SUSE-SU-2023:0409-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Feb 14 20:20:22 UTC 2023


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0409-1
Rating:             important
References:         #1195175 #1204502 #1206677 #1207034 #1207497 
                    #1207508 #1207769 #1207878 
Cross-References:   CVE-2022-3606 CVE-2023-0179
CVSS scores:
                    CVE-2022-3606 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3606 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Enterprise Storage 7.1
                    SUSE Linux Enterprise High Availability 15-SP3
                    SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS
                    SUSE Linux Enterprise Micro 5.1
                    SUSE Linux Enterprise Micro 5.2
                    SUSE Linux Enterprise Module for Live Patching 15-SP3
                    SUSE Linux Enterprise Realtime Extension 15-SP3
                    SUSE Linux Enterprise Server 15-SP3-LTSS
                    SUSE Linux Enterprise Server for SAP 15-SP3
                    SUSE Manager Proxy 4.2
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Server 4.2
                    openSUSE Leap 15.4
                    openSUSE Leap Micro 5.2
______________________________________________________________________________

   An update that solves two vulnerabilities and has 6 fixes
   is now available.

Description:

    The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive
   various security and bugfixes.


   The following security bugs were fixed:

   - CVE-2022-3606: Fixed a null pointer dereference inside the function
     find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the
     component BPF (bnc#1204502).
   - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header
     bits (bsc#1207034).

   The following non-security bugs were fixed:

   - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
   - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
   - bcache: fix set_at_max_writeback_rate() for multiple attached devices
     (git-fixes).
   - blktrace: Fix output non-blktrace event when blk_classic option enabled
     (git-fixes).
   - blktrace: ensure our debugfs dir exists (git-fixes).
   - dm btree: add a defensive bounds check to insert_at() (git-fixes).
   - dm cache: Fix ABBA deadlock between shrink_slab and
     dm_cache_metadata_abort (git-fixes).
   - dm cache: Fix UAF in destroy() (git-fixes).
   - dm cache: set needs_check flag after aborting metadata (git-fixes).
   - dm clone: Fix UAF in clone_dtr() (git-fixes).
   - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
   - dm integrity: fix flush with external metadata device (git-fixes).
   - dm integrity: flush the journal on suspend (git-fixes).
   - dm integrity: select CRYPTO_SKCIPHER (git-fixes).
   - dm ioctl: fix misbehavior if list_versions races with module loading
     (git-fixes).
   - dm ioctl: prevent potential spectre v1 gadget (git-fixes).
   - dm space map common: add bounds check to sm_ll_lookup_bitmap()
     (git-fixes).
   - dm space maps: do not reset space map allocation cursor when committing
     (git-fixes).
   - dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
   - dm thin: Fix ABBA deadlock between shrink_slab and
     dm_pool_abort_metadata (git-fixes).
   - dm thin: Fix UAF in run_timer_softirq() (git-fixes).
   - dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
   - dm thin: resume even if in FAIL mode (git-fixes).
   - dm verity: fix require_signatures module_param permissions (git-fixes).
   - dm verity: skip verity work if I/O error when system is shutting down
     (git-fixes).
   - drivers:md:fix a potential use-after-free bug (git-fixes).
   - kabi/severities: add mlx5 internal symbols
   - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
   - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
   - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
   - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
   - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
   - md: protect md_unregister_thread from reentrancy (git-fixes).
   - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
   - nbd: Fix hung on disconnect request if socket is closed before
     (git-fixes).
   - nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
     (git-fixes).
   - nbd: Fix incorrect error handle when first_minor is illegal in
     nbd_dev_add (git-fixes).
   - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
   - nbd: fix io hung while disconnecting device (git-fixes).
   - nbd: fix max value for 'first_minor' (git-fixes).
   - nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
   - nbd: make the config put is called before the notifying the waiter
     (git-fixes).
   - nbd: restore default timeout when setting it to zero (git-fixes).
   - net/mlx5: Allocate individual capability (bsc#1195175).
   - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
   - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175).
   - net/mlx5: Reduce flow counters bulk query buffer size for SFs
     (bsc#1195175).
   - net/mlx5: Reorganize current and maximal capabilities to be per-type
     (bsc#1195175).
   - net/mlx5: Use order-0 allocations for EQs (bsc#1195175).
   - null_blk: fix ida error handling in null_add_dev() (git-fixes).
   - rbd: work around -Wuninitialized warning (git-fixes).
   - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
     (git-fixes).
   - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
     (git-fixes).
   - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
   - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes).
   - scsi: advansys: Fix kernel pointer leak (git-fixes).
   - scsi: aha152x: Fix aha152x_setup() __setup handler return value
     (git-fixes).
   - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
   - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of
     u8 (git-fixes).
   - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
     (git-fixes).
   - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
   - scsi: bnx2fc: Return failure if io_req is already in ABTS processing
     (git-fixes).
   - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
     (git-fixes).
   - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
   - scsi: core: Do not start concurrent async scan on same host (git-fixes).
   - scsi: core: Fix a race between scsi_done() and scsi_timeout()
     (git-fixes).
   - scsi: core: Fix capacity set to zero after offlinining device
     (git-fixes).
   - scsi: core: Fix hang of freezing queue between blocking and running
     device (git-fixes).
   - scsi: core: Fix shost->cmd_per_lun calculation in
     scsi_add_host_with_dma() (git-fixes).
   - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
   - scsi: core: free sgtables in case command setup fails (git-fixes).
   - scsi: core: sysfs: Fix hang when device state is set via sysfs
     (git-fixes).
   - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
   - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
   - scsi: fcoe: Fix possible name leak when device_register() fails
     (git-fixes).
   - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
     (git-fixes).
   - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
   - scsi: fnic: fix use after free (git-fixes).
   - scsi: hisi_sas: Check sas_port before using it (git-fixes).
   - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
     (git-fixes).
   - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
     (git-fixes).
   - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
   - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec()
     (git-fixes).
   - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
   - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
   - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
     (git-fixes).
   - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
   - scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
   - scsi: ipr: Fix missing/incorrect resource cleanup in error case
     (git-fixes).
   - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
   - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
   - scsi: iscsi: Do not destroy session if there are outstanding connections
     (git-fixes).
   - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
   - scsi: iscsi: Do not send data to unbound connection (git-fixes).
   - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
     (git-fixes).
   - scsi: iscsi: Fix shost->max_id use (git-fixes).
   - scsi: iscsi: Report unbind session event when the target has been
     removed (git-fixes).
   - scsi: iscsi: Unblock session then wake up error handler (git-fixes).
   - scsi: libfc: Fix a format specifier (git-fixes).
   - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
   - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
     (git-fixes).
   - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
   - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
   - scsi: megaraid: Fix error check return value of register_chrdev()
     (git-fixes).
   - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
     (git-fixes).
   - scsi: megaraid_sas: Fix double kfree() (git-fixes).
   - scsi: megaraid_sas: Fix resource leak in case of probe failure
     (git-fixes).
   - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs
     (git-fixes).
   - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
   - scsi: mpt3sas: Block PCI config access from userspace during reset
     (git-fixes).
   - scsi: mpt3sas: Fix possible resource leaks in
     mpt3sas_transport_port_add() (git-fixes).
   - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
   - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
   - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
   - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
   - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
   - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
   - scsi: myrs: Fix crash in error case (git-fixes).
   - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
   - scsi: pm: Balance pm_only counter of request queue during system resume
     (git-fixes).
   - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
   - scsi: qedf: Add check to synchronize abort and flush (git-fixes).
   - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
   - scsi: qedf: Fix refcount issue when LOGO is received during TMF
     (git-fixes).
   - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
   - scsi: qedi: Fix failed disconnect handling (git-fixes).
   - scsi: qedi: Fix list_del corruption while removing active I/O
     (git-fixes).
   - scsi: qedi: Fix null ref during abort handling (git-fixes).
   - scsi: qedi: Protect active command list to avoid list corruption
     (git-fixes).
   - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
   - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
     (git-fixes).
   - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper()
     (git-fixes).
   - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
   - scsi: scsi_dh_alua: Check for negative result value (git-fixes).
   - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
   - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
   - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
   - scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
   - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands
     (git-fixes).
   - scsi: sd: Free scsi_disk device via put_device() (git-fixes).
   - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled
     (git-fixes).
   - scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
   - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
   - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
   - scsi: sr: Do not use GFP_DMA (git-fixes).
   - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
   - scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
   - scsi: sr: Return correct event when media event code is 3 (git-fixes).
   - scsi: st: Fix a use after free in st_open() (git-fixes).
   - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
     suspend-to-disk ->poweroff() (git-fixes).
   - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
   - scsi: ufs: Clean up completed request without interrupt notification
     (git-fixes).
   - scsi: ufs: Fix a race condition in the tracing code (git-fixes).
   - scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
   - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
   - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
   - scsi: ufs: Fix irq return code (git-fixes).
   - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
   - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
   - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold()
     (git-fixes).
   - scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
   - scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
   - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
   - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
     (git-fixes).
   - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
   - scsi: ufs: fix potential bug which ends in system hang (git-fixes).
   - scsi: ufs: ufs-qcom: Fix race conditions caused by
     ufs_qcom_testbus_config() (git-fixes).
   - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
     (git-fixes).
   - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
   - scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
   - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
   - sctp: fail if no bound addresses can be used for a given scope
     (bsc#1206677).
   - watchdog: diag288_wdt: do not use stack buffers for hardware data
     (bsc#1207497).
   - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap Micro 5.2:

