SUSE-SU-2023:1802-1: important: Security update for the Linux Kernel

sle-security-updates at sle-security-updates at
Mon Apr 10 12:31:54 UTC 2023

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:1802-1  
Rating: important  

  * #1065729
  * #1109158
  * #1189998
  * #1193629
  * #1194869
  * #1198400
  * #1203200
  * #1206552
  * #1207168
  * #1207185
  * #1207574
  * #1208602
  * #1208815
  * #1208902
  * #1209052
  * #1209118
  * #1209256
  * #1209290
  * #1209292
  * #1209366
  * #1209532
  * #1209547
  * #1209556
  * #1209600
  * #1209634
  * #1209635
  * #1209636
  * #1209681
  * #1209684
  * #1209779
  * #1209788
  * #1209798
  * #1209799
  * #1209804
  * #1209805
  * #1210050


  * CVE-2017-5753
  * CVE-2022-4744
  * CVE-2023-0394
  * CVE-2023-1281
  * CVE-2023-1513
  * CVE-2023-1582
  * CVE-2023-1637
  * CVE-2023-1652
  * CVE-2023-28327
  * CVE-2023-28464
  * CVE-2023-28466

CVSS scores:

  * CVE-2017-5753 ( SUSE ):  7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( NVD ):  5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2022-4744 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-4744 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-0394 ( SUSE ):  6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-0394 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1281 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1281 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1513 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-1513 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-1637 ( SUSE ):  4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
  * CVE-2023-1637 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-1652 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1652 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-28327 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-28464 ( SUSE ):  4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2023-28464 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28466 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28466 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

  * openSUSE Leap 15.4
  * Public Cloud Module 15-SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

An update that solves 11 vulnerabilities and has 25 fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
  * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
    escalation in TUN/TAP device driver functionality (bsc#1209635).
  * CVE-2023-0394: Fixed NULL pointer dereference that could lead to a system
    crash in rawv6_push_pending_frames in net/ipv6/raw.c (bsc#1207168).
  * CVE-2023-1281: Fixed use after free that could lead to privilege escalation
    in tcindex (bsc#1209634).
  * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
    structure that could be copied to userspace, causing an information leak
  * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
  * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to
    CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
  * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information
    leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
  * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
  * CVE-2023-28464: Fixed user-after-free that could lead to privilege
    escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
  * CVE-2023-28466: Fixed race condition that could lead to use-after-free or
    NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c

The following non-security bugs were fixed:

  * ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-
  * ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
  * ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
  * ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
  * ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
  * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-
  * ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
  * ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
  * ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
  * ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
  * ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
  * ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
  * Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
  * Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-
  * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished
    work (git-fixes).
  * Fix error path in pci-hyperv to unlock the mutex state_lock
  * HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-
  * HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-
  * Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
  * KVM: x86: fix sending PV IPI (git-fixes).
  * Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
  * NFSv4: Fix hangs when recovering open state after a server reboot (git-
  * PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
  * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
  * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
  * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
  * PCI: hv: Use async probing to reduce boot time (bsc#1207185).
  * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
  * Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments"
  * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
  * Revert "Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments"
  * Revert "Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)
  * Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)
  * USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
  * USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
  * USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-
  * USB: chipdea: core: fix return -EINVAL if request role is the same with
    current role (git-fixes).
  * USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
  * USB: dwc3: Fix a typo in field name (git-fixes).
  * USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC
  * USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-
  * USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-
  * USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-
  * USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-
  * USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
  * USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: typec: tcpm: fix warning when handle discover_identity message (git-
  * USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
  * USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
  * arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
  * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
  * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
  * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
  * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
  * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
  * arm64: dts: imx8mp: correct usb clocks (git-fixes)
  * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
  * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
  * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
  * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
  * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-
  * ca8210: fix mac_len negative array access (git-fixes).
  * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
  * cifs: Fix smb2_set_path_size() (git-fixes).
  * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
  * cifs: append path to open_enter trace event (bsc#1193629).
  * cifs: avoid race conditions with parallel reconnects (bsc#1193629).
  * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
  * cifs: check only tcon status on tcon related functions (bsc#1193629).
  * cifs: do not poll server interfaces too regularly (bsc#1193629).
  * cifs: dump pending mids for all channels in DebugData (bsc#1193629).
  * cifs: empty interface list when server does not support query interfaces
  * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
  * cifs: fix dentry lookups in directory handle cache (bsc#1193629).
  * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
  * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
  * cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
  * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
  * cifs: lock chan_lock outside match_session (bsc#1193629).
  * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
  * cifs: print session id while listing open files (bsc#1193629).
  * cifs: return DFS root session id in DebugData (bsc#1193629).
  * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
  * cifs: use DFS root session instead of tcon ses (bsc#1193629).
  * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
  * drivers/base: fix userspace break from using bin_attributes for cpumap and
    cpulist (bsc#1208815).
  * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-
  * drm/amdkfd: Fix an illegal memory access (git-fixes).
  * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
  * drm/i915/active: Fix missing debug object activation (git-fixes).
  * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-
  * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip
  * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area
  * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch
    enabled (git-fixes).
  * drm/i915/display: clean up comments (git-fixes).
  * drm/i915/gt: perform uc late init after probe error injection (git-fixes).
  * drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
  * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
  * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
  * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
  * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
  * drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
  * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
  * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-
  * firmware: arm_scmi: Fix device node validation for mailbox transport (git-
  * hwmon: fix potential sensor registration fail if of_node is missing (git-
  * i2c: hisi: Only use the completion interrupt to finish the transfer (git-
  * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
  * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-
  * kABI: x86/msr: Remove .fixup usage (kabi).
  * kconfig: Update config changed flag before calling callback (git-fixes).
  * lan78xx: Add missing return code checks (git-fixes).
  * lan78xx: Fix exception on link speed change (git-fixes).
  * lan78xx: Fix memory allocation bug (git-fixes).
  * lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
  * lan78xx: Fix race condition in disconnect handling (git-fixes).
  * lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
  * lan78xx: Fix white space and style issues (git-fixes).
  * lan78xx: Remove unused pause frame queue (git-fixes).
  * lan78xx: Remove unused timer (git-fixes).
  * lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
  * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
  * locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998
    (PREEMPT_RT prerequisite backports), bsc#1206552).
  * mm: memcg: fix swapcached stat accounting (bsc#1209804).
  * mmc: atmel-mci: fix race between stop command and start of next command
  * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
  * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-
  * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
  * net: phy: Ensure state transitions are processed from phy_stop() (git-
  * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
  * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
  * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
  * net: qcom/emac: Fix use after free bug in emac_remove due to race condition
  * net: usb: asix: remove redundant assignment to variable reg (git-fixes).
  * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
  * net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
  * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
  * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
  * net: usb: use eth_hw_addr_set() (git-fixes).
  * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
  * nvme-tcp: always fail a request when sending it failed (bsc#1208902).
  * pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
  * pinctrl: at91-pio4: fix domain name assignment (git-fixes).
  * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
  * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-
  * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
  * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
  * platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
  * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth()
  * platform/x86: think-lmi: Opcode support (bsc#1210050).
  * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
  * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit
  * platform/x86: think-lmi: Use min_t() for comparison and assignment
  * platform/x86: think-lmi: add debug_cmd (bsc#1210050).
  * platform/x86: think-lmi: add missing type attribute (git-fixes).
  * platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
  * platform/x86: think-lmi: only display possible_values if available (git-
  * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
  * platform/x86: thinkpad-acpi: Add support for automatic mode transitions
  * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems
  * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
  * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV
  * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs
  * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of
    laptops (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen)
  * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper
  * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs
  * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan
  * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
  * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
  * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups
  * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
  * platform/x86: thinkpad_acpi: Do not use test_bit on an integer
  * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type
  * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup
  * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource
  * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err
    variable (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD
    platforms (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode
  * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms
  * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some
    models (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the
    wrong place (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting
  * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255
  * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles
    only once (bsc#1210050).
  * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead
    of 1 (bsc#1210050).
  * platform/x86: thinkpad_acpi: Properly indent code in
    tpacpi_dytc_profile_init() (bsc#1210050).
  * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init
  * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init()
  * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered
    flag (bsc#1210050).
  * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and
    hotkey_radio_sw sysfs-attr (bsc#1210050).
  * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
  * platform/x86: thinkpad_acpi: Switch to common use of attributes
  * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
  * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
  * platform/x86: thinkpad_acpi: consistently check fan_get_status return
  * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms
  * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes
    not device attrs (bsc#1210050).
  * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
  * power: supply: da9150: Fix use after free bug in da9150_charger_remove due
    to race condition (git-fixes).
  * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
    switch (bsc#1194869).
  * powerpc/btext: add missing of_node_put (bsc#1065729).
  * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
  * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
  * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
  * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
  * powerpc/kexec_file: fix implicit decl error (bsc#1194869).
  * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
  * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
  * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158
    ltc#169177 git-fixes).
  * powerpc/pseries/lparcfg: add missing RTAS retry status handling
  * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
  * powerpc/ Define RUNTIME_DISCARD_EXIT (bsc#1194869).
  * powerpc/ Do not discard .comment (bsc#1194869).
  * powerpc/ Do not discard .rela* for relocatable builds
  * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
  * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
  * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
  * regulator: Handle deferred clk (git-fixes).
  * remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185).
  * rpm/ Disable DT build. This setting has been ignored for non-
    default variants so far.
  * rpm/ increase the disk size for armv6/7 to 24GB It grows and
    the build fails recently on SLE15-SP4/5.
  * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
  * s390/dasd: fix no record found for raw_track_access (bsc#1207574).
  * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
  * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
  * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
  * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292
    bsc#1209684 bsc#1209556).
  * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    (bsc#1208602, git-fixes).
  * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-
  * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-
  * serial: fsl_lpuart: Fix comment typo (git-fixes).
  * smb3: fix unusable share after force unmount failure (bsc#1193629).
  * smb3: lower default deferred close timeout to address perf regression
  * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
  * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
  * thunderbolt: Disable interrupt auto clear for rings (git-fixes).
  * thunderbolt: Rename shadowed variables bit to interrupt_bit and
    auto_clear_bit (git-fixes).
  * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
  * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
  * tty: serial: fsl_lpuart: skip waiting for transmission complete when
    UARTCTRL_SBK is asserted (git-fixes).
  * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
  * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-
  * wifi: mac80211: fix qos on mesh interfaces (git-fixes).
  * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
  * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states
  * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  * x86/fpu: Cache xfeature flags from CPUID (git-fixes).
  * x86/fpu: Remove unused supervisor only offsets (git-fixes).
  * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
  * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
  * x86/mce: Allow instrumentation during task work queueing (git-fixes).
  * x86/mce: Mark mce_end() noinstr (git-fixes).
  * x86/mce: Mark mce_panic() noinstr (git-fixes).
  * x86/mce: Mark mce_read_aux() noinstr (git-fixes).
  * x86/mm: Flush global TLB when switching to trampoline page-table (git-
  * x86/msr: Remove .fixup usage (git-fixes).
  * x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
  * x86/sgx: Silence softlockup detection when releasing large enclaves (git-
  * x86/uaccess: Move variable into switch case statement (git-fixes).
  * x86: Annotate call_on_stack() (git-fixes).
  * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
  * xfs: convert ptag flags to unsigned (git-fixes).
  * xfs: do not assert fail on perag references on teardown (git-fixes).
  * xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
  * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
  * xfs: remove xfs_setattr_time() declaration (git-fixes).
  * xfs: zero inode fork buffer at allocation (git-fixes).
  * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-1802=1

