SUSE-SU-2023:0145-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jan 26 11:20:25 UTC 2023


   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0145-1
Rating:             important
References:         #1065729 #1203740 #1204250 #1205695 #1206073 
                    #1206344 #1206389 #1206395 #1206664 #1207036 
                    #1207168 #1207195 PED-568 
Cross-References:   CVE-2022-3107 CVE-2022-3108 CVE-2022-3564
                    CVE-2022-4662 CVE-2023-23454
CVSS scores:
                    CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Live Patching 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________

   An update that solves 5 vulnerabilities, contains one
   feature and has 7 fixes is now available.

Description:


   The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that
     can cause the kernel to deadlock. (bsc#1206664)
   - CVE-2022-3564: Fixed a bug which could lead to use after free, it was
     found in the function l2cap_reassemble_sdu of the file
     net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
   - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in
     drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the
     return value of kmemdup() could lead to a NULL pointer dereference.
     (bsc#1206389)
   - CVE-2023-23454: Fixed a type confusion bug in the CBQ network scheduler
     which could lead to a use-after-free (bsc#1207036)
   - CVE-2022-3107: Fixed a null pointer dereference caused by a missing
     check of the return value of kvmalloc_array. (bsc#1206395)

   The following non-security bugs were fixed:

   - arm64: alternative: Use true and false for boolean values (git-fixes)
   - arm64: cmpwait: Clear event register before arming exclusive monitor
     (git-fixes)
   - arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes)
   - arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes)
   - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
     (git-fixes)
   - arm64: ftrace: do not adjust the LR value (git-fixes)
   - arm64: io: Ensure calls to delay routines are ordered against prior
     (git-fixes)
   - arm64: io: Ensure value passed to __iormb() is held in a 64-bit
     (git-fixes)
   - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm
     (git-fixes)
   - arm64: make secondary_start_kernel() notrace (git-fixes)
   - arm64: makefile fix build of .i file in external module case (git-fixes)
   - arm64: ptrace: remove addr_limit manipulation (git-fixes)
   - arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes)
   - arm64: smp: Handle errors reported by the firmware (git-fixes)
   - arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes)
   - Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
   - CDC-NCM: remove "connected" log message (git-fixes).
   - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
     (bsc#1207195).
   - flexfiles: enforce per-mirror stateid only for v4 DSes (git-fixes).
   - flexfiles: use per-mirror specified stateid for IO (git-fixes).
   - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
     (git-fixes).
   - ibmveth: Always stop tx queues during close (bsc#1065729).
   - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
     (bsc#1207168).
   - kABI: mitigate new ufs_stats field (git-fixes).
   - lockd: fix decoding of TEST results (git-fixes).
   - media: Do not let tvp5150_get_vbi() go out of vbi_ram_default array
     (git-fixes).
   - media: i2c: tvp5150: remove useless variable assignment in
     tvp5150_set_vbi() (git-fixes).
   - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
   - memcg: Fix possible use-after-free in memcg_write_event_control()
     (bsc#1206344).
   - mm, page_alloc: avoid expensive reclaim when compaction may not succeed
     (bsc#1204250).
   - module: set MODULE_STATE_GOING state when a module fails to load
     (git-fixes).
   - move new members of struct usbnet to end (git-fixes).
   - net :sunrpc :clnt :Fix xps refcount imbalance on the error path
     (git-fixes).
   - net: kalmia: clean up bind error path (git-fixes).
   - net: kalmia: fix memory leaks (git-fixes).
   - net: sched: atm: dont intepret cls results when asked to drop
     (bsc#1207036).
   - net: sched: cbq: dont intepret cls results when asked to drop
     (bsc#1207036).
   - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
   - net: usb: asix: ax88772_bind return error when hw_reset fail (git-fixes).
   - net: usb: asix: init MAC address buffers (git-fixes).
   - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
   - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
   - net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes).
   - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
   - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
     (git-fixes).
   - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
   - net: usb: rtl8150: demote allmulti message to dev_dbg() (git-fixes).
   - net/usb/kalmia: use ARRAY_SIZE for various array sizing calculations
