SUSE-SU-2023:0433-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Feb 16 11:23:44 UTC 2023
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0433-1
Rating: important
References: #1065729 #1185861 #1185863 #1186449 #1191256
#1192868 #1193629 #1194869 #1195175 #1195655
#1196058 #1199701 #1204063 #1204356 #1204662
#1205495 #1206006 #1206036 #1206056 #1206057
#1206258 #1206363 #1206459 #1206616 #1206677
#1206784 #1207010 #1207034 #1207036 #1207050
#1207125 #1207134 #1207149 #1207158 #1207184
#1207186 #1207190 #1207237 #1207263 #1207269
#1207497 #1207500 #1207501 #1207506 #1207507
#1207734 #1207769 #1207795 #1207842 #1207878
#1207933 SLE-21132 SLE-24682
Cross-References: CVE-2020-24588 CVE-2022-4382 CVE-2022-47929
CVE-2023-0122 CVE-2023-0179 CVE-2023-0266
CVE-2023-0590 CVE-2023-23454 CVE-2023-23455
CVSS scores:
CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-4382 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-4382 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2023-0122 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-0122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-0266 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-0266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-0590 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23455 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-23455 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that solves 9 vulnerabilities, contains two
features and has 42 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
net/sched/sch_atm.c because of type confusion (non-negative numbers can
sometimes indicate a TC_ACT_SHOT condition rather than valid
classification results) (bsc#1207125).
- CVE-2023-23454: Fixed denial or service in cbq_classify in
net/sched/sch_cbq.c (bnc#1207036).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that
could have been used in a use-after-free that could have resulted in a
priviledge escalation to gain ring0 access from the system user
(bsc#1207134).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header
bits (bsc#1207034).
- CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in
nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth
Denial of Service (DoS) attack on a remote machine (bnc#1207050).
- CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race
condition among the superblock operations inside the gadgetfs code
(bsc#1206258).
- CVE-2020-24588: Fixed injection of arbitrary network packets against
devices that support receiving non-SSP A-MSDU frames (which is mandatory
as part of 802.11n) (bsc#1199701).
The following non-security bugs were fixed:
- ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
- ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
- ACPI: PRM: Check whether EFI runtime is available (git-fixes).
- ACPICA: Allow address_space_handler Install and _REG execution as 2
separate steps (bsc#1207149).
- ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- ALSA: control-led: use strscpy in set_led_id() (git-fixes).
- ALSA: hda - Enable headset mic on another Dell laptop with ALC3254
(git-fixes).
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes).
- ALSA: hda/realtek - Turn on power early (git-fixes).
- ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP
platform (git-fixes).
- ALSA: hda/via: Avoid potential array out-of-bound in
add_secret_dac_path() (git-fixes).
- ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle
(git-fixes).
- ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume
(git-fixes).
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
(git-fixes).
- ALSA: usb-audio: Make sure to stop endpoints before closing EPs
(git-fixes).
- ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes).
- ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
- ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- ARM: imx: add missing of_node_put() (git-fixes).
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
(git-fixes).
- ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
(git-fixes).
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
- ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC
(git-fixes).
- ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes).
- ASoC: wm8904: fix wrong outputs volume after power reactivation
(git-fixes).
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
- Documentation: Remove bogus claim about del_timer_sync() (git-fixes).
- HID: betop: check shape of output reports (git-fixes).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: check empty report_list in bigben_probe() (git-fixes).
- HID: check empty report_list in hid_validate_values() (git-fixes).
- HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784).
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
- HID: playstation: sanity check DualSense calibration data (git-fixes).
- HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
- IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
- IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
- IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
- IB/hfi1: Reserve user expected TIDs (git-fixes)
- IB/mad: Do not call to function that might sleep while in atomic context
(git-fixes).
- KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init()
(bsc#1206616).
- PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP
(bsc#1207269).
- PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- RDMA/core: Fix ib block iterator counter overflow (git-fixes)
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- RDMA/rxe: Prevent faulty rkey generation (git-fixes)
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- Revert "ARM: dts: armada-38x: Fix compatible string for gpios"
(git-fixes).
