SUSE-SU-2022:3264-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Sep 14 10:26:30 UTC 2022


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3264-1
Rating:             important
References:         #1023051 #1065729 #1156395 #1179722 #1179723 
                    #1181862 #1191662 #1191667 #1191881 #1192594 
                    #1192968 #1194272 #1194535 #1197158 #1197755 
                    #1197756 #1197757 #1197760 #1197763 #1197920 
                    #1198971 #1199291 #1200431 #1200845 #1200868 
                    #1200869 #1200870 #1200871 #1200872 #1200873 
                    #1201019 #1201420 #1201610 #1201705 #1201726 
                    #1201948 #1202096 #1202097 #1202346 #1202347 
                    #1202393 #1202396 #1202447 #1202564 #1202577 
                    #1202636 #1202672 #1202701 #1202708 #1202709 
                    #1202710 #1202711 #1202712 #1202713 #1202714 
                    #1202715 #1202716 #1202717 #1202718 #1202720 
                    #1202722 #1202745 #1202756 #1202810 #1202811 
                    #1202860 #1202895 #1202898 #1203063 #1203098 
                    #1203107 #1203116 #1203117 #1203135 #1203136 
                    #1203137 SLE-24635 
Cross-References:   CVE-2016-3695 CVE-2020-27784 CVE-2021-4155
                    CVE-2021-4203 CVE-2022-20368 CVE-2022-20369
                    CVE-2022-2588 CVE-2022-26373 CVE-2022-2663
                    CVE-2022-2905 CVE-2022-2977 CVE-2022-3028
                    CVE-2022-36879 CVE-2022-39188 CVE-2022-39190
                   
CVSS scores:
                    CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
                    CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
                    CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
                    CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
                    CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP3
                    SUSE Linux Enterprise High Availability 15-SP3
                    SUSE Linux Enterprise High Performance Computing
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Legacy Software 15-SP3
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Server
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Storage 7.1
                    SUSE Linux Enterprise Workstation Extension 15-SP3
                    SUSE Manager Proxy 4.2
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Server 4.2
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
                    openSUSE Leap Micro 5.2
______________________________________________________________________________

   An update that solves 15 vulnerabilities, contains one
   feature and has 61 fixes is now available.

Description:


   The SUSE Linux Enterprise 15 SP3 kernel was updated receive various
   security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-39190: Fixed an issue that was discovered in
     net/netfilter/nf_tables_api.c and could cause a denial of service upon
     binding to an already bound chain (bnc#1203117).
   - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
     a device driver can free a page while it still has stale TLB entries
     (bnc#1203107).
   - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
     net/xfrm/xfrm_policy.c where a refcount could be dropped twice
     (bnc#1201948).
   - CVE-2022-3028: Fixed race condition that was found in the IP framework
     for transforming packets (XFRM subsystem) (bnc#1202898).
   - CVE-2022-2977: Fixed reference counting for struct tpm_chip
     (bsc#1202672).
   - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
     descriptors (bsc#1202564, bsc#1202860).
   - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
     the message handling could be confused and incorrectly matches the
     message (bnc#1202097).
   - CVE-2022-26373: Fixed non-transparent sharing of return predictor
     targets between contexts in some Intel Processors (bnc#1201726).
   - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
   - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
     v4l2-mem2mem.c (bnc#1202347).
   - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
     (bsc#1202346).
   - CVE-2021-4203: Fixed use-after-free read flaw that was found in
     sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
     SO_PEERGROUPS race with listen() (bnc#1194535).
   - CVE-2021-4155: Fixed a data leak flaw that was found in the way
     XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
   - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()
     printer_ioctl() when accessing a deallocated instance (bnc#1202895).
   - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
     drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
     and consequently cause a denial of service (bnc#1023051).

   The following non-security bugs were fixed:

   - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
     (git-fixes).
   - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
   - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
   - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
   - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
     (git-fixes).
   - ACPI: video: Force backlight native for some TongFang devices
     (git-fixes).
   - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
   - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
   - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
     (git-fixes).
   - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
     (git-fixes).
   - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
   - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
   - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
   - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
   - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
   - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
   - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
     (git-fixes).
   - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
   - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
   - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
   - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
   - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
   - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
   - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
   - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
     (git-fixes).
   - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP
     machines (git-fixes).
   - ALSA: info: Fix llseek return value when using callback (git-fixes).
   - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
     (git-fixes).
   - ARM: 9077/1: PLT: Move struct plt_entries definition to header
     (git-fixes).
   - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
     (git-fixes).
   - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
   - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
     DYNAMIC_FTRACE (git-fixes).
   - ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
     (git-fixes).
   - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
   - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
   - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
     (git-fixes).
   - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
   - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
     (git-fixes).
   - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
   - ASoC: tas2770: Allow mono streams (git-fixes).
   - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
   - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
   - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
   - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
   - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
   - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
     (git-fixes).
   - HID: wacom: Do not register pad_input for touch switch (git-fixes).
   - HID: wacom: Only report rotation for art pen (git-fixes).
   - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
     (git-fixes).
   - Input: rk805-pwrkey - fix module autoloading (git-fixes).
   - KABI: cgroup: Restore KABI of css_set (bsc#1201610).
   - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
     irqs (bsc#1065729).
   - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
     (bsc#1156395).
   - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
     (bsc#1156395).
   - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
   - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant
     (bsc#1156395).
   - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
     (git-fixes).
   - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
     (git-fixes).
   - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
     (git-fixes).
   - KVM: x86: accept userspace interrupt only if no event is injected
     (git-fixes).
   - NFS: fix nfs_path in case of a rename retry (git-fixes).
   - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
   - NFSD: Clamp WRITE offsets (git-fixes).
   - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
   - NFSD: prevent integer overflow on 32 bit systems (git-fixes).
   - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
   - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
     (git-fixes).
   - NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
   - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
     (git-fixes).
   - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
   - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
   - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
   - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
   - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
   - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
   - PCI: hv: Make the code arch neutral by adding arch specific interfaces
     (bsc#1200845).
   - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
   - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
     (bsc#1200845).
   - PCI: qcom: Fix pipe clock imbalance (git-fixes).
   - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct
     IO compeletion") (git-fixes).
   - SUNRPC: Clean up scheduling of autoclose (git-fixes).
   - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
   - SUNRPC: Fix READ_PLUS crasher (git-fixes).
   - SUNRPC: Prevent immediate close+reconnect (git-fixes).
   - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
   - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,
     jsc#SLE-24635).
   - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC
     (bsc#1199291, jsc#SLE-24635).
   - VMCI: Fix some error handling paths in vmci_guest_probe_device()
     (bsc#1199291, jsc#SLE-24635).
   - VMCI: Release notification_bitmap in error path (bsc#1199291,
     jsc#SLE-24635).
   - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
   - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291,
     jsc#SLE-24635).
   - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
     jsc#SLE-24635).
   - VMCI: dma dg: allocate send and receive buffers for DMA datagrams
     (bsc#1199291, jsc#SLE-24635).
   - VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
     jsc#SLE-24635).
   - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
     (bsc#1199291, jsc#SLE-24635).
   - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
   - VMCI: dma dg: whitespace formatting change for vmci register defines
     (bsc#1199291, jsc#SLE-24635).
   - arm64: signal: nofpsimd: Do not allocate fp/simd context when not
     available (git-fixes).
   - asm-generic: sections: refactor memory_intersects (git-fixes).
   - ata: libata-eh: Add missing command name (git-fixes).
   - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
