SUSE-SU-2023:1897-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Apr 18 12:30:23 UTC 2023



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:1897-1  
Rating: important  
References:

  * #1065729
  * #1109158
  * #1189998
  * #1193629
  * #1194869
  * #1203200
  * #1206552
  * #1207168
  * #1207185
  * #1207574
  * #1208602
  * #1208815
  * #1208829
  * #1208902
  * #1209052
  * #1209118
  * #1209256
  * #1209290
  * #1209292
  * #1209366
  * #1209532
  * #1209547
  * #1209556
  * #1209572
  * #1209600
  * #1209634
  * #1209635
  * #1209636
  * #1209681
  * #1209684
  * #1209687
  * #1209779
  * #1209788
  * #1209798
  * #1209799
  * #1209804
  * #1209805
  * #1210050
  * #1210203

  
Cross-References:

  * CVE-2017-5753
  * CVE-2022-4744
  * CVE-2023-0394
  * CVE-2023-1281
  * CVE-2023-1513
  * CVE-2023-1582
  * CVE-2023-1611
  * CVE-2023-1637
  * CVE-2023-1652
  * CVE-2023-1838
  * CVE-2023-23001
  * CVE-2023-28327
  * CVE-2023-28464
  * CVE-2023-28466

  
CVSS scores:

  * CVE-2017-5753 ( SUSE ):  7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( NVD ):  5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2022-4744 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-4744 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-0394 ( SUSE ):  6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-0394 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1281 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1281 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1513 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-1513 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-1582 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1582 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1611 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1611 ( NVD ):  6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-1637 ( SUSE ):  4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
  * CVE-2023-1637 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-1652 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1652 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-1838 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1838 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-23001 ( SUSE ):  2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-23001 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-28327 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-28464 ( SUSE ):  4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2023-28464 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28466 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28466 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * Basesystem Module 15-SP4
  * Development Tools Module 15-SP4
  * Legacy Module 15-SP4
  * openSUSE Leap 15.4
  * openSUSE Leap Micro 5.3
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise High Availability Extension 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise Live Patching 15-SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Workstation Extension 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves 14 vulnerabilities and has 25 fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot
    (bsc#1209687).
  * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent.
    This flaw could allow a local attacker to crash the system and lead to a
    kernel information leak problem. (bsc#1210203).
  * CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent.
    This flaw could cause system crashes (bsc#1207168).
  * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
    structure that could be copied to userspace, causing an information leak
    (bsc#1209532).
  * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
  * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  * CVE-2023-28464: Fixed user-after-free that could lead to privilege
    escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
  * CVE-2023-28466: Fixed race condition that could lead to use-after-free or
    NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c
    (bsc#1209366).
  * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to
    CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
  * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information
    leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
  * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
    escalation in TUN/TAP device driver functionality (bsc#1209635).
  * CVE-2023-1281: Fixed use after free that could lead to privilege escalation
    in tcindex (bsc#1209634).
  * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
  * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
  * CVE-2023-23001: Fixed misinterpretation of regulator_get return value in
    drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).

The following non-security bugs were fixed:

  * ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-
    fixes).
  * alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
  * ALSA: asihpi: check pao in control_message() (git-fixes).
  * ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
  * ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
  * ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
  * ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
  * ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
  * ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
  * ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-
    fixes).
  * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
  * ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
  * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-
    fixes).
  * ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
  * ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
  * ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
  * arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
  * ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
  * ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
  * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
  * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
  * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
  * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
  * arm64: dts: imx8mp: correct usb clocks (git-fixes)
  * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
  * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
  * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
  * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
  * ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
  * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
  * Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-
    fixes).
  * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished
    work (git-fixes).
  * Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
  * ca8210: fix mac_len negative array access (git-fixes).
  * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-
    fixes).
  * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
  * can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-
    fixes).
  * can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-
    fixes).
  * cifs: append path to open_enter trace event (bsc#1193629).
  * cifs: avoid race conditions with parallel reconnects (bsc#1193629).
  * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
  * cifs: check only tcon status on tcon related functions (bsc#1193629).
  * cifs: do not poll server interfaces too regularly (bsc#1193629).
  * cifs: double lock in cifs_reconnect_tcon() (git-fixes).
  * cifs: dump pending mids for all channels in DebugData (bsc#1193629).
  * cifs: empty interface list when server does not support query interfaces
    (bsc#1193629).
  * cifs: fix dentry lookups in directory handle cache (bsc#1193629).
  * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
  * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
  * cifs: Fix smb2_set_path_size() (git-fixes).
  * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
  * cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
  * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
  * cifs: lock chan_lock outside match_session (bsc#1193629).
  * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
  * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
  * cifs: print session id while listing open files (bsc#1193629).
  * cifs: return DFS root session id in DebugData (bsc#1193629).
  * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
  * cifs: use DFS root session instead of tcon ses (bsc#1193629).
  * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown
    (git-fixes).
  * debugfs: add debugfs_lookup_and_remove() (git-fixes).
  * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
    (bsc#1208815).
  * drivers/base: fix userspace break from using bin_attributes for cpumap and
    cpulist (bsc#1208815).
  * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
  * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-
    fixes).
  * drm/amdkfd: Fix an illegal memory access (git-fixes).
  * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
  * drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
  * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
  * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
  * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
  * drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
  * drm/i915/active: Fix missing debug object activation (git-fixes).
  * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-
    fixes).
  * drm/i915/display: clean up comments (git-fixes).
  * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch
    enabled (git-fixes).
  * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip
    (git-fixes).
  * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area
    (git-fixes).
  * drm/i915/gt: perform uc late init after probe error injection (git-fixes).
  * drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
  * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
  * drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
  * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
  * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
  * fbdev: au1200fb: Fix potential divide by zero (git-fixes).
  * fbdev: intelfb: Fix potential divide by zero (git-fixes).
  * fbdev: lxfb: Fix potential divide by zero (git-fixes).
  * fbdev: nvidia: Fix potential divide by zero (git-fixes).
  * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-
    fixes).
  * fbdev: tgafb: Fix potential divide by zero (git-fixes).
  * firmware: arm_scmi: Fix device node validation for mailbox transport (git-
    fixes).
  * fotg210-udc: Add missing completion handler (git-fixes).
  * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-
    fixes).
  * ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
    (git-fixes).
  * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
  * gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
  * gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
  * HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-
    fixes).
  * HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-
    fixes).
  * hwmon: fix potential sensor registration fail if of_node is missing (git-
    fixes).
  * i2c: hisi: Only use the completion interrupt to finish the transfer (git-
    fixes).
  * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
  * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-
    fixes).
  * iio: adc: ad7791: fix IRQ flags (git-fixes).
  * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
  * iio: adis16480: select CONFIG_CRC32 (git-fixes).
  * iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
  * iio: light: cm32181: Unregister second I2C client if present (git-fixes).
  * Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
  * Input: focaltech - use explicitly signed char type (git-fixes).
  * Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
    (git-fixes).
  * KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled
    (Never, kabi).
  * kABI workaround for xhci (git-fixes).
  * kABI: x86/msr: Remove .fixup usage (kabi).
  * kconfig: Update config changed flag before calling callback (git-fixes).
  * keys: Do not cache key in task struct if key is requested from kernel thread
    (git-fixes).
  * KVM: x86: fix sending PV IPI (git-fixes).
  * KVM: x86: fix sending PV IPI (git-fixes).
  * lan78xx: Add missing return code checks (git-fixes).
  * lan78xx: Fix exception on link speed change (git-fixes).
  * lan78xx: Fix memory allocation bug (git-fixes).
  * lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
  * lan78xx: Fix race condition in disconnect handling (git-fixes).
  * lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
  * lan78xx: Fix white space and style issues (git-fixes).
  * lan78xx: Remove unused pause frame queue (git-fixes).
  * lan78xx: Remove unused timer (git-fixes).
  * lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
  * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
  * locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998
    (PREEMPT_RT prerequisite backports), bsc#1206552).
  * mm: memcg: fix swapcached stat accounting (bsc#1209804).
  * mm: mmap: remove newline at the end of the trace (git-fixes).
  * mmc: atmel-mci: fix race between stop command and start of next command
    (git-fixes).
  * mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
  * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
  * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
  * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-
    fixes).
  * mtdblock: tolerate corrected bit-flips (git-fixes).
  * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-
    fixes).
  * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
  * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
  * net: phy: Ensure state transitions are processed from phy_stop() (git-
    fixes).
  * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
  * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
    (git-fixes).
  * net: qcom/emac: Fix use after free bug in emac_remove due to race condition
    (git-fixes).
  * net: usb: asix: remove redundant assignment to variable reg (git-fixes).
  * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
  * net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
  * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
  * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
  * net: usb: smsc75xx: Move packet length check to prevent kernel panic in
    skb_pull (git-fixes).
  * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
  * net: usb: use eth_hw_addr_set() (git-fixes).
  * NFS: Fix an Oops in nfs_d_automount() (git-fixes).
  * NFS: fix disabling of swap (git-fixes).
  * NFS4trace: fix state manager flag printing (git-fixes).
  * NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-
    fixes).
  * NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
  * NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
  * NFSD: fix race to check ls_layouts (git-fixes).
  * NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
  * NFSD: Protect against filesystem freezing (git-fixes).
  * NFSD: shut down the NFSv4 state objects before the filecache (git-fixes).
  * NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-
    fixes).
  * NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-
    fixes).
  * NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
  * NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
    (git-fixes).
  * NFSv4: Fix hangs when recovering open state after a server reboot (git-
    fixes).
  * NFSv4: keep state manager thread active if swap is enabled (git-fixes).
  * NFSv4: provide mount option to toggle trunking discovery (git-fixes).
  * NFSv4: Fix initialisation of struct nfs4_label (git-fixes).
  * NFSv4: Fail client initialisation if state manager thread can't run (git-
    fixes).
  * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
  * nilfs2: fix sysfs interface lifetime (git-fixes).
  * nvme-tcp: always fail a request when sending it failed (bsc#1208902).
  * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
  * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
  * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
    (bsc#1207185).
  * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
    (bsc#1207185).
  * PCI: hv: Use async probing to reduce boot time (bsc#1207185).
  * PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
  * pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
  * pinctrl: at91-pio4: fix domain name assignment (git-fixes).
  * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
  * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-
    fixes).
  * platform/x86: think-lmi: add debug_cmd (bsc#1210050).
  * platform/x86: think-lmi: add missing type attribute (git-fixes).
  * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
  * platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
  * platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
  * platform/x86: think-lmi: Clean up display of current_value on Thinkstation
    (git-fixes).
  * platform/x86: think-lmi: Fix memory leak when showing current settings (git-
    fixes).
  * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI
    strings (git-fixes).
  * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth()
    (bsc#1210050).
  * platform/x86: think-lmi: only display possible_values if available (git-
    fixes).
  * platform/x86: think-lmi: Opcode support (bsc#1210050).
  * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
  * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit
    (bsc#1210050).
  * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
  * platform/x86: think-lmi: Use min_t() for comparison and assignment
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of
    laptops (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen)
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
  * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
  * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
  * platform/x86: thinkpad_acpi: consistently check fan_get_status return
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
  * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
  * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Do not use test_bit on an integer
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err
    variable (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD
    platforms (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some
    models (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the
    wrong place (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles
    only once (bsc#1210050).
  * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead
    of 1 (bsc#1210050).
  * platform/x86: thinkpad_acpi: Properly indent code in
    tpacpi_dytc_profile_init() (bsc#1210050).
  * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init()
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered
    flag (bsc#1210050).
  * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and
    hotkey_radio_sw sysfs-attr (bsc#1210050).
  * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
  * platform/x86: thinkpad_acpi: Switch to common use of attributes
    (bsc#1210050).
  * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes
    not device attrs (bsc#1210050).
  * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
  * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
  * platform/x86: thinkpad-acpi: Add support for automatic mode transitions
    (bsc#1210050).
  * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems
    (bsc#1210050).
  * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
  * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
  * pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
  * power: supply: da9150: Fix use after free bug in da9150_charger_remove due
    to race condition (git-fixes).
  * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
  * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
    switch (bsc#1194869).
  * powerpc/btext: add missing of_node_put (bsc#1065729).
  * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
  * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
    (bsc#1194869).
  * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
  * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
    (bsc#1194869).
  * powerpc/kexec_file: fix implicit decl error (bsc#1194869).
  * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
  * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
    (bsc#1065729).
  * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158
    ltc#169177 git-fixes).
  * powerpc/pseries/lparcfg: add missing RTAS retry status handling
    (bsc#1065729).
  * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
  * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
  * powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
  * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds
    (bsc#1194869).
  * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
  * ppc64le: HWPOISON_INJECT=m (bsc#1209572).
  * pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
  * pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
  * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
  * rcu: Fix rcu_torture_read ftrace event (git-fixes).
  * regulator: Handle deferred clk (git-fixes).
  * ring-buffer: Fix race while reader and writer are on the same page (git-
    fixes).
  * ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-
    fixes).
  * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
  * rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and
    the build fails recently on SLE15-SP4/5.
  * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
  * s390/dasd: fix no record found for raw_track_access (bsc#1207574).
  * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
  * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
  * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
  * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292
    bsc#1209684 bsc#1209556).
  * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list
    (bsc#1208602, git-fixes).
  * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-
    fixes).
  * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-
    fixes).
  * serial: fsl_lpuart: Fix comment typo (git-fixes).
  * smb3: fix unusable share after force unmount failure (bsc#1193629).
  * smb3: lower default deferred close timeout to address perf regression
    (bsc#1193629).
  * struct dwc3: mask new member (git-fixes).
  * SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
  * SUNRPC: Fix a server shutdown leak (git-fixes).
  * SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
  * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
  * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