- Revert "ARM: dts: armada-39x: Fix compatible string for gpios"
(git-fixes).
- Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to
RMI mode" (git-fixes).
- Revert "Revert "block, bfq: honor already-setup queue merges""
(git-fixes).
- Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0"
(git-fixes).
- Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
(git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- USB: gadget: Fix use-after-free during usb config switch (git-fixes).
- USB: misc: iowarrior: fix up header size for
USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- VMCI: Use threaded irqs instead of tasklets (git-fixes).
- arm64: atomics: format whitespace consistently (git-fixes).
- arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity
(git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported
(git-fixes).
- ath11k: Fix unexpected return buffer manager error for QCA6390
(git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices
(git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- blk-throttle: prevent overflow while calculating wait time (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled
(git-fixes).
- block, bfq: do not move oom_bfqq (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: check minor range in device_add_disk() (git-fixes).
- block: ensure iov_iter advances for added pages (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices
(git-fixes).
- block: use bdev_get_queue() in bio.c (git-fixes).
- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
(git-fixes).
- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
- bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
(git-fixes).
- bnxt_en: fix the handling of PCIE-AER (git-fixes).
- bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
- btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
- btrfs: avoid inode logging during rename and link when possible
(bsc#1207263).
- btrfs: avoid logging all directory changes during renames (bsc#1207263).
- btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5
(bsc#1206036 bsc#1207500 ltc#201363).
- btrfs: do not log unnecessary boundary keys when logging directory
(bsc#1207263).
- btrfs: fix assertion failure when logging directory key range item
(bsc#1207263).
- btrfs: fix processing of delayed data refs during backref walking
(bsc#1206056 bsc#1207507 ltc#201367).
- btrfs: fix processing of delayed tree block refs during backref walking
(bsc#1206057 bsc#1207506 ltc#201368).
- btrfs: fix race between quota enable and quota rescan ioctl
(bsc#1207158).
- btrfs: fix race between quota rescan and disable leading to NULL pointer
deref (bsc#1207158).
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
- btrfs: join running log transaction when logging new name (bsc#1207263).
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from
btrfs_qgroup_rescan_worker (bsc#1207158).
- btrfs: pass the dentry to btrfs_log_new_name() instead of the inode
(bsc#1207263).
- btrfs: prepare extents to be logged before locking a log tree path
(bsc#1207263).
- btrfs: put initial index value of a directory in a constant
(bsc#1207263).
- btrfs: qgroup: remove duplicated check in adding qgroup relations
(bsc#1207158).
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- btrfs: remove unnecessary NULL check for the new inode during rename
exchange (bsc#1207263).
- btrfs: remove useless path release in the fast fsync path (bsc#1207263).
- btrfs: remove write and wait of struct walk_control (bsc#1207263).
- btrfs: stop copying old dir items when logging a directory (bsc#1207263).
- btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
- btrfs: stop trying to log subdirectories created in past transactions
(bsc#1207263).
- btrfs: use single variable to track return value at btrfs_log_inode()
(bsc#1207263).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
(git-fixes).
- cifs: Fix uninitialized memory read for smb311 posix symlink create
(git-fixes).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- cifs: do not include page data when checking signature (git-fixes).
- cifs: do not query ifaces on smb1 mounts (git-fixes).
- cifs: don't take exclusive lock for updating target hints (bsc#1193629).
- cifs: fix double free on failed kerberos auth (git-fixes).
- cifs: fix file info setting in cifs_open_file() (git-fixes).
- cifs: fix file info setting in cifs_query_path_info() (git-fixes).
- cifs: fix potential deadlock in cache_refresh_path() (git-fixes).
- cifs: fix potential memory leaks in session setup (bsc#1193629).
- cifs: fix race in assemble_neg_contexts() (bsc#1193629).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
(bsc#1193629).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname}
(bsc#1193629).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- cifs: remove redundant assignment to the variable match (bsc#1193629).
- cifs: remove unused function (bsc#1193629).
- comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
- config: arm64: Fix Freescale LPUART dependency (boo#1204063).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- crypto: fixed DH and ECDH implemention for FIPS PCT
(jsc#SLE-21132,bsc#1191256,bsc#1207184).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading
(git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dmaengine: Fix double increment of client_count in dma_chan_get()
(git-fixes).
- dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable
(git-fixes).
- dmaengine: idxd: Let probe fail when workqueue cannot be enabled
(git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
(git-fixes).
- dmaengine: lgm: Move DT parsing after initialization (git-fixes).
- dmaengine: tegra210-adma: fix global intr clear (git-fixes).
- dmaengine: ti: k3-udma: Do conditional decrement of
UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
- dmaengine: xilinx_dma: call of_node_put() when breaking out of
for_each_child_of_node() (git-fixes).
- docs: Fix the docs build with Sphinx 6.0 (git-fixes).
- driver core: Fix test_async_probe_init saves device in wrong array
(git-fixes).
- drivers: net: xgene: disable napi when register irq failed in
xgene_enet_open() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- drm/amd/display: Calculate output_color_space after pixel encoding
adjustment (git-fixes).
- drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/amd/display: Take emulated dc_sink into account for HDCP
(bsc#1207734).
- drm/amd/display: fix issues with driver unload (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without delay
(git-fixes).
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2)
(git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- drm/hyperv: Add error message for fb size greater than allocated
(git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- drm/i915/gt: Reset twice (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument types
(git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
- drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes).
- drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux
transfer (git-fixes).
- drm/msm: another fix for the headless Adreno GPU (git-fixes).
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
- dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes).
- dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix description of core clock
(git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix operating-points-v2
constraint (git-fixes).
- dt-bindings: msm: dsi-phy-28nm: Add missing qcom,
dsi-phy-regulator-ldo-mode (git-fixes).
- efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
- efi: fix userspace infinite retry read efivars after EFI runtime
services page fault (git-fixes).
- efi: rt-wrapper: Add missing include (git-fixes).
- efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
- ext4: Fixup pages without buffers (bsc#1205495).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- firewire: fix memory leak for payload of request subaction to IEC
61883-1 FCP region (git-fixes).
- firmware: arm_scmi: Harden shared memory access in fetch_notification
(git-fixes).
- firmware: arm_scmi: Harden shared memory access in fetch_response
(git-fixes).
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
(git-fixes).
- fs: remove __sync_filesystem (git-fixes).
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
- git_sort: add usb-linus branch for gregkh/usb
- gsmi: fix null-deref in gsmi_get_variable (git-fixes).
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap()
(git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
- i40e: Fix error handling in i40e_init_module() (git-fixes).
- i40e: Fix not setting default xps_cpus after reset (git-fixes).
- igb: Allocate MSI-X vector when testing (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path
(git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode assignment
(git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
(git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor
(git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
(git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
(git-fixes).
- ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to
network (git-fixes).
- ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
- jbd2: use the correct print format (git-fixes).
- kABI workaround for struct acpi_ec (bsc#1207149).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- kabi/severities: add mlx5 internal symbols
- l2tp: Do not sleep and disable BH under writer-side sk_callback_lock
(git-fixes).
- loop: Fix the max_loop commandline argument treatment when it is set to
0 (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mei: me: add meteor lake point M DID (git-fixes).
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in
atmel_ramc_probe() (git-fixes).
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in
mvebu_devbus_probe() (git-fixes).
- memory: tegra: Remove clients SID override programming (git-fixes).
- misc: fastrpc: Do not remove map on creater_process and device_release
(git-fixes).
- misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
- mm: compaction: support triggering of proactive compaction by user
(bsc#1207010).
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
(git-fixes).
- mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
- mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
- mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in
mt7921_mcu_tx_done_event (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
(git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
(git-fixes).
- net: ena: Fix error handling in ena_init() (git-fixes).
- net: liquidio: release resources when liquidio driver open failed
(git-fixes).
- net: liquidio: simplify if expression (git-fixes).
- net: macvlan: Use built-in RCU list checking (git-fixes).
- net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes).
- net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes).
- net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
(git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access
(git-fixes).
- net: tun: Fix memory leaks of napi_get_frags (git-fixes).