   - blk-iocost: clamp inuse and skip noops in __propagate_weights()
     (bsc#1202722).
   - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
   - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
   - blk-iocost: rename propagate_active_weights() to propagate_weights()
     (bsc#1202722).
   - blktrace: fix blk_rq_merge documentation (git-fixes).
   - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
   - can: m_can: process interrupt only when not runtime suspended
     (git-fixes).
   - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
   - ceph: do not truncate file in atomic_open (bsc#1202811).
   - cgroup: Trace event cgroup id fields should be u64 (git-fixes).
   - cgroup: Use separate src/dst nodes when preloading css_sets for
     migration (bsc#1201610).
   - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
   - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
   - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
   - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
   - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
   - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
   - devlink: Fix use-after-free after a failed reload (git-fixes).
   - dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
   - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
     (git-fixes).
   - dpaa2-eth: unregister the netdev before disconnecting from the PHY
     (git-fixes).
   - driver core: Do not probe devices after bus_type.match() probe deferral
     (git-fixes).
   - drm/amdgpu: Check BO's requested pinning domains against its
     preferred_domains (git-fixes).
   - drm/amdgpu: remove useless condition in
     amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
   - drm/gem: Properly annotate WW context on drm_gem_lock_reservations()
     error (git-fixes).
   - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
     (git-fixes).
   - drm/meson: Fix overflow implicit truncation warnings (git-fixes).
   - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
     (git-fixes).
   - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
   - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
   - drm/msm/dsi: fix the inconsistent indenting (git-fixes).
   - drm/sun4i: dsi: Prevent underflow when computing packet sizes
     (git-fixes).
   - ehea: fix error return code in ehea_restart_qps() (git-fixes).
   - enetc: Fix endianness issues for enetc_qos (git-fixes).
   - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
     (git-fixes).
   - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
   - ext4: add reserved GDT blocks check (bsc#1202712).
   - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
   - ext4: do not use the orphan list when migrating an inode (bsc#1197756).
   - ext4: fix bug_on in ext4_writepages (bsc#1200872).
   - ext4: fix error handling code in add_new_gdb (bsc#1179722).
   - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
   - ext4: fix invalid inode checksum (bsc#1179723).
   - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
   - ext4: fix overhead calculation to account for the reserved gdt blocks
     (bsc#1200869).
   - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
   - ext4: fix race when reusing xattr blocks (bsc#1198971).
   - ext4: fix symlink file size not match to file content (bsc#1200868).
   - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
   - ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
   - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
   - ext4: force overhead calculation if the s_overhead_cluster makes no
     sense (bsc#1200870).
   - ext4: recover csum seed of tmp_inode after migrating to extents
     (bsc#1202713).
   - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
   - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
   - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
   - firmware: tegra: bpmp: Do only aligned access to IPC memory area
     (git-fixes).
   - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped
     pages (bsc#1200873).
   - fuse: Remove the control interface for virtio-fs (bsc#1203137).
   - fuse: ioctl: translate ENOSYS (bsc#1203136).
   - fuse: limit nsec (bsc#1203135).
   - gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
   - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
   - geneve: fix TOS inheriting for ipv4 (git-fixes).
   - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
   - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info
     (bsc#1202701).
   - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
   - i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
   - ice: report supported and advertised autoneg using PHY capabilities
     (git-fixes).
   - ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
   - iio: adc: mcp3911: make use of the sign bit (git-fixes).
   - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
   - intel_th: pci: Add Meteor Lake-P support (git-fixes).
   - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
   - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
   - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
     (git-fixes).
   - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
     (git-fixes).
   - iommu/exynos: Handle failed IOMMU device registration properly
     (git-fixes).
   - iommu/iova: Improve 32-bit free space estimate (git-fixes).
   - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
   - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
   - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
   - iommu/omap: Fix regression in probe for NULL pointer dereference
     (git-fixes).
   - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
   - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
   - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
   - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
     (git-fixes).
   - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
   - ipmi: ssif: initialize ssif_info->client early (git-fixes).
   - ixgbevf: add correct exception tracing for XDP (git-fixes).
   - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
     aborted (bsc#1202716).
   - jbd2: fix outstanding credits assert in
     jbd2_journal_commit_transaction() (bsc#1202715).
   - kabi/severities: add stmmac driver local sumbols
   - kbuild: do not create built-in objects for external module builds
     (jsc#SLE-24559 bsc#1202756).
   - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
     git-fixes).
   - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
   - kernel-obs-build: include qemu_fw_cfg (boo#1201705)
   - kfifo: fix kfifo_to_user() return type (git-fixes).
   - kfifo: fix ternary sign extension bugs (git-fixes).
   - lib/list_debug.c: Detect uninitialized lists (git-fixes).
   - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
     (git-fixes).
   - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
     ZDI-CAN-17325).