  * thunderbolt: Disable interrupt auto clear for rings (git-fixes).
  * thunderbolt: Rename shadowed variables bit to interrupt_bit and
    auto_clear_bit (git-fixes).
  * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
  * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
  * timers: Prevent union confusion from unexpected (git-fixes)
  * trace/hwlat: Do not start per-cpu thread if it is already running (git-
    fixes).
  * trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
  * trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-
    fixes).
  * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-
    fixes).
  * tracing: Add trace_array_puts() to write into instance (git-fixes).
  * tracing: Check field value in hist_field_name() (git-fixes).
  * tracing: Do not let histogram values have some modifiers (git-fixes).
  * tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
  * tracing: Free error logs of tracing instances (git-fixes).
  * tracing: Have tracing_snapshot_instance_cond() write errors to the
    appropriate instance (git-fixes).
  * tracing: Make splice_read available again (git-fixes).
  * tracing: Make tracepoint lockdep check actually test something (git-fixes).
  * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-
    fixes).
  * tty: serial: fsl_lpuart: avoid checking for transfer complete when
    UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
  * tty: serial: fsl_lpuart: skip waiting for transmission complete when
    UARTCTRL_SBK is asserted (git-fixes).
  * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
  * tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
  * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
  * USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
  * USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-
    fixes).
  * USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
  * USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
  * USB: chipdea: core: fix return -EINVAL if request role is the same with
    current role (git-fixes).
  * USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
  * USB: dwc3: Fix a typo in field name (git-fixes).
  * USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC
    (git-fixes).
  * USB: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-
    fixes).
  * USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-
    fixes).
  * USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-
    fixes).
  * USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-
    fixes).
  * USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-
    fixes).
  * USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
  * USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-
    fixes).
  * USB: typec: tcpm: fix warning when handle discover_identity message (git-
    fixes).
  * USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
  * USB: ucsi: Fix ucsi->connector race (git-fixes).
  * USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
  * USB: xhci: tegra: fix sleep in atomic call (git-fixes).
  * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-
    fixes).
  * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
    sta (git-fixes).
  * wifi: mac80211: fix qos on mesh interfaces (git-fixes).
  * wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
  * x86: Annotate call_on_stack() (git-fixes).
  * x86: Annotate call_on_stack() (git-fixes).
  * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
    (bsc#1203200).
  * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
  * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
  * x86/fpu: Cache xfeature flags from CPUID (git-fixes).
  * x86/fpu: Remove unused supervisor only offsets (git-fixes).
  * x86/fpu: Remove unused supervisor only offsets (git-fixes).
  * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states
    (git-fixes).
  * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states
    (git-fixes).
  * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
  * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
  * x86/mce: Allow instrumentation during task work queueing (git-fixes).
  * x86/mce: Allow instrumentation during task work queueing (git-fixes).
  * x86/mce: Mark mce_end() noinstr (git-fixes).
  * x86/mce: Mark mce_end() noinstr (git-fixes).
  * x86/mce: Mark mce_panic() noinstr (git-fixes).
  * x86/mce: Mark mce_panic() noinstr (git-fixes).
  * x86/mce: Mark mce_read_aux() noinstr (git-fixes).
  * x86/mce: Mark mce_read_aux() noinstr (git-fixes).
  * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
  * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
  * x86/mm: Flush global TLB when switching to trampoline page-table (git-
    fixes).
  * x86/mm: Flush global TLB when switching to trampoline page-table (git-
    fixes).
  * x86/msr: Remove .fixup usage (git-fixes).
  * x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
  * x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
  * x86/sgx: Silence softlockup detection when releasing large enclaves (git-
    fixes).
  * x86/sgx: Silence softlockup detection when releasing large enclaves (git-
    fixes).
  * x86/uaccess: Move variable into switch case statement (git-fixes).
  * x86/uaccess: Move variable into switch case statement (git-fixes).
  * xfs: convert ptag flags to unsigned (git-fixes).
  * xfs: do not assert fail on perag references on teardown (git-fixes).
  * xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
  * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
  * xfs: remove xfs_setattr_time() declaration (git-fixes).
  * xfs: zero inode fork buffer at allocation (git-fixes).
  * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-
    fixes).
  * xhci: Free the command allocated for setting LPM if we return early (git-
    fixes).
  * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
  * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap Micro 5.3  
    zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1897=1