- net: tun: Fix use-after-free in tun_detach() (git-fixes).
- net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem
(git-fixes).
- net: usb: sr9700: Handle negative len (git-fixes).
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and
unmap_si_regs (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected socket
(git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- octeontx2-af: Fix reference count issue in rvu_sdp_init()
(jsc#SLE-24682).
- octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
- octeontx2-pf: Add check for devm_kcalloc (git-fixes).
- octeontx2-pf: Fix potential memory leak in otx2_init_tc()
(jsc#SLE-24682).
- of/address: Return an error when no valid dma-ranges are found
(git-fixes).
- phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence"
(git-fixes).
- phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes).
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in
rockchip_usb2phy_power_on() (git-fixes).
- phy: ti: fix Kconfig warning and operator precedence (git-fixes).
- pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
- pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
- platform/surface: aggregator: Add missing call to
ssam_request_sync_free() (git-fixes).
- platform/surface: aggregator: Ignore command messages not intended for
us (git-fixes).
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK
(git-fixes).
- platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting
(git-fixes).
- platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if
present (git-fixes).
- platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight
during probe (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD
(git-fixes).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel
(bsc#1194869).
- powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655
ltc#1195655 git-fixes).
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate
(bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size estimation
(bsc#1194869).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary
(bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
(bsc#1194869).
- powerpc: move __end_rodata to cover arch read-only sections
(bsc#1194869).
- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
- regulator: da9211: Use irq handler when ready (git-fixes).
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- s390/qeth: fix various format strings (git-fixes).
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- scsi: Revert "scsi: core: map PQ=1, PDT=other values to
SCSI_SCAN_TARGET_PRESENT" (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
(git-fixes).
- scsi: efct: Fix possible memleak in efct_device_init() (git-fixes).
- scsi: elx: libefc: Fix second parameter type in state callbacks
(git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails
(git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
(git-fixes).
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
(git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper()
(git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
(bsc#1206006).
- scsi: tracing: Fix compile error in trace_array calls when TRACING is
disabled (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error handler
(git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- serial: atmel: fix incorrect baudrate setup (git-fixes).
- serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
- sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes).
- soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi without
locking (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower case
(git-fixes).
- staging: vchiq_arm: fix enum vchiq_status return types (git-fixes).
- swim3: add missing major.h include (git-fixes).
- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes).
- thermal/core: Remove duplicate information when an error occurs
(git-fixes).
- thunderbolt: Do not call PM runtime functions in tb_retimer_scan()
(git-fixes).
- thunderbolt: Do not report errors if on-board retimers are found
(git-fixes).
- thunderbolt: Use correct function to calculate maximum USB3 link rate
(git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
- tick/sched: Fix non-kernel-doc comment (git-fixes).
- tomoyo: fix broken dependency on *.conf.default (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
- tracing/hist: Fix issue of losting command info in error_log (git-fixes).
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
(git-fixes).
- tracing/hist: Fix wrong return value in parse_action_params()
(git-fixes).
- tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
(git-fixes).
- tracing/probes: Handle system names with hyphens (git-fixes).
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- tracing: Add trace_event helper macros __string_len() and
__assign_str_len() (git-fixes).
- tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing: Do not use out-of-sync va_list in event printing (git-fixes).
- tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
- tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
(git-fixes).
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line (git-fixes).
- tracing: Fix issue of missing one synthetic field (git-fixes).
- tracing: Fix mismatched comment in __string_len (git-fixes).
- tracing: Fix possible memory leak in __create_synth_event() error path
(git-fixes).
- tracing: Fix race where histograms can be called before the event
(git-fixes).
- tracing: Fix sleeping function called from invalid context on RT kernel
(git-fixes).
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot
(git-fixes).
- tracing: Fix warning on variable 'struct trace_array' (git-fixes).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well
(git-fixes).
- tracing: Have syscall trace events use trace_event_buffer_lock_reserve()
(git-fixes).
- tracing: Have type enum modifications copy the strings (git-fixes).