      zypper in -t patch openSUSE-Leap-Micro-5.2-2023-409=1

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2023-409=1

   - SUSE Manager Server 4.2:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-409=1

   - SUSE Manager Retail Branch Server 4.2:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-409=1

   - SUSE Manager Proxy 4.2:

      zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-409=1

   - SUSE Linux Enterprise Server for SAP 15-SP3:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-409=1

   - SUSE Linux Enterprise Server 15-SP3-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-409=1

   - SUSE Linux Enterprise Realtime Extension 15-SP3:

      zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-409=1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-409=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-409=1

   - SUSE Linux Enterprise Micro 5.1:

      zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-409=1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-409=1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-409=1

   - SUSE Linux Enterprise High Availability 15-SP3:

      zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-409=1

   - SUSE Enterprise Storage 7.1:

      zypper in -t patch SUSE-Storage-7.1-2023-409=1



Package List:

   - openSUSE Leap Micro 5.2 (aarch64 x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1

   - openSUSE Leap 15.4 (aarch64):

      dtb-al-5.3.18-150300.59.112.1
      dtb-zte-5.3.18-150300.59.112.1

   - SUSE Manager Server 4.2 (ppc64le s390x x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Manager Server 4.2 (x86_64):

      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1

   - SUSE Manager Server 4.2 (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1

   - SUSE Manager Server 4.2 (s390x):

      kernel-zfcpdump-5.3.18-150300.59.112.1
      kernel-zfcpdump-debuginfo-5.3.18-150300.59.112.1
      kernel-zfcpdump-debugsource-5.3.18-150300.59.112.1

   - SUSE Manager Retail Branch Server 4.2 (x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1

   - SUSE Manager Retail Branch Server 4.2 (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1

   - SUSE Manager Proxy 4.2 (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1

   - SUSE Manager Proxy 4.2 (x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-obs-build-5.3.18-150300.59.112.1
      kernel-obs-build-debugsource-5.3.18-150300.59.112.1
      kernel-syms-5.3.18-150300.59.112.1
      reiserfs-kmp-default-5.3.18-150300.59.112.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-docs-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1
      kernel-source-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64):

      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-devel-5.3.18-150300.59.112.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-obs-build-5.3.18-150300.59.112.1
      kernel-obs-build-debugsource-5.3.18-150300.59.112.1
      kernel-syms-5.3.18-150300.59.112.1
      reiserfs-kmp-default-5.3.18-150300.59.112.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64):

      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-devel-5.3.18-150300.59.112.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64):

      kernel-64kb-5.3.18-150300.59.112.1
      kernel-64kb-debuginfo-5.3.18-150300.59.112.1
      kernel-64kb-debugsource-5.3.18-150300.59.112.1
      kernel-64kb-devel-5.3.18-150300.59.112.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-docs-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1
      kernel-source-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Server 15-SP3-LTSS (s390x):

      kernel-zfcpdump-5.3.18-150300.59.112.1
      kernel-zfcpdump-debuginfo-5.3.18-150300.59.112.1
      kernel-zfcpdump-debugsource-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-obs-build-5.3.18-150300.59.112.1
      kernel-obs-build-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-devel-5.3.18-150300.59.112.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-syms-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-docs-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1
      kernel-source-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):