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-1897=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2023-1897=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2023-1897=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2023-1897=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2023-1897=1

  * Basesystem Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1897=1

  * Development Tools Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1897=1

  * Legacy Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-1897=1

  * SUSE Linux Enterprise Live Patching 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1897=1  
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

  * SUSE Linux Enterprise High Availability Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1897=1

  * SUSE Linux Enterprise Workstation Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1897=1

## Package List:

  * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
    * kernel-default-5.14.21-150400.24.60.1
  * openSUSE Leap Micro 5.3 (aarch64 x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.60.1
    * kselftests-kmp-default-5.14.21-150400.24.60.1
    * reiserfs-kmp-default-5.14.21-150400.24.60.1
    * kernel-default-livepatch-5.14.21-150400.24.60.1
    * kernel-syms-5.14.21-150400.24.60.1
    * gfs2-kmp-default-5.14.21-150400.24.60.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.60.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-devel-5.14.21-150400.24.60.1
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-obs-build-5.14.21-150400.24.60.1
    * kselftests-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-optional-debuginfo-5.14.21-150400.24.60.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-obs-qa-5.14.21-150400.24.60.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.60.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.60.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-extra-5.14.21-150400.24.60.1
    * dlm-kmp-default-5.14.21-150400.24.60.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * ocfs2-kmp-default-5.14.21-150400.24.60.1
    * kernel-default-base-rebuild-5.14.21-150400.24.60.1.150400.24.24.3
    * cluster-md-kmp-default-5.14.21-150400.24.60.1
    * kernel-default-optional-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (nosrc ppc64le x86_64)
    * kernel-debug-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (ppc64le x86_64)
    * kernel-debug-devel-debuginfo-5.14.21-150400.24.60.1
    * kernel-debug-debuginfo-5.14.21-150400.24.60.1
    * kernel-debug-livepatch-devel-5.14.21-150400.24.60.1
    * kernel-debug-devel-5.14.21-150400.24.60.1
    * kernel-debug-debugsource-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-devel-5.14.21-150400.24.60.1
    * kernel-source-vanilla-5.14.21-150400.24.60.1
    * kernel-source-5.14.21-150400.24.60.1
    * kernel-macros-5.14.21-150400.24.60.1
    * kernel-docs-html-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
    * kernel-kvmsmall-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
    * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.60.1
    * kernel-kvmsmall-debuginfo-5.14.21-150400.24.60.1
    * kernel-kvmsmall-devel-5.14.21-150400.24.60.1
    * kernel-kvmsmall-debugsource-5.14.21-150400.24.60.1
    * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.60.1
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (aarch64)
    * kernel-64kb-extra-debuginfo-5.14.21-150400.24.60.1
    * kernel-64kb-livepatch-devel-5.14.21-150400.24.60.1
    * dtb-cavium-5.14.21-150400.24.60.1
    * dtb-amd-5.14.21-150400.24.60.1
    * dtb-broadcom-5.14.21-150400.24.60.1
    * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
    * dtb-amazon-5.14.21-150400.24.60.1
    * kernel-64kb-optional-5.14.21-150400.24.60.1
    * dtb-hisilicon-5.14.21-150400.24.60.1
    * dtb-apple-5.14.21-150400.24.60.1
    * dlm-kmp-64kb-5.14.21-150400.24.60.1
    * dtb-amlogic-5.14.21-150400.24.60.1
    * dtb-apm-5.14.21-150400.24.60.1
    * dtb-rockchip-5.14.21-150400.24.60.1
    * dtb-mediatek-5.14.21-150400.24.60.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.60.1
    * kernel-64kb-devel-5.14.21-150400.24.60.1
    * dtb-exynos-5.14.21-150400.24.60.1
    * dtb-renesas-5.14.21-150400.24.60.1
    * dtb-sprd-5.14.21-150400.24.60.1
    * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
    * dtb-arm-5.14.21-150400.24.60.1
    * dtb-socionext-5.14.21-150400.24.60.1
    * ocfs2-kmp-64kb-5.14.21-150400.24.60.1
    * dtb-nvidia-5.14.21-150400.24.60.1
    * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
    * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
    * cluster-md-kmp-64kb-5.14.21-150400.24.60.1
    * kernel-64kb-optional-debuginfo-5.14.21-150400.24.60.1
    * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
    * dtb-marvell-5.14.21-150400.24.60.1
    * gfs2-kmp-64kb-5.14.21-150400.24.60.1
    * kernel-64kb-extra-5.14.21-150400.24.60.1
    * reiserfs-kmp-64kb-5.14.21-150400.24.60.1
    * dtb-lg-5.14.21-150400.24.60.1
    * dtb-altera-5.14.21-150400.24.60.1
    * dtb-qcom-5.14.21-150400.24.60.1
    * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
    * dtb-allwinner-5.14.21-150400.24.60.1
    * kselftests-kmp-64kb-5.14.21-150400.24.60.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.60.1
    * kernel-64kb-debugsource-5.14.21-150400.24.60.1
    * dtb-freescale-5.14.21-150400.24.60.1
    * dtb-xilinx-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (nosrc)
    * dtb-aarch64-5.14.21-150400.24.60.1
  * openSUSE Leap 15.4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (aarch64)
    * kernel-64kb-debuginfo-5.14.21-150400.24.60.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.60.1
    * kernel-64kb-devel-5.14.21-150400.24.60.1
    * kernel-64kb-debugsource-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
    * kernel-default-devel-5.14.21-150400.24.60.1
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (noarch)
    * kernel-macros-5.14.21-150400.24.60.1
    * kernel-devel-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.60.1
  * Basesystem Module 15-SP4 (s390x)
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.60.1
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.60.1
  * Development Tools Module 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.60.1
  * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * kernel-obs-build-debugsource-5.14.21-150400.24.60.1
    * kernel-syms-5.14.21-150400.24.60.1
    * kernel-obs-build-5.14.21-150400.24.60.1
  * Development Tools Module 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.60.1
  * Legacy Module 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.60.1
  * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
    * reiserfs-kmp-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
    * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-1-150400.9.3.2
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.60.1
    * kernel-livepatch-SLE15-SP4_Update_11-debugsource-1-150400.9.3.2
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-livepatch-5.14.21-150400.24.60.1
    * kernel-livepatch-5_14_21-150400_24_60-default-1-150400.9.3.2
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
    s390x x86_64)
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * ocfs2-kmp-default-5.14.21-150400.24.60.1
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
    * cluster-md-kmp-default-5.14.21-150400.24.60.1
    * gfs2-kmp-default-5.14.21-150400.24.60.1
    * dlm-kmp-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.60.1
  * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
    * kernel-default-extra-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-debugsource-5.14.21-150400.24.60.1
    * kernel-default-debuginfo-5.14.21-150400.24.60.1
    * kernel-default-extra-5.14.21-150400.24.60.1

