SUSE-SU-2023:4810-1: important: Security update for the Linux Kernel
null at suse.de
null at suse.de
Wed Dec 13 20:30:40 UTC 2023
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4810-1
Rating: important
References:
* bsc#1084909
* bsc#1210447
* bsc#1214286
* bsc#1214976
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216584
* bsc#1216693
* bsc#1216759
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217124
* bsc#1217140
* bsc#1217195
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* Legacy Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 12 vulnerabilities, contains three features and has 26
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
The following non-security bugs were fixed:
* ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
* ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
* ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
* ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
* ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
* ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
* ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
* ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
* ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
* ALSA: info: Fix potential deadlock at disconnection (git-fixes).
* ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
* ASoC: ams-delta.c: use component after check (git-fixes).
* ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
* ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
* ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
described (git-fixes).
* ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
* ASoC: rt5650: fix the wrong result of key button (git-fixes).
* ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
* Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
* Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-
fixes).
* Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-
fixes).
* Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
* Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-
fixes).
* HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
* HID: hyperv: Replace one-element array with flexible-array member (git-
fixes).
* HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
* HID: hyperv: remove unused struct synthhid_msg (git-fixes).
* HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only
(git-fixes).
* HID: logitech-hidpp: Move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
* HID: logitech-hidpp: Revert "Do not restart communication if not necessary"
(git-fixes).
* Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-
fixes).
* Input: xpad - add VID for Turtle Beach controllers (git-fixes).
* PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
* PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
* PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
* PCI: Extract ATS disabling to a helper function (bsc#1215458).
* PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-
fixes).
* PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
* PCI: Use FIELD_GET() to extract Link Width (git-fixes).
* PCI: exynos: Do not discard .remove() callback (git-fixes).
* PCI: keystone: Do not discard .probe() callback (git-fixes).
* PCI: keystone: Do not discard .remove() callback (git-fixes).
* PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-
fixes).
* PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
* PM: hibernate: Use __get_safe_page() rather than touching the list (git-
fixes).
* USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
* USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
* USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* USB: serial: option: add Fibocom L7xx modules (git-fixes).
* USB: serial: option: add Luat Air72*U series products (git-fixes).
* USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
* USB: serial: option: fix FM101R-GL defines (git-fixes).
* USB: usbip: fix stub_dev hub disconnect (git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: Add Cortex-A520 CPU part definition (git-fixes)
* arm64: allow kprobes on EL0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass ESR_ELx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out EL1 SSBS emulation hook (git-fixes)
* arm64: report EL1 UNDEFs better (git-fixes)
* arm64: rework BTI exception handling (git-fixes)
* arm64: rework EL0 MRS emulation (git-fixes)
* arm64: rework FPAC exception handling (git-fixes)
* arm64: split EL0/EL1 UNDEF handlers (git-fixes)
* ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
* atl1c: Work around the DMA RX overflow issue (git-fixes).
* atm: iphase: Do PCI error checks on own line (git-fixes).
* blk-mq: Do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: Add device 0bda:887b to device tables (git-fixes).
* bluetooth: Add device 13d3:3571 to device tables (git-fixes).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
* can: isotp: set max PDU size to 64 kByte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: Fix comment (git-fixes).
* clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name (git-fixes).
* clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
* clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
* clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: Fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
* clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
* clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clk: ti: change ti_clk_register_omap_hw API (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
* dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* docs: net: move the probe and open/close sections of driver.rst up
(bsc#1215458).
* docs: net: reformat driver.rst from a list to sections (bsc#1215458).
* docs: net: use C syntax highlight in driver.rst (bsc#1215458).
* drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
* drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
(git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-
fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
* drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
(git-fixes).
* drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: do not use ATRM for external devices (git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: Fix bit updates (git-fixes).
* drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
* drm/gud: Use size_add() in call to struct_size() (git-fixes).
* drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
* drm/i915: Fix potential spectre vulnerability (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
(git-fixes).
* drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: Create devm device attachment (git-fixes).
* drm/mipi-dsi: Create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
* drm/panel: st7703: Pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-
fixes).
* drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: omapfb: Drop unused remove function (git-fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-
fixes).
* hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
* hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
* i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
* i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
* i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: Fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-
fixes).
* i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix wrong data return when IBI happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
* idpf: add RX splitq napi poll support (bsc#1215458).
* idpf: add SRIOV support and other ndo_ops (bsc#1215458).
* idpf: add TX splitq napi poll support (bsc#1215458).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and MAC filter support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for RX queues (bsc#1215458).