   - list: add "list_del_init_careful()" to go with "list_empty_careful()"
     (bsc#1202745).
   - locking/lockdep: Avoid potential access of invalid memory in lock_class
     (git-fixes).
   - loop: Fix missing discard support when using LOOP_CONFIGURE
     (bsc#1202718).
   - mbcache: add functions to delete entry if unused (bsc#1198971).
   - mbcache: do not reclaim used entries (bsc#1198971).
   - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
   - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
   - mfd: t7l66xb: Drop platform disable callback (git-fixes).
   - misc: fastrpc: fix memory corruption on open (git-fixes).
   - misc: fastrpc: fix memory corruption on probe (git-fixes).
   - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
     (git-fixes, bsc#1203098).
   - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
   - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
   - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
   - mmc: pxamci: Fix another error handling path in pxamci_probe()
     (git-fixes).
   - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
     (git-fixes).
   - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
   - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
   - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
   - mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
   - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
     (git-fixes).
   - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
     (git-fixes).
   - net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
   - net/sonic: Fix a resource leak in an error handling path in
     'jazz_sonic_probe()' (git-fixes).
   - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
   - net: cpsw: Properly initialise struct page_pool_params (git-fixes).
   - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
   - net: davinci_emac: Fix incorrect masking of tx and rx error channel
     (git-fixes).
   - net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes).
   - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
   - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
   - net: enetc: Use pci_release_region() to release some resources
     (git-fixes).
   - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
   - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
   - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
   - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
   - net: ethernet: ezchip: fix error handling (git-fixes).
   - net: ethernet: ezchip: remove redundant check (git-fixes).
   - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
   - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
     (git-fixes).
   - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
   - net: fec_ptp: add clock rate zero check (git-fixes).
   - net: ftgmac100: Fix crash when removing driver (git-fixes).
   - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
   - net: hns: Fix kernel-doc (git-fixes).
   - net: lantiq: fix memory corruption in RX ring (git-fixes).
   - net: lapbether: Prevent racing when checking whether the netif is
     running (git-fixes).
   - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
   - net: mscc: ocelot: correctly report the timestamping RX filters in
     ethtool (git-fixes).
   - net: mscc: ocelot: do not downgrade timestamping RX filters in
     SIOCSHWTSTAMP (git-fixes).
   - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
   - net: netcp: Fix an error message (git-fixes).
   - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
   - net: rose: fix netdev reference changes (git-fixes).
   - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
     pointer (git-fixes).
   - net: stmicro: handle clk_prepare() failure during init (git-fixes).
   - net: stmmac: Modify configuration method of EEE timers (git-fixes).
   - net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
   - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
   - net: stmmac: dwmac1000: Fix extended MAC address registers definition
     (git-fixes).
   - net: vmxnet3: fix possible NULL pointer dereference in
     vmxnet3_rq_cleanup() (bsc#1200431).
   - net: vmxnet3: fix possible use-after-free bugs in
     vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
   - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
     (bsc#1200431).
   - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
     (git-fixes).
   - net:enetc: allocate CBD ring data memory using DMA coherent methods
     (git-fixes).
   - net_sched: cls_route: disallow handle of 0 (bsc#1202393).
   - nfsd: fix use-after-free due to delegation race (git-fixes).
   - nvme: fix RCU hole that allowed for endless looping in multipath round
     robin (bsc#1202636).
   - objtool: Add support for intra-function calls (bsc#1202396).
   - objtool: Make handle_insn_ops() unconditional (bsc#1202396).
   - objtool: Remove INSN_STACK (bsc#1202396).
   - objtool: Rework allocating stack_ops on decode (bsc#1202396).
   - objtool: Support multiple stack_op per instruction (bsc#1202396).
   - ocfs2: drop acl cache for directories too (bsc#1191667).
   - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
   - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
   - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
   - perf bench: Share some global variables to fix build with gcc 10
     (git-fixes).
   - pinctrl/rockchip: fix gpio device creation (git-fixes).
   - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
     (git-fixes).
   - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
   - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
   - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
   - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for
     PMI check in power_pmu_disable (bsc#1156395).
   - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
   - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
   - powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
   - powerpc/powernv: delay rng platform device creation until later in boot
     (bsc#1065729).
   - powerpc/powernv: rename remaining rng powernv_ functions to pnv_
     (bsc#1065729).
   - powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
   - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
   - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
   - powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
   - powerpc: define get_cycles macro for arch-override (bsc#1065729).
   - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
   - profiling: fix shift too large makes kernel panic (git-fixes).
   - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
   - random: fix crash on multiple early calls to add_bootloader_randomness()
     (git-fixes).
   - ratelimit: Fix data-races in ___ratelimit() (git-fixes).
   - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
     (bsc#1202714).
   - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
     (git-fixes).
   - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
   - s390/crash: fix incorrect number of bytes to copy to user space
     (git-fixes).
   - s390/crash: make copy_oldmem_page() return number of bytes copied
     (git-fixes).
   - s390/mm: do not trigger write fault when vma does not allow VM_WRITE
     (git-fixes).
   - s390/mm: fix 2KB pgtable release race (git-fixes).
   - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594
     LTC#197522).
   - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
     (bsc#1203063).
   - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
   - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
   - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
     GFT_ID (bsc#1203063).
   - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT
     discovery (bsc#1203063).
   - scsi: lpfc: Remove SANDiags related code (bsc#1203063).
   - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
   - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
   - selftests: futex: Use variable MAKE instead of make (git-fixes).
   - serial: 8250_dw: Store LSR into lsr_saved_flags in
     dw8250_tx_wait_empty() (git-fixes).
   - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
   - serial: mvebu-uart: uart2 error bits clearing (git-fixes).
   - serial: tegra: Change lower tolerance baud rate limit for tegra20 and
     tegra30 (git-fixes).
   - silence nfscache allocation warnings with kvzalloc (git-fixes).
   - spi: Fix incorrect cs_setup delay handling (git-fixes).
   - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
   - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
   - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
     (git-fixes).
   - staging: rtl8712: fix use after free bugs (git-fixes).
   - tee: optee: Fix incorrect page free bug (git-fixes).
   - thermal: Fix NULL pointer dereferences in of_thermal_ functions
     (git-fixes).
   - thermal: sysfs: Fix cooling_device_stats_setup() error code path
     (git-fixes).
   - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
   - tools/thermal: Fix possible path truncations (git-fixes).
   - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
   - tracing/histograms: Fix memory leak problem (git-fixes).
   - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
   - tracing: Add ustring operation to filtering string pointers (git-fixes).
   - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
   - tty: serial: lpuart: disable flow control while waiting for the transmit
     engine to complete (git-fixes).
   - tty: vt: initialize unicode screen buffer (git-fixes).
   - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
   - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
   - usb: dwc3: ep0: Fix delay status handling (git-fixes).
   - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
   - usb: dwc3: gadget: Fix IN endpoint max packet size allocation
     (git-fixes).
   - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
   - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
   - usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
   - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
     (git-fixes).
   - usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
   - usb: dwc3: qcom: fix missing optional irq warnings.
   - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
     (git-fixes).
   - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
   - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
   - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
     uvcg_info (git-fixes).
   - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
   - usb: renesas: Fix refcount leak bug (git-fixes).
   - usb: typec: altmodes/displayport: correct pin assignment for UFP
     receptacles (git-fixes).
   - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
   - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
   - vboxguest: Do not use devm for irq (git-fixes).
   - vfio/ccw: Remove UUID from s390 debug log (git-fixes).
   - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
   - video: fbdev: arkfb: Check the size of screen before memset_io()
     (git-fixes).
   - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
     (git-fixes).
   - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
   - video: fbdev: s3fb: Check the size of screen before memset_io()
     (git-fixes).
   - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
   - video: fbdev: vt8623fb: Check the size of screen before memset_io()
     (git-fixes).
   - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
   - vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
   - vmxnet3: Record queue number to incoming packets (bsc#1200431).
   - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
   - vmxnet3: add command to set ring buffer sizes (bsc#1200431).
   - vmxnet3: add support for capability registers (bsc#1200431).
   - vmxnet3: add support for large passthrough BAR register (bsc#1200431).
   - vmxnet3: add support for out of order rx completion (bsc#1200431).
   - vmxnet3: disable overlay offloads if UPT device does not support
     (bsc#1200431).
   - vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
   - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
   - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
   - vmxnet3: prepare for version 7 changes (bsc#1200431).
   - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
   - vmxnet3: update to version 7 (bsc#1200431).
   - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
   - vsock: Fix memory leak in vsock_connect() (git-fixes).
   - vsock: Set socket state back to SS_UNCONNECTED in
     vsock_connect_timeout() (git-fixes).
   - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
     armada_37xx_wdt_probe() (git-fixes).
   - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
     (git-fixes).
   - wifi: mac80211: Do not finalize CSA in IBSS mode if state is
     disconnected (git-fixes).
   - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
   - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
   - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
   - x86/olpc: fix 'logical not is only applied to the left hand side'
     (git-fixes).
   - xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
   - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
   - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
   - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
   - xfs: mark a data structure sick if there are cross-referencing errors
     (git-fixes).
   - xfs: only reset incore inode health state flags when reclaiming an inode
     (git-fixes).
   - xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
   - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
   - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap Micro 5.2:

      zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3264=1

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-3264=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-3264=1

   - SUSE Linux Enterprise Workstation Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3264=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3264=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3264=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3264=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3264=1

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3264=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3264=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3264=1



Package List:

   - openSUSE Leap Micro 5.2 (aarch64 x86_64):

      kernel-default-5.3.18-150300.59.93.1
      kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1

   - openSUSE Leap 15.4 (aarch64):

      dtb-al-5.3.18-150300.59.93.1
      dtb-zte-5.3.18-150300.59.93.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150300.59.93.1
      cluster-md-kmp-default-debuginfo-5.3.18-150300.59.93.1
      dlm-kmp-default-5.3.18-150300.59.93.1
      dlm-kmp-default-debuginfo-5.3.18-150300.59.93.1
      gfs2-kmp-default-5.3.18-150300.59.93.1
      gfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-5.3.18-150300.59.93.1
      kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
      kernel-default-base-rebuild-5.3.18-150300.59.93.1.150300.18.54.1
      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1
      kernel-default-devel-5.3.18-150300.59.93.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.93.1
      kernel-default-extra-5.3.18-150300.59.93.1
      kernel-default-extra-debuginfo-5.3.18-150300.59.93.1
      kernel-default-livepatch-5.3.18-150300.59.93.1
      kernel-default-livepatch-devel-5.3.18-150300.59.93.1
      kernel-default-optional-5.3.18-150300.59.93.1
      kernel-default-optional-debuginfo-5.3.18-150300.59.93.1
      kernel-obs-build-5.3.18-150300.59.93.1
      kernel-obs-build-debugsource-5.3.18-150300.59.93.1
      kernel-obs-qa-5.3.18-150300.59.93.1
      kernel-syms-5.3.18-150300.59.93.1
      kselftests-kmp-default-5.3.18-150300.59.93.1
      kselftests-kmp-default-debuginfo-5.3.18-150300.59.93.1
      ocfs2-kmp-default-5.3.18-150300.59.93.1
      ocfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
      reiserfs-kmp-default-5.3.18-150300.59.93.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.93.1

   - openSUSE Leap 15.3 (ppc64le x86_64):

      kernel-debug-5.3.18-150300.59.93.1
      kernel-debug-debuginfo-5.3.18-150300.59.93.1
      kernel-debug-debugsource-5.3.18-150300.59.93.1
      kernel-debug-devel-5.3.18-150300.59.93.1
      kernel-debug-devel-debuginfo-5.3.18-150300.59.93.1
      kernel-debug-livepatch-devel-5.3.18-150300.59.93.1
      kernel-kvmsmall-5.3.18-150300.59.93.1
      kernel-kvmsmall-debuginfo-5.3.18-150300.59.93.1
      kernel-kvmsmall-debugsource-5.3.18-150300.59.93.1
      kernel-kvmsmall-devel-5.3.18-150300.59.93.1
      kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.93.1
      kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.93.1

   - openSUSE Leap 15.3 (aarch64 x86_64):

      cluster-md-kmp-preempt-5.3.18-150300.59.93.1
      cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
      dlm-kmp-preempt-5.3.18-150300.59.93.1
      dlm-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
      gfs2-kmp-preempt-5.3.18-150300.59.93.1
      gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-5.3.18-150300.59.93.1
      kernel-preempt-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-debugsource-5.3.18-150300.59.93.1
      kernel-preempt-devel-5.3.18-150300.59.93.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-extra-5.3.18-150300.59.93.1
      kernel-preempt-extra-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-livepatch-devel-5.3.18-150300.59.93.1
      kernel-preempt-optional-5.3.18-150300.59.93.1
      kernel-preempt-optional-debuginfo-5.3.18-150300.59.93.1
      kselftests-kmp-preempt-5.3.18-150300.59.93.1
      kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
      ocfs2-kmp-preempt-5.3.18-150300.59.93.1
      ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
      reiserfs-kmp-preempt-5.3.18-150300.59.93.1
      reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.93.1

   - openSUSE Leap 15.3 (aarch64):