## References:

  * https://www.suse.com/security/cve/CVE-2017-5753.html
  * https://www.suse.com/security/cve/CVE-2022-4744.html
  * https://www.suse.com/security/cve/CVE-2023-0394.html
  * https://www.suse.com/security/cve/CVE-2023-1281.html
  * https://www.suse.com/security/cve/CVE-2023-1513.html
  * https://www.suse.com/security/cve/CVE-2023-1582.html
  * https://www.suse.com/security/cve/CVE-2023-1611.html
  * https://www.suse.com/security/cve/CVE-2023-1637.html
  * https://www.suse.com/security/cve/CVE-2023-1652.html
  * https://www.suse.com/security/cve/CVE-2023-1838.html
  * https://www.suse.com/security/cve/CVE-2023-23001.html
  * https://www.suse.com/security/cve/CVE-2023-28327.html
  * https://www.suse.com/security/cve/CVE-2023-28464.html
  * https://www.suse.com/security/cve/CVE-2023-28466.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1065729
  * https://bugzilla.suse.com/show_bug.cgi?id=1109158
  * https://bugzilla.suse.com/show_bug.cgi?id=1189998
  * https://bugzilla.suse.com/show_bug.cgi?id=1193629
  * https://bugzilla.suse.com/show_bug.cgi?id=1194869
  * https://bugzilla.suse.com/show_bug.cgi?id=1203200
  * https://bugzilla.suse.com/show_bug.cgi?id=1206552
  * https://bugzilla.suse.com/show_bug.cgi?id=1207168
  * https://bugzilla.suse.com/show_bug.cgi?id=1207185
  * https://bugzilla.suse.com/show_bug.cgi?id=1207574
  * https://bugzilla.suse.com/show_bug.cgi?id=1208602
  * https://bugzilla.suse.com/show_bug.cgi?id=1208815
  * https://bugzilla.suse.com/show_bug.cgi?id=1208829
  * https://bugzilla.suse.com/show_bug.cgi?id=1208902
  * https://bugzilla.suse.com/show_bug.cgi?id=1209052
  * https://bugzilla.suse.com/show_bug.cgi?id=1209118
  * https://bugzilla.suse.com/show_bug.cgi?id=1209256
  * https://bugzilla.suse.com/show_bug.cgi?id=1209290
  * https://bugzilla.suse.com/show_bug.cgi?id=1209292
  * https://bugzilla.suse.com/show_bug.cgi?id=1209366
  * https://bugzilla.suse.com/show_bug.cgi?id=1209532
  * https://bugzilla.suse.com/show_bug.cgi?id=1209547
  * https://bugzilla.suse.com/show_bug.cgi?id=1209556
  * https://bugzilla.suse.com/show_bug.cgi?id=1209572
  * https://bugzilla.suse.com/show_bug.cgi?id=1209600
  * https://bugzilla.suse.com/show_bug.cgi?id=1209634
  * https://bugzilla.suse.com/show_bug.cgi?id=1209635
  * https://bugzilla.suse.com/show_bug.cgi?id=1209636
  * https://bugzilla.suse.com/show_bug.cgi?id=1209681
  * https://bugzilla.suse.com/show_bug.cgi?id=1209684
  * https://bugzilla.suse.com/show_bug.cgi?id=1209687
  * https://bugzilla.suse.com/show_bug.cgi?id=1209779
  * https://bugzilla.suse.com/show_bug.cgi?id=1209788
  * https://bugzilla.suse.com/show_bug.cgi?id=1209798
  * https://bugzilla.suse.com/show_bug.cgi?id=1209799
  * https://bugzilla.suse.com/show_bug.cgi?id=1209804
  * https://bugzilla.suse.com/show_bug.cgi?id=1209805
  * https://bugzilla.suse.com/show_bug.cgi?id=1210050
  * https://bugzilla.suse.com/show_bug.cgi?id=1210203

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230418/f2ab13b6/attachment.htm>


More information about the sle-security-updates mailing list