      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-livepatch-5.3.18-150300.59.112.1
      kernel-default-livepatch-devel-5.3.18-150300.59.112.1
      kernel-livepatch-5_3_18-150300_59_112-default-1-150300.7.3.1

   - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-obs-build-5.3.18-150300.59.112.1
      kernel-obs-build-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-devel-5.3.18-150300.59.112.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-syms-5.3.18-150300.59.112.1
      reiserfs-kmp-default-5.3.18-150300.59.112.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64):

      kernel-64kb-5.3.18-150300.59.112.1
      kernel-64kb-debuginfo-5.3.18-150300.59.112.1
      kernel-64kb-debugsource-5.3.18-150300.59.112.1
      kernel-64kb-devel-5.3.18-150300.59.112.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-docs-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1
      kernel-source-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-obs-build-5.3.18-150300.59.112.1
      kernel-obs-build-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-devel-5.3.18-150300.59.112.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-syms-5.3.18-150300.59.112.1
      reiserfs-kmp-default-5.3.18-150300.59.112.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64):

      kernel-64kb-5.3.18-150300.59.112.1
      kernel-64kb-debuginfo-5.3.18-150300.59.112.1
      kernel-64kb-debugsource-5.3.18-150300.59.112.1
      kernel-64kb-devel-5.3.18-150300.59.112.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-docs-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1
      kernel-source-5.3.18-150300.59.112.1

   - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):

      cluster-md-kmp-default-5.3.18-150300.59.112.1
      cluster-md-kmp-default-debuginfo-5.3.18-150300.59.112.1
      dlm-kmp-default-5.3.18-150300.59.112.1
      dlm-kmp-default-debuginfo-5.3.18-150300.59.112.1
      gfs2-kmp-default-5.3.18-150300.59.112.1
      gfs2-kmp-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      ocfs2-kmp-default-5.3.18-150300.59.112.1
      ocfs2-kmp-default-debuginfo-5.3.18-150300.59.112.1

   - SUSE Enterprise Storage 7.1 (aarch64 x86_64):

      kernel-default-5.3.18-150300.59.112.1
      kernel-default-base-5.3.18-150300.59.112.1.150300.18.64.1
      kernel-default-debuginfo-5.3.18-150300.59.112.1
      kernel-default-debugsource-5.3.18-150300.59.112.1
      kernel-default-devel-5.3.18-150300.59.112.1
      kernel-default-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-obs-build-5.3.18-150300.59.112.1
      kernel-obs-build-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-5.3.18-150300.59.112.1
      kernel-preempt-debuginfo-5.3.18-150300.59.112.1
      kernel-preempt-debugsource-5.3.18-150300.59.112.1
      kernel-preempt-devel-5.3.18-150300.59.112.1
      kernel-preempt-devel-debuginfo-5.3.18-150300.59.112.1
      kernel-syms-5.3.18-150300.59.112.1
      reiserfs-kmp-default-5.3.18-150300.59.112.1
      reiserfs-kmp-default-debuginfo-5.3.18-150300.59.112.1

   - SUSE Enterprise Storage 7.1 (aarch64):

      kernel-64kb-5.3.18-150300.59.112.1
      kernel-64kb-debuginfo-5.3.18-150300.59.112.1
      kernel-64kb-debugsource-5.3.18-150300.59.112.1
      kernel-64kb-devel-5.3.18-150300.59.112.1
      kernel-64kb-devel-debuginfo-5.3.18-150300.59.112.1

   - SUSE Enterprise Storage 7.1 (noarch):

      kernel-devel-5.3.18-150300.59.112.1
      kernel-docs-5.3.18-150300.59.112.1
      kernel-macros-5.3.18-150300.59.112.1
      kernel-source-5.3.18-150300.59.112.1


References:

   https://www.suse.com/security/cve/CVE-2022-3606.html
   https://www.suse.com/security/cve/CVE-2023-0179.html
   https://bugzilla.suse.com/1195175
   https://bugzilla.suse.com/1204502
   https://bugzilla.suse.com/1206677
   https://bugzilla.suse.com/1207034
   https://bugzilla.suse.com/1207497
   https://bugzilla.suse.com/1207508
   https://bugzilla.suse.com/1207769
   https://bugzilla.suse.com/1207878



More information about the sle-security-updates mailing list