  * Public Cloud Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1802=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 x86_64)
    * ocfs2-kmp-azure-5.14.21-150400.14.43.1
    * kselftests-kmp-azure-5.14.21-150400.14.43.1
    * kernel-azure-optional-debuginfo-5.14.21-150400.14.43.1
    * dlm-kmp-azure-5.14.21-150400.14.43.1
    * kernel-azure-debugsource-5.14.21-150400.14.43.1
    * kernel-azure-devel-5.14.21-150400.14.43.1
    * kernel-azure-livepatch-devel-5.14.21-150400.14.43.1
    * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    * reiserfs-kmp-azure-5.14.21-150400.14.43.1
    * kernel-azure-devel-debuginfo-5.14.21-150400.14.43.1
    * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    * kernel-azure-extra-debuginfo-5.14.21-150400.14.43.1
    * kernel-azure-extra-5.14.21-150400.14.43.1
    * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    * kernel-azure-debuginfo-5.14.21-150400.14.43.1
    * kernel-syms-azure-5.14.21-150400.14.43.1
    * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    * gfs2-kmp-azure-5.14.21-150400.14.43.1
    * dlm-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    * kernel-azure-optional-5.14.21-150400.14.43.1
    * cluster-md-kmp-azure-5.14.21-150400.14.43.1
  * openSUSE Leap 15.4 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150400.14.43.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-devel-azure-5.14.21-150400.14.43.1
    * kernel-source-azure-5.14.21-150400.14.43.1
  * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150400.14.43.1
  * Public Cloud Module 15-SP4 (aarch64 x86_64)
    * kernel-azure-debuginfo-5.14.21-150400.14.43.1
    * kernel-syms-azure-5.14.21-150400.14.43.1
    * kernel-azure-debugsource-5.14.21-150400.14.43.1
    * kernel-azure-devel-5.14.21-150400.14.43.1
    * kernel-azure-devel-debuginfo-5.14.21-150400.14.43.1
  * Public Cloud Module 15-SP4 (noarch)
    * kernel-devel-azure-5.14.21-150400.14.43.1
    * kernel-source-azure-5.14.21-150400.14.43.1

## References:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the sle-security-updates mailing list