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- tracing: Use alignof__(struct {type b;}) instead of offsetof()
(git-fixes).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
(git-fixes).
- tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes).
- tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer
(git-fixes).
- usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
(git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi _DSM
(git-fixes).
- usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
- usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
(git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
(git-fixes).
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
(git-fixes).
- usb: gadget: g_webcam: Send color matching descriptor per frame
(git-fixes).
- usb: gadget: udc: core: Print error code in usb_gadget_probe_driver()
(git-fixes).
- usb: gadget: udc: core: Revise comments for USB ep enable/disable
(git-fixes).
- usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
- usb: gadget: udc: core: remove usage of list iterator past the loop body
(git-fixes).
- usb: host: ehci-fsl: Fix module alias (git-fixes).
- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation
(git-fixes).
- usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail
(git-fixes).
- usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid
UAF (git-fixes).
- vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
- virtio-blk: modify the value type of num in virtio_queue_rq()
(git-fixes).
- virtio-net: correctly enable callback during start_xmit (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- w1: fix WARNING after calling w1_process() (git-fixes).
- w1: fix deadloop in __w1_remove_master_device() (git-fixes).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- watchdog: diag288_wdt: do not use stack buffers for hardware data
(bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
(git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
- wifi: mt76: mt7921: add mt7921_mutex_acquire at
mt7921_sta_set_decap_offload (git-fixes).
- wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
(git-fixes).
- wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
- wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes).
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
(git-fixes).
- x86/hyperv: Restore VP assist page after cpu offlining/onlining
(git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init()
(git-fixes).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: xfstest fails with error missing kernel patch (git-fixes
bsc#1207501 ltc#201370).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- zram: Delete patch for regression addressed (bsc#1207933).
- zram: do not lookup algorithm in backends table (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-433=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2023-433=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-433=1
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-433=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-433=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-433=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-433=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2023-433=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-433=1
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
kernel-default-5.14.21-150400.24.46.1
kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.14.21-150400.24.46.1
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.46.1
dlm-kmp-default-5.14.21-150400.24.46.1
dlm-kmp-default-debuginfo-5.14.21-150400.24.46.1
gfs2-kmp-default-5.14.21-150400.24.46.1
gfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-5.14.21-150400.24.46.1
kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3
kernel-default-base-rebuild-5.14.21-150400.24.46.1.150400.24.17.3
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
kernel-default-devel-5.14.21-150400.24.46.1
kernel-default-devel-debuginfo-5.14.21-150400.24.46.1
kernel-default-extra-5.14.21-150400.24.46.1