      cluster-md-kmp-64kb-5.3.18-150300.59.93.1
      cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
      dlm-kmp-64kb-5.3.18-150300.59.93.1
      dlm-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
      dtb-al-5.3.18-150300.59.93.1
      dtb-allwinner-5.3.18-150300.59.93.1
      dtb-altera-5.3.18-150300.59.93.1
      dtb-amd-5.3.18-150300.59.93.1
      dtb-amlogic-5.3.18-150300.59.93.1
      dtb-apm-5.3.18-150300.59.93.1
      dtb-arm-5.3.18-150300.59.93.1
      dtb-broadcom-5.3.18-150300.59.93.1
      dtb-cavium-5.3.18-150300.59.93.1
      dtb-exynos-5.3.18-150300.59.93.1
      dtb-freescale-5.3.18-150300.59.93.1
      dtb-hisilicon-5.3.18-150300.59.93.1
      dtb-lg-5.3.18-150300.59.93.1
      dtb-marvell-5.3.18-150300.59.93.1
      dtb-mediatek-5.3.18-150300.59.93.1
      dtb-nvidia-5.3.18-150300.59.93.1
      dtb-qcom-5.3.18-150300.59.93.1
      dtb-renesas-5.3.18-150300.59.93.1
      dtb-rockchip-5.3.18-150300.59.93.1
      dtb-socionext-5.3.18-150300.59.93.1
      dtb-sprd-5.3.18-150300.59.93.1
      dtb-xilinx-5.3.18-150300.59.93.1
      dtb-zte-5.3.18-150300.59.93.1
      gfs2-kmp-64kb-5.3.18-150300.59.93.1
      gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
      kernel-64kb-5.3.18-150300.59.93.1
      kernel-64kb-debuginfo-5.3.18-150300.59.93.1
      kernel-64kb-debugsource-5.3.18-150300.59.93.1
      kernel-64kb-devel-5.3.18-150300.59.93.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.93.1
      kernel-64kb-extra-5.3.18-150300.59.93.1
      kernel-64kb-extra-debuginfo-5.3.18-150300.59.93.1
      kernel-64kb-livepatch-devel-5.3.18-150300.59.93.1
      kernel-64kb-optional-5.3.18-150300.59.93.1
      kernel-64kb-optional-debuginfo-5.3.18-150300.59.93.1
      kselftests-kmp-64kb-5.3.18-150300.59.93.1
      kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
      ocfs2-kmp-64kb-5.3.18-150300.59.93.1
      ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
      reiserfs-kmp-64kb-5.3.18-150300.59.93.1
      reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.93.1

   - openSUSE Leap 15.3 (noarch):

      kernel-devel-5.3.18-150300.59.93.1
      kernel-docs-5.3.18-150300.59.93.1
      kernel-docs-html-5.3.18-150300.59.93.1
      kernel-macros-5.3.18-150300.59.93.1
      kernel-source-5.3.18-150300.59.93.1
      kernel-source-vanilla-5.3.18-150300.59.93.1

   - openSUSE Leap 15.3 (s390x):

      kernel-zfcpdump-5.3.18-150300.59.93.1
      kernel-zfcpdump-debuginfo-5.3.18-150300.59.93.1
      kernel-zfcpdump-debugsource-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1
      kernel-default-extra-5.3.18-150300.59.93.1
      kernel-default-extra-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-debugsource-5.3.18-150300.59.93.1
      kernel-preempt-extra-5.3.18-150300.59.93.1
      kernel-preempt-extra-debuginfo-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1
      kernel-default-livepatch-5.3.18-150300.59.93.1
      kernel-default-livepatch-devel-5.3.18-150300.59.93.1
      kernel-livepatch-5_3_18-150300_59_93-default-1-150300.7.3.1

   - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1
      reiserfs-kmp-default-5.3.18-150300.59.93.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-5.3.18-150300.59.93.1
      kernel-obs-build-debugsource-5.3.18-150300.59.93.1
      kernel-syms-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):

      kernel-preempt-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-debugsource-5.3.18-150300.59.93.1
      kernel-preempt-devel-5.3.18-150300.59.93.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):

      kernel-docs-5.3.18-150300.59.93.1
      kernel-source-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-150300.59.93.1
      kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1
      kernel-default-devel-5.3.18-150300.59.93.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):

      kernel-preempt-5.3.18-150300.59.93.1
      kernel-preempt-debuginfo-5.3.18-150300.59.93.1
      kernel-preempt-debugsource-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):

      kernel-64kb-5.3.18-150300.59.93.1
      kernel-64kb-debuginfo-5.3.18-150300.59.93.1
      kernel-64kb-debugsource-5.3.18-150300.59.93.1
      kernel-64kb-devel-5.3.18-150300.59.93.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):

      kernel-devel-5.3.18-150300.59.93.1
      kernel-macros-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):

      kernel-zfcpdump-5.3.18-150300.59.93.1
      kernel-zfcpdump-debuginfo-5.3.18-150300.59.93.1
      kernel-zfcpdump-debugsource-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):

      kernel-default-5.3.18-150300.59.93.1
      kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):

      kernel-default-5.3.18-150300.59.93.1
      kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150300.59.93.1
      cluster-md-kmp-default-debuginfo-5.3.18-150300.59.93.1
      dlm-kmp-default-5.3.18-150300.59.93.1
      dlm-kmp-default-debuginfo-5.3.18-150300.59.93.1
      gfs2-kmp-default-5.3.18-150300.59.93.1
      gfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debuginfo-5.3.18-150300.59.93.1
      kernel-default-debugsource-5.3.18-150300.59.93.1
      ocfs2-kmp-default-5.3.18-150300.59.93.1
      ocfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1


