: Do not deactivate non-existant pages (git-fixes).
   - rndis_host: increase sleep time in the query-response loop (git-fixes).
   - rtc: mt6397: fix alarm register overwrite (git-fixes).
   - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
   - s390/cpcmd: fix inline assembly register clobbering (git-fixes).
   - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
     (git-fixes).
   - s390/disassembler: increase ebpf disasm buffer size (git-fixes).
   - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
     (bsc#1205428 LTC#200501).
   - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
     (bsc#1203144 LTC#199881).
   - s390/mm: use non-quiescing sske for KVM switch to keyed guest
     (git-fixes).
   - s390/pci: add missing EX_TABLE entries to
     __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
   - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
   - s390/uaccess: add missing EX_TABLE entries to __clear_user(),
     copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and
     __strnlen_user() (bsc#1205428 LTC#200501).
   - s390/vtime: fix inline assembly clobber list (git-fixes).
   - s390/zcore: fix race when reading from hardware system area (git-fixes).
   - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes).
   - s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
   - s390: fix double free of GS and RI CBs on fork() failure (git-fixes).
   - s390: fix nospec table alignments (git-fixes).
   - s390: mark __cpacf_query() as __always_inline (git-fixes).
   - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
   - scsi: drivers: base: Propagate errors through the transport component
     (git-fixes).
   - scsi: drivers: base: Support atomic version of
     attribute_container_device_trigger (git-fixes).
   - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729
     bsc#1204810 ltc#200162).
   - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
   - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver
     info (bsc#1204957).
   - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs
     (bsc#1204957).
   - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
   - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited"
     (bsc#1204957).
   - scsi: lpfc: Log when congestion management limits are in effect
     (bsc#1204957).
   - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off
     (bsc#1204957).
   - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
   - scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
   - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
   - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
     (bsc#1204963).
   - scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
     (git-fixes).
   - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
   - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
   - scsi: storvsc: Fix handling of srb_status and capacity change events
     (git-fixes).
   - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer
     (bsc#1204017).
   - scsi: storvsc: Fix validation for unsolicited incoming packets
     (bsc#1204017).
   - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
   - scsi: storvsc: Miscellaneous code cleanups (git-fixes).
   - scsi: storvsc: Parameterize number hardware queues (git-fixes).
   - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
   - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
   - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
   - scsi: storvsc: Update error logging (git-fixes).
   - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs
     (bsc#1204017).
   - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
     (git-fixes).
   - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus
     hardening (bsc#1204017).
   - scsi: storvsc: Validate length of incoming packet in
     storvsc_on_channel_callback() (bsc#1204017).
   - scsi: zfcp: Fix double free of FSF request when qdio send fails
     (git-fixes).
   - scsi: zfcp: Fix missing auto port scan and thus missing target ports
     (git-fixes).
   - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
   - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
     omap8250_remove() (git-fixes).
   - serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
   - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
   - serial: 8250_omap: remove wait loop from Errata i202 workaround
     (git-fixes).
   - serial: imx: Add missing .thaw_noirq hook (git-fixes).
   - siox: fix possible memory leak in siox_device_add() (git-fixes).
   - slimbus: stream: correct presence rate frequencies (git-fixes).
   - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input
     clock (git-fixes).
   - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
   - staging: greybus: light: fix a couple double frees (git-fixes).
   - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).
   - tracing/ring-buffer: Have polling block on watermark (git-fixes).
   - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
   - tracing: Disable interrupt or preemption before acquiring
     arch_spinlock_t (git-fixes).
   - tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
   - tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
   - tracing: Simplify conditional compilation code in tracing_set_tracer()
     (git-fixes).
   - tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
   - tracing: Wake up waiters when tracing is disabled (git-fixes).
   - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
   - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
   - usb: dwc3: exynos: Fix remove() function (git-fixes).
   - usb: dwc3: fix PHY disable sequence (git-fixes).
   - usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
   - usb: dwc3: gadget: Fix null pointer exception (git-fixes).
   - usb: dwc3: qcom: fix runtime PM wakeup.
   - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
   - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
     controller (git-fixes).
   - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes).
   - usbip: stub-dev synchronize sysfs code paths (git-fixes).
   - usbip: stub_dev: remake locking for kABI (git-fixes).
   - usbip: synchronize event handler with sysfs code paths (git-fixes).
   - usbip: usbip_event: use global lock (git-fixes).
   - usbip: vudc synchronize sysfs code paths (git-fixes).
   - usbip: vudc_sysfs: use global lock (git-fixes).
   - use __netdev_notify_peers in hyperv (git-fixes).
   - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"
   - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"
     (bsc#1200845)
   - vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
   - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
     (git-fixes).
   - virtio-blk: Use blk_validate_block_size() to validate block size
     (git-fixes).
   - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
   - virtio_blk: fix the discard_granularity and discard_alignment queue
     limits (git-fixes).
   - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes).
   - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
   - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
   - wifi: cfg80211: silence a sparse RCU warning (git-fixes).
   - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
     (git-fixes).
   - workqueue: do not skip lockdep work dependency in cancel_work_sync()
     (bsc#1204967).
   - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from
     S3 (bsc#1206037).
   - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
   - x86/hyperv: Output host build info as normal Windows version number
     (git-fixes).
   - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
   - x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
   - x86/microcode/AMD: Apply the patch early on every logical thread
     (bsc#1205264).
   - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery
     (git-fixes).
   - x86/xen: Distribute switch variables for initialization (git-fixes).
   - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
   - xen-blkback: prevent premature module unload (git-fixes).
   - xen-netback: correct success/error reporting for the SKB-with-fraglist
     case (git-fixes).
   - xen/balloon: fix balloon kthread freezing (git-fixes).
   - xen/balloon: fix ballooned page accounting without hotplug enabled
     (git-fixes).
   - xen/balloon: fix cancelled balloon action (git-fixes).
   - xen/balloon: use a kernel thread instead a workqueue (git-fixes).
   - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
   - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
   - xen/gntdev: Prevent leaking grants (git-fixes).
   - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
   - xen/privcmd: Corrected error handling path (git-fixes).
   - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
   - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
   - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
     (git-fixes).
   - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
   - xen: Fix event channel callback via INTX/GSI (git-fixes).
   - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
     (git-fixes).
   - xenbus: req->body should be updated before req->state (git-fixes).
   - xenbus: req->err should be updated before req->state (git-fixes).
   - xfs: Lower CIL flush limit for large logs (git-fixes).
   - xfs: Throttle commits on delayed background CIL push (git-fixes).
   - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
   - xfs: check owner of dir3 blocks (git-fixes).
   - xfs: factor common AIL item deletion code (git-fixes).
   - xfs: open code insert range extent split helper (git-fixes).
   - xfs: rework collapse range into an atomic operation (git-fixes).
   - xfs: rework insert range into an atomic operation (git-fixes).
   - xfs: tail updates only need to occur when LSN changes (git-fixes).
   - xfs: trylock underlying buffer on dquot flush (git-fixes).
   - xfs: xfs_buf_corruption_error should take __this_address (git-fixes).
   - xhci: Remove device endpoints from bandwidth list when freeing the
     device (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap Micro 5.2:

      zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4613=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-4613=1

   - SUSE Linux Enterprise Module for Realtime 15-SP3:

      zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-4613=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4613=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4613=1



Package List:

   - openSUSE Leap Micro 5.2 (x86_64):

      kernel-rt-5.3.18-150300.112.1
      kernel-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-debugsource-5.3.18-150300.112.1

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-rt-5.3.18-150300.112.1
      kernel-source-rt-5.3.18-150300.112.1

   - openSUSE Leap 15.3 (x86_64):

      cluster-md-kmp-rt-5.3.18-150300.112.1
      cluster-md-kmp-rt-debuginfo-5.3.18-150300.112.1
      dlm-kmp-rt-5.3.18-150300.112.1
      dlm-kmp-rt-debuginfo-5.3.18-150300.112.1
      gfs2-kmp-rt-5.3.18-150300.112.1
      gfs2-kmp-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-5.3.18-150300.112.1
      kernel-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-debugsource-5.3.18-150300.112.1
      kernel-rt-devel-5.3.18-150300.112.1
      kernel-rt-devel-debuginfo-5.3.18-150300.112.1
      kernel-rt_debug-debuginfo-5.3.18-150300.112.1
      kernel-rt_debug-debugsource-5.3.18-150300.112.1
      kernel-rt_debug-devel-5.3.18-150300.112.1
      kernel-rt_debug-devel-debuginfo-5.3.18-150300.112.1
      kernel-syms-rt-5.3.18-150300.112.1
      ocfs2-kmp-rt-5.3.18-150300.112.1
      ocfs2-kmp-rt-debuginfo-5.3.18-150300.112.1