kernel-default-extra-debuginfo-5.14.21-150400.24.46.1
kernel-default-livepatch-5.14.21-150400.24.46.1
kernel-default-livepatch-devel-5.14.21-150400.24.46.1
kernel-default-optional-5.14.21-150400.24.46.1
kernel-default-optional-debuginfo-5.14.21-150400.24.46.1
kernel-obs-build-5.14.21-150400.24.46.1
kernel-obs-build-debugsource-5.14.21-150400.24.46.1
kernel-obs-qa-5.14.21-150400.24.46.1
kernel-syms-5.14.21-150400.24.46.1
kselftests-kmp-default-5.14.21-150400.24.46.1
kselftests-kmp-default-debuginfo-5.14.21-150400.24.46.1
ocfs2-kmp-default-5.14.21-150400.24.46.1
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1
reiserfs-kmp-default-5.14.21-150400.24.46.1
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.46.1
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
kernel-kvmsmall-5.14.21-150400.24.46.1
kernel-kvmsmall-debuginfo-5.14.21-150400.24.46.1
kernel-kvmsmall-debugsource-5.14.21-150400.24.46.1
kernel-kvmsmall-devel-5.14.21-150400.24.46.1
kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.46.1
kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.46.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-5.14.21-150400.24.46.1
kernel-debug-debuginfo-5.14.21-150400.24.46.1
kernel-debug-debugsource-5.14.21-150400.24.46.1
kernel-debug-devel-5.14.21-150400.24.46.1
kernel-debug-devel-debuginfo-5.14.21-150400.24.46.1
kernel-debug-livepatch-devel-5.14.21-150400.24.46.1
- openSUSE Leap 15.4 (aarch64):
cluster-md-kmp-64kb-5.14.21-150400.24.46.1
cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.46.1
dlm-kmp-64kb-5.14.21-150400.24.46.1
dlm-kmp-64kb-debuginfo-5.14.21-150400.24.46.1
dtb-allwinner-5.14.21-150400.24.46.1
dtb-altera-5.14.21-150400.24.46.1
dtb-amazon-5.14.21-150400.24.46.1
dtb-amd-5.14.21-150400.24.46.1
dtb-amlogic-5.14.21-150400.24.46.1
dtb-apm-5.14.21-150400.24.46.1
dtb-apple-5.14.21-150400.24.46.1
dtb-arm-5.14.21-150400.24.46.1
dtb-broadcom-5.14.21-150400.24.46.1
dtb-cavium-5.14.21-150400.24.46.1
dtb-exynos-5.14.21-150400.24.46.1
dtb-freescale-5.14.21-150400.24.46.1
dtb-hisilicon-5.14.21-150400.24.46.1
dtb-lg-5.14.21-150400.24.46.1
dtb-marvell-5.14.21-150400.24.46.1
dtb-mediatek-5.14.21-150400.24.46.1
dtb-nvidia-5.14.21-150400.24.46.1
dtb-qcom-5.14.21-150400.24.46.1
dtb-renesas-5.14.21-150400.24.46.1
dtb-rockchip-5.14.21-150400.24.46.1
dtb-socionext-5.14.21-150400.24.46.1
dtb-sprd-5.14.21-150400.24.46.1
dtb-xilinx-5.14.21-150400.24.46.1
gfs2-kmp-64kb-5.14.21-150400.24.46.1
gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.46.1
kernel-64kb-5.14.21-150400.24.46.1
kernel-64kb-debuginfo-5.14.21-150400.24.46.1
kernel-64kb-debugsource-5.14.21-150400.24.46.1
kernel-64kb-devel-5.14.21-150400.24.46.1
kernel-64kb-devel-debuginfo-5.14.21-150400.24.46.1
kernel-64kb-extra-5.14.21-150400.24.46.1
kernel-64kb-extra-debuginfo-5.14.21-150400.24.46.1
kernel-64kb-livepatch-devel-5.14.21-150400.24.46.1
kernel-64kb-optional-5.14.21-150400.24.46.1
kernel-64kb-optional-debuginfo-5.14.21-150400.24.46.1
kselftests-kmp-64kb-5.14.21-150400.24.46.1
kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.46.1
ocfs2-kmp-64kb-5.14.21-150400.24.46.1
ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.46.1
reiserfs-kmp-64kb-5.14.21-150400.24.46.1
reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.46.1
- openSUSE Leap 15.4 (noarch):
kernel-devel-5.14.21-150400.24.46.1
kernel-docs-5.14.21-150400.24.46.2
kernel-docs-html-5.14.21-150400.24.46.2
kernel-macros-5.14.21-150400.24.46.1
kernel-source-5.14.21-150400.24.46.1
kernel-source-vanilla-5.14.21-150400.24.46.1
- openSUSE Leap 15.4 (s390x):
kernel-zfcpdump-5.14.21-150400.24.46.1
kernel-zfcpdump-debuginfo-5.14.21-150400.24.46.1
kernel-zfcpdump-debugsource-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
kernel-default-extra-5.14.21-150400.24.46.1
kernel-default-extra-debuginfo-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
kernel-default-livepatch-5.14.21-150400.24.46.1
kernel-default-livepatch-devel-5.14.21-150400.24.46.1
kernel-livepatch-5_14_21-150400_24_46-default-1-150400.9.3.3
kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-1-150400.9.3.3