References:

   https://www.suse.com/security/cve/CVE-2016-3695.html
   https://www.suse.com/security/cve/CVE-2020-27784.html
   https://www.suse.com/security/cve/CVE-2021-4155.html
   https://www.suse.com/security/cve/CVE-2021-4203.html
   https://www.suse.com/security/cve/CVE-2022-20368.html
   https://www.suse.com/security/cve/CVE-2022-20369.html
   https://www.suse.com/security/cve/CVE-2022-2588.html
   https://www.suse.com/security/cve/CVE-2022-26373.html
   https://www.suse.com/security/cve/CVE-2022-2663.html
   https://www.suse.com/security/cve/CVE-2022-2905.html
   https://www.suse.com/security/cve/CVE-2022-2977.html
   https://www.suse.com/security/cve/CVE-2022-3028.html
   https://www.suse.com/security/cve/CVE-2022-36879.html
   https://www.suse.com/security/cve/CVE-2022-39188.html
   https://www.suse.com/security/cve/CVE-2022-39190.html
   https://bugzilla.suse.com/1023051
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1156395
   https://bugzilla.suse.com/1179722
   https://bugzilla.suse.com/1179723
   https://bugzilla.suse.com/1181862
   https://bugzilla.suse.com/1191662
   https://bugzilla.suse.com/1191667
   https://bugzilla.suse.com/1191881
   https://bugzilla.suse.com/1192594
   https://bugzilla.suse.com/1192968
   https://bugzilla.suse.com/1194272
   https://bugzilla.suse.com/1194535
   https://bugzilla.suse.com/1197158
   https://bugzilla.suse.com/1197755
   https://bugzilla.suse.com/1197756
   https://bugzilla.suse.com/1197757
   https://bugzilla.suse.com/1197760
   https://bugzilla.suse.com/1197763
   https://bugzilla.suse.com/1197920
   https://bugzilla.suse.com/1198971
   https://bugzilla.suse.com/1199291
   https://bugzilla.suse.com/1200431
   https://bugzilla.suse.com/1200845
   https://bugzilla.suse.com/1200868
   https://bugzilla.suse.com/1200869
   https://bugzilla.suse.com/1200870
   https://bugzilla.suse.com/1200871
   https://bugzilla.suse.com/1200872
   https://bugzilla.suse.com/1200873
   https://bugzilla.suse.com/1201019
   https://bugzilla.suse.com/1201420
   https://bugzilla.suse.com/1201610
   https://bugzilla.suse.com/1201705
   https://bugzilla.suse.com/1201726
   https://bugzilla.suse.com/1201948
   https://bugzilla.suse.com/1202096
   https://bugzilla.suse.com/1202097
   https://bugzilla.suse.com/1202346
   https://bugzilla.suse.com/1202347
   https://bugzilla.suse.com/1202393
   https://bugzilla.suse.com/1202396
   https://bugzilla.suse.com/1202447
   https://bugzilla.suse.com/1202564
   https://bugzilla.suse.com/1202577
   https://bugzilla.suse.com/1202636
   https://bugzilla.suse.com/1202672
   https://bugzilla.suse.com/1202701
   https://bugzilla.suse.com/1202708
   https://bugzilla.suse.com/1202709
   https://bugzilla.suse.com/1202710
   https://bugzilla.suse.com/1202711
   https://bugzilla.suse.com/1202712
   https://bugzilla.suse.com/1202713
   https://bugzilla.suse.com/1202714
   https://bugzilla.suse.com/1202715
   https://bugzilla.suse.com/1202716
   https://bugzilla.suse.com/1202717
   https://bugzilla.suse.com/1202718
   https://bugzilla.suse.com/1202720
   https://bugzilla.suse.com/1202722
   https://bugzilla.suse.com/1202745
   https://bugzilla.suse.com/1202756
   https://bugzilla.suse.com/1202810
   https://bugzilla.suse.com/1202811
   https://bugzilla.suse.com/1202860
   https://bugzilla.suse.com/1202895
   https://bugzilla.suse.com/1202898
   https://bugzilla.suse.com/1203063
   https://bugzilla.suse.com/1203098
   https://bugzilla.suse.com/1203107
   https://bugzilla.suse.com/1203116
   https://bugzilla.suse.com/1203117
   https://bugzilla.suse.com/1203135
   https://bugzilla.suse.com/1203136
   https://bugzilla.suse.com/1203137



More information about the sle-security-updates mailing list