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):

      kernel-devel-rt-5.3.18-150300.112.1
      kernel-source-rt-5.3.18-150300.112.1

   - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):

      cluster-md-kmp-rt-5.3.18-150300.112.1
      cluster-md-kmp-rt-debuginfo-5.3.18-150300.112.1
      dlm-kmp-rt-5.3.18-150300.112.1
      dlm-kmp-rt-debuginfo-5.3.18-150300.112.1
      gfs2-kmp-rt-5.3.18-150300.112.1
      gfs2-kmp-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-5.3.18-150300.112.1
      kernel-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-debugsource-5.3.18-150300.112.1
      kernel-rt-devel-5.3.18-150300.112.1
      kernel-rt-devel-debuginfo-5.3.18-150300.112.1
      kernel-rt_debug-debuginfo-5.3.18-150300.112.1
      kernel-rt_debug-debugsource-5.3.18-150300.112.1
      kernel-rt_debug-devel-5.3.18-150300.112.1
      kernel-rt_debug-devel-debuginfo-5.3.18-150300.112.1
      kernel-syms-rt-5.3.18-150300.112.1
      ocfs2-kmp-rt-5.3.18-150300.112.1
      ocfs2-kmp-rt-debuginfo-5.3.18-150300.112.1

   - SUSE Linux Enterprise Micro 5.2 (x86_64):

      kernel-rt-5.3.18-150300.112.1
      kernel-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-debugsource-5.3.18-150300.112.1

   - SUSE Linux Enterprise Micro 5.1 (x86_64):

      kernel-rt-5.3.18-150300.112.1
      kernel-rt-debuginfo-5.3.18-150300.112.1
      kernel-rt-debugsource-5.3.18-150300.112.1


References:

   https://www.suse.com/security/cve/CVE-2022-2602.html
   https://www.suse.com/security/cve/CVE-2022-28693.html
   https://www.suse.com/security/cve/CVE-2022-3567.html
   https://www.suse.com/security/cve/CVE-2022-3628.html
   https://www.suse.com/security/cve/CVE-2022-3635.html
   https://www.suse.com/security/cve/CVE-2022-3707.html
   https://www.suse.com/security/cve/CVE-2022-3903.html
   https://www.suse.com/security/cve/CVE-2022-4095.html
   https://www.suse.com/security/cve/CVE-2022-4129.html
   https://www.suse.com/security/cve/CVE-2022-4139.html
   https://www.suse.com/security/cve/CVE-2022-41850.html
   https://www.suse.com/security/cve/CVE-2022-41858.html
   https://www.suse.com/security/cve/CVE-2022-42895.html
   https://www.suse.com/security/cve/CVE-2022-42896.html
   https://www.suse.com/security/cve/CVE-2022-4378.html
   https://www.suse.com/security/cve/CVE-2022-43945.html
   https://www.suse.com/security/cve/CVE-2022-45934.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1071995
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1184350
   https://bugzilla.suse.com/1189297
   https://bugzilla.suse.com/1192761
   https://bugzilla.suse.com/1200845
   https://bugzilla.suse.com/1201455
   https://bugzilla.suse.com/1203144
   https://bugzilla.suse.com/1203746
   https://bugzilla.suse.com/1204017
   https://bugzilla.suse.com/1204142
   https://bugzilla.suse.com/1204215
   https://bugzilla.suse.com/1204241
   https://bugzilla.suse.com/1204328
   https://bugzilla.suse.com/1204446
   https://bugzilla.suse.com/1204631
   https://bugzilla.suse.com/1204636
   https://bugzilla.suse.com/1204693
   https://bugzilla.suse.com/1204780
   https://bugzilla.suse.com/1204791
   https://bugzilla.suse.com/1204810
   https://bugzilla.suse.com/1204827
   https://bugzilla.suse.com/1204850
   https://bugzilla.suse.com/1204868
   https://bugzilla.suse.com/1204934
   https://bugzilla.suse.com/1204957
   https://bugzilla.suse.com/1204963
   https://bugzilla.suse.com/1204967
   https://bugzilla.suse.com/1205128
   https://bugzilla.suse.com/1205130
   https://bugzilla.suse.com/1205186
   https://bugzilla.suse.com/1205220
   https://bugzilla.suse.com/1205329
   https://bugzilla.suse.com/1205330
   https://bugzilla.suse.com/1205428
   https://bugzilla.suse.com/1205473
   https://bugzilla.suse.com/1205514
   https://bugzilla.suse.com/1205617
   https://bugzilla.suse.com/1205671
   https://bugzilla.suse.com/1205700
   https://bugzilla.suse.com/1205705
   https://bugzilla.suse.com/1205709
   https://bugzilla.suse.com/1205753
   https://bugzilla.suse.com/1205796
   https://bugzilla.suse.com/1205984
   https://bugzilla.suse.com/1205985
   https://bugzilla.suse.com/1205986
   https://bugzilla.suse.com/1205987
   https://bugzilla.suse.com/1205988
   https://bugzilla.suse.com/1205989
   https://bugzilla.suse.com/1206032
   https://bugzilla.suse.com/1206037
   https://bugzilla.suse.com/1206207



More information about the sle-security-updates mailing list