* idpf: configure resources for TX queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-
fixes).
* iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
* leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: Do not use SMBUS calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: Correctly initialise try compose rectangle (git-fixes).
* media: ccs: Fix driver quirk struct documentation (git-fixes).
* media: cedrus: Fix clock/reset sequence (git-fixes).
* media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: Fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: Drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: Add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: Add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-
fixes).
* mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: Fix double put in dln2_probe (git-fixes).
* misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
* misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237,
git-fixes).
* mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
* mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
* mmc: block: Retry commands in CQE error recovery (git-fixes).
* mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
* mmc: cqhci: Increase recovery halt timeout (git-fixes).
* mmc: cqhci: Warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
* mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-
fixes).
* mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-
fixes).
* mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
* mtd: rawnand: arasan: Include ECC syndrome along with in-band data while
checking for ECC failure (git-fixes).
* net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
* net: Avoid address overwrite in kernel_connect (bsc#1216861).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: Fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* nvme: update firmware version after commit (bsc#1215292).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-
fixes).
* platform/x86: wmi: Fix opening of char device (git-fixes).
* platform/x86: wmi: Fix probe failure when failing to register WMI devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* powerpc: Do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: Fix double shift bug (git-fixes).
* pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
* pwm: sti: Reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
* r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
* r8152: Release firmware if we have an error in probe (git-fixes).
* r8152: Run the unload routine if we have errors during probe (git-fixes).
* regmap: Ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* s390/ap: fix AP bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (LTC#203997
bsc#1217086).
* s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for ERP requests (git-fixes
bsc#1217598).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(LTC#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(LTC#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217599).
* sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: Correct maximum PCI function value for RAS fw logging
(bsc#1217731).
* scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: Enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: Fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
* scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV
ports (bsc#1217124).
* scsi: lpfc: Remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
* scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: Fix ksft print formats (git-fixes).
* selftests/resctrl: Ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-
fixes).
* selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial
cards" (git-fixes).
* serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* treewide: Spelling fix in comment (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
* tty: 8250: Add support for Brainboxes UP cards (git-fixes).
* tty: 8250: Add support for Intashield IS-100 (git-fixes).
* tty: 8250: Add support for Intashield IX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
* tty: 8250: Fix port count of PX-257 (git-fixes).
* tty: 8250: Fix up PX-803/PX-857 (git-fixes).
* tty: 8250: Remove UC-257 and UC-431 (git-fixes).
* tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
* usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
* usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
* usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
* usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc3: Fix default mode initialization (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility (git-fixes).
* usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: Do not touch the CE interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
* wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
* x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-
fixes).
* x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
* x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-
fixes).
* x86/sev: Fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-
fixes).
* x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert AGF log flags to unsigned (git-fixes).
* xfs: convert AGI log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize AG block number formatting in ftrace output (git-fixes).
* xfs: standardize AG number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: Enable RPM on controllers that support low-power states (git-fixes).
* xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4810=1 openSUSE-SLE-15.4-2023-4810=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4810=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4810=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4810=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4810=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4810=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4810=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4810=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4810=1
## Package List:
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.100.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-5.14.21-150400.24.100.2