kernel-livepatch-SLE15-SP4_Update_8-debugsource-1-150400.9.3.3
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
reiserfs-kmp-default-5.14.21-150400.24.46.1
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.14.21-150400.24.46.1
kernel-obs-build-debugsource-5.14.21-150400.24.46.1
kernel-syms-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
kernel-docs-5.14.21-150400.24.46.2
kernel-source-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
kernel-default-5.14.21-150400.24.46.1
kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
kernel-default-devel-5.14.21-150400.24.46.1
kernel-default-devel-debuginfo-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64):
kernel-64kb-5.14.21-150400.24.46.1
kernel-64kb-debuginfo-5.14.21-150400.24.46.1
kernel-64kb-debugsource-5.14.21-150400.24.46.1
kernel-64kb-devel-5.14.21-150400.24.46.1
kernel-64kb-devel-debuginfo-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
kernel-devel-5.14.21-150400.24.46.1
kernel-macros-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x):
kernel-zfcpdump-5.14.21-150400.24.46.1
kernel-zfcpdump-debuginfo-5.14.21-150400.24.46.1
kernel-zfcpdump-debugsource-5.14.21-150400.24.46.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
kernel-default-5.14.21-150400.24.46.1
kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.14.21-150400.24.46.1
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.46.1
dlm-kmp-default-5.14.21-150400.24.46.1
dlm-kmp-default-debuginfo-5.14.21-150400.24.46.1
gfs2-kmp-default-5.14.21-150400.24.46.1
gfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debuginfo-5.14.21-150400.24.46.1
kernel-default-debugsource-5.14.21-150400.24.46.1
ocfs2-kmp-default-5.14.21-150400.24.46.1
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1
References:
https://www.suse.com/security/cve/CVE-2020-24588.html
https://www.suse.com/security/cve/CVE-2022-4382.html
https://www.suse.com/security/cve/CVE-2022-47929.html
https://www.suse.com/security/cve/CVE-2023-0122.html
https://www.suse.com/security/cve/CVE-2023-0179.html
https://www.suse.com/security/cve/CVE-2023-0266.html
https://www.suse.com/security/cve/CVE-2023-0590.html
https://www.suse.com/security/cve/CVE-2023-23454.html
https://www.suse.com/security/cve/CVE-2023-23455.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1185861
https://bugzilla.suse.com/1185863
https://bugzilla.suse.com/1186449
https://bugzilla.suse.com/1191256
https://bugzilla.suse.com/1192868
https://bugzilla.suse.com/1193629
https://bugzilla.suse.com/1194869
https://bugzilla.suse.com/1195175
https://bugzilla.suse.com/1195655
https://bugzilla.suse.com/1196058
https://bugzilla.suse.com/1199701
https://bugzilla.suse.com/1204063
https://bugzilla.suse.com/1204356
https://bugzilla.suse.com/1204662
https://bugzilla.suse.com/1205495
https://bugzilla.suse.com/1206006
https://bugzilla.suse.com/1206036
https://bugzilla.suse.com/1206056
https://bugzilla.suse.com/1206057
https://bugzilla.suse.com/1206258
https://bugzilla.suse.com/1206363
https://bugzilla.suse.com/1206459
https://bugzilla.suse.com/1206616
https://bugzilla.suse.com/1206677
https://bugzilla.suse.com/1206784
https://bugzilla.suse.com/1207010
https://bugzilla.suse.com/1207034
https://bugzilla.suse.com/1207036
https://bugzilla.suse.com/1207050
https://bugzilla.suse.com/1207125
https://bugzilla.suse.com/1207134
https://bugzilla.suse.com/1207149
https://bugzilla.suse.com/1207158
https://bugzilla.suse.com/1207184
https://bugzilla.suse.com/1207186
https://bugzilla.suse.com/1207190
https://bugzilla.suse.com/1207237
https://bugzilla.suse.com/1207263
https://bugzilla.suse.com/1207269
https://bugzilla.suse.com/1207497
https://bugzilla.suse.com/1207500
https://bugzilla.suse.com/1207501
https://bugzilla.suse.com/1207506
https://bugzilla.suse.com/1207507
https://bugzilla.suse.com/1207734
https://bugzilla.suse.com/1207769
https://bugzilla.suse.com/1207795
https://bugzilla.suse.com/1207842
https://bugzilla.suse.com/1207878
https://bugzilla.suse.com/1207933
More information about the sle-security-updates
mailing list