* kernel-docs-html-5.14.21-150400.24.100.1
* kernel-macros-5.14.21-150400.24.100.2
* kernel-source-vanilla-5.14.21-150400.24.100.2
* kernel-source-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.14.21-150400.24.100.2
* kernel-debug-livepatch-devel-5.14.21-150400.24.100.2
* kernel-debug-debuginfo-5.14.21-150400.24.100.2
* kernel-debug-debugsource-5.14.21-150400.24.100.2
* kernel-debug-devel-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150400.24.100.2.150400.24.46.2
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.100.2
* kernel-kvmsmall-devel-5.14.21-150400.24.100.2
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.100.2
* kernel-kvmsmall-debugsource-5.14.21-150400.24.100.2
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* gfs2-kmp-default-5.14.21-150400.24.100.2
* dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* cluster-md-kmp-default-5.14.21-150400.24.100.2
* kernel-obs-build-debugsource-5.14.21-150400.24.100.2
* kernel-obs-build-5.14.21-150400.24.100.2
* kernel-default-optional-debuginfo-5.14.21-150400.24.100.2
* kernel-obs-qa-5.14.21-150400.24.100.1
* ocfs2-kmp-default-5.14.21-150400.24.100.2
* kselftests-kmp-default-5.14.21-150400.24.100.2
* kernel-default-optional-5.14.21-150400.24.100.2
* kernel-default-extra-debuginfo-5.14.21-150400.24.100.2
* kernel-default-extra-5.14.21-150400.24.100.2
* kernel-default-livepatch-5.14.21-150400.24.100.2
* kernel-syms-5.14.21-150400.24.100.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.100.2
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-devel-debuginfo-5.14.21-150400.24.100.2
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-devel-5.14.21-150400.24.100.2
* kernel-default-livepatch-devel-5.14.21-150400.24.100.2
* reiserfs-kmp-default-5.14.21-150400.24.100.2
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2
* dlm-kmp-default-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2
* kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2
* kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.100.1
* openSUSE Leap 15.4 (aarch64)
* dtb-cavium-5.14.21-150400.24.100.1
* dtb-amd-5.14.21-150400.24.100.1
* dtb-xilinx-5.14.21-150400.24.100.1
* dtb-freescale-5.14.21-150400.24.100.1
* dtb-amlogic-5.14.21-150400.24.100.1
* kselftests-kmp-64kb-5.14.21-150400.24.100.2
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
* dtb-qcom-5.14.21-150400.24.100.1
* dtb-exynos-5.14.21-150400.24.100.1
* kernel-64kb-extra-5.14.21-150400.24.100.2
* dtb-arm-5.14.21-150400.24.100.1
* dtb-lg-5.14.21-150400.24.100.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
* kernel-64kb-devel-5.14.21-150400.24.100.2
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2
* dtb-sprd-5.14.21-150400.24.100.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
* gfs2-kmp-64kb-5.14.21-150400.24.100.2
* kernel-64kb-debugsource-5.14.21-150400.24.100.2
* dtb-socionext-5.14.21-150400.24.100.1
* dtb-marvell-5.14.21-150400.24.100.1
* dtb-allwinner-5.14.21-150400.24.100.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.100.2
* dtb-rockchip-5.14.21-150400.24.100.1
* dtb-renesas-5.14.21-150400.24.100.1
* cluster-md-kmp-64kb-5.14.21-150400.24.100.2
* dlm-kmp-64kb-5.14.21-150400.24.100.2
* kernel-64kb-optional-5.14.21-150400.24.100.2
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
* ocfs2-kmp-64kb-5.14.21-150400.24.100.2
* kernel-64kb-debuginfo-5.14.21-150400.24.100.2
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
* dtb-amazon-5.14.21-150400.24.100.1
* dtb-apm-5.14.21-150400.24.100.1
* dtb-broadcom-5.14.21-150400.24.100.1
* dtb-hisilicon-5.14.21-150400.24.100.1
* dtb-nvidia-5.14.21-150400.24.100.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.100.2
* dtb-altera-5.14.21-150400.24.100.1
* reiserfs-kmp-64kb-5.14.21-150400.24.100.2
* dtb-apple-5.14.21-150400.24.100.1
* dtb-mediatek-5.14.21-150400.24.100.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.100.2
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.100.2
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.100.2
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.100.2
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2
* kernel-64kb-debuginfo-5.14.21-150400.24.100.2
* kernel-64kb-debugsource-5.14.21-150400.24.100.2
* kernel-64kb-devel-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* kernel-default-devel-debuginfo-5.14.21-150400.24.100.2
* kernel-default-devel-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (noarch)
* kernel-macros-5.14.21-150400.24.100.2
* kernel-devel-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.100.2
* Basesystem Module 15-SP4 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2
* kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2
* Development Tools Module 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.100.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150400.24.100.2
* kernel-obs-build-5.14.21-150400.24.100.2
* kernel-syms-5.14.21-150400.24.100.1
* Development Tools Module 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.100.2
* Legacy Module 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.100.2
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* reiserfs-kmp-default-5.14.21-150400.24.100.2
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150400.24.100.2
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* kernel-default-livepatch-devel-5.14.21-150400.24.100.2
* kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2
* kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-5.14.21-150400.24.100.2
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
* dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* cluster-md-kmp-default-5.14.21-150400.24.100.2
* ocfs2-kmp-default-5.14.21-150400.24.100.2
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2
* dlm-kmp-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.100.2
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.100.2
* kernel-default-debugsource-5.14.21-150400.24.100.2
* kernel-default-extra-5.14.21-150400.24.100.2
* kernel-default-extra-debuginfo-5.14.21-150400.24.100.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20231213/9123c3ff/attachment-0001.htm>
More information about the sle-security-updates
mailing list