     (git-fixes).
   - NFS Handle missing attributes in OPEN reply (bsc#1203740).
   - NFS: Correct size calculation for create reply length (git-fixes).
   - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
     (git-fixes).
   - NFS: Fix an Oops in nfs_d_automount() (git-fixes).
   - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
     (git-fixes).
   - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
   - NFS: Fix NULL pointer dereference of dev_name (git-fixes).
   - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
   - NFS: nfs_compare_mount_options always compare auth flavors (git-fixes).
   - NFS: nfs_find_open_context() may only select open files (git-fixes).
   - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes).
   - NFS: swap IO handling is slightly different for O_DIRECT IO (git-fixes).
   - NFS: swap-out must always use STABLE writes (git-fixes).
   - NFS: we do not support removing system.nfs4_acl (git-fixes).
   - NFS4: Fix kmemleak when allocate slot failed (git-fixes).
   - NFSD: allow fh_want_write to be called twice (git-fixes).
   - NFSD: fix a warning in __cld_pipe_upcall() (git-fixes).
   - NFSD: Fix svc_xprt refcnt leak when setup callback client failed
     (git-fixes).
   - NFSD: fix wrong check in write_v4_end_grace() (git-fixes).
   - NFSD: Keep existing listeners on portlist error (git-fixes).
   - NFSD: Return EPERM, not EACCES, in some SETATTR cases (git-fixes).
   - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
     (git-fixes).
   - NFSD4: fix crash on writing v4_end_grace before nfsd startup (git-fixes).
   - NFSv2: Fix eof handling (git-fixes).
   - NFSv2: Fix write regression (git-fixes).
   - NFSv4 expose nfs_parse_server_name function (git-fixes).
   - NFSv4 only print the label when its queried (git-fixes).
   - NFSv4 remove zero number of fs_locations entries error check (git-fixes).
   - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
     (git-fixes).
   - NFSv4: Fix open create exclusive when the server reboots (git-fixes).
   - NFSv4: Fix return value in nfs_finish_open() (git-fixes).
   - NFSv4: Fix return values for nfs4_file_open() (git-fixes).
   - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation
     recall (git-fixes).
   - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
   - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
   - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
   - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
     (git-fixes).
   - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
   - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
   - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
   - NFSv4.x: Fail client initialisation if state manager thread can't run
     (git-fixes).
   - NFSv4.x: fix lock recovery during delegation recall (git-fixes).
   - NFSv4/pNFS: Always return layout stats on layout return for flexfiles
     (git-fixes).
   - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process()
     (git-fixes).
   - powerpc: Force inlining of cpu_has_feature() to avoid build failure
     (bsc#1065729).
   - powerpc: improve handling of unrecoverable system reset (bsc#1065729).
   - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
     (bsc#1065729).
   - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
   - powerpc/64/module: REL32 relocation range check (bsc#1065729).
   - powerpc/64s/hash: Fix stab_rr off by one initialization (bsc#1065729).
   - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
   - powerpc/boot: Disable vector instructions (bsc#1065729).
   - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1065729).
   - powerpc/boot: Fix 64-bit boot wrapper build with non-biarch compiler
     (bsc#1065729).
   - powerpc/boot: Fix missing check of lseek() return value (bsc#1065729).
   - powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
   - powerpc/crashkernel: Take "mem=" option into account (bsc#1065729).
   - powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() (bsc#1065729).
   - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field (bsc#1065729).
   - powerpc/eeh: Only dump stack once if an MMIO loop is detected
     (bsc#1065729).
   - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this
     function (bsc#1065729).
   - powerpc/iommu: Avoid derefence before pointer check (bsc#1065729).
   - powerpc/mm: Make NULL pointer deferences explicit on bad page faults
     (bsc#1065729).
   - powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
   - powerpc/pci/of: Fix OF flags parsing for 64bit BARs (bsc#1065729).
   - powerpc/perf: callchain validate kernel stack pointer bounds
     (bsc#1065729).
   - powerpc/powernv: add missing of_node_put (bsc#1065729).
   - powerpc/powernv: opal_put_chars partial write fix (bsc#1065729).
   - powerpc/powernv/eeh/npu: Fix uninitialized variables in
     opal_pci_eeh_freeze_status (bsc#1065729).
   - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE
     number (bsc#1065729).
   - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
   - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bsc#1065729).
   - powerpc/pseries: Fix node leak in update_lmb_associativity_index()
     (bsc#1065729).
   - powerpc/pseries: Mark accumulate_stolen_time() as notrace (bsc#1065729).
   - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).
   - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695
     ltc#200603).
   - powerpc/pseries/cmm: Implement release() function for sysfs device
     (bsc#1065729).
   - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
   - powerpc/pseries/hvconsole: Fix stack overread via udbg (bsc#1065729).
   - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
   - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
   - powerpc/smp: Set numa node before updating mask (bsc#1065729).
   - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
     (bsc#1065729).
   - powerpc/time: Fix clockevent_decrementer initalisation for PR KVM
     (bsc#1065729).
   - powerpc/time: Use clockevents_register_device(), fixing an issue with
     large decrementer (bsc#1065729).
   - powerpc/traps: Fix the message printed when stack overflows
     (bsc#1065729).
   - powerpc/xive: Add a check for memory allocation failure (git-fixes).
   - powerpc/xive: add missing iounmap() in error path in
     xive_spapr_populate_irq_data() (git-fixes).
   - powerpc/xive: Move a dereference below a NULL test (bsc#1065729).
   - powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
   - powerpc/xmon: fix dump_segments() (bsc#1065729).
   - rndis_host: increase sleep time in the query-response loop (git-fixes).
   - rpc: fix gss_svc_init cleanup on failure (git-fixes).
   - rpc: fix NULL dereference on kmalloc failure (git-fixes).
   - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
     (git-fixes).
   - scsi: 3ware: fix return 0 on the error path of probe (git-fixes).
   - scsi: 53c700: pass correct "dev" to dma_alloc_attrs() (git-fixes).
   - scsi: aacraid: Disabling TM path and only processing IOP reset
     (git-fixes).
   - scsi: aacraid: fix illegal IO beyond last LBA (git-fixes).
   - scsi: advansys: Fix kernel pointer leak (git-fixes).
   - scsi: aha152x: Fix aha152x_setup() __setup handler return value
     (git-fixes).
   - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
   - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of
     u8 (git-fixes).
   - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
     (git-fixes).
   - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
   - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
     (git-fixes).
   - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
     (git-fixes).
   - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
   - scsi: core: Do not start concurrent async scan on same host (git-fixes).
   - scsi: core: Fix shost->cmd_per_lun calculation in
     scsi_add_host_with_dma() (git-fixes).
   - scsi: core: Reduce memory required for SCSI logging (git-fixes).
   - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
     (git-fixes).
   - scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes).
   - scsi: dc395x: fix dma API usage in srb_done (git-fixes).
   - scsi: fcoe: drop frames in ELS LOGO error path (git-fixes).
   - scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send (git-fixes).
   - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
     (git-fixes).
   - scsi: fnic: fix use after free (git-fixes).
   - scsi: hisi_sas: Check sas_port before using it (git-fixes).
   - scsi: hpsa: correct scsi command status issue after reset (git-fixes).
   - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
   - scsi: ibmvscsis: Ensure partition name is properly NUL terminated
     (git-fixes).
   - scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes).
   - scsi: ipr: Fix missing/incorrect resource cleanup in error case
     (git-fixes).
   - scsi: ipr: Fix softlockup when rescanning devices in petitboot
     (git-fixes).
   - scsi: ips: fix missing break in switch (git-fixes).
   - scsi: isci: Change sci_controller_start_task's return type to sci_status
     (git-fixes).
   - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
     (git-fixes).
   - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
     (git-fixes).
   - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
   - scsi: iscsi: Do not destroy session if there are outstanding connections
     (git-fixes).
   - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
   - scsi: iscsi: Do not send data to unbound connection (git-fixes).
   - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
     (git-fixes).
   - scsi: iscsi: Fix shost->max_id use (git-fixes).
   - scsi: iscsi: flush running unbind operations when removing a session
     (git-fixes).
   - scsi: iscsi: Report unbind session event when the target has been
     removed (git-fixes).
   - scsi: iscsi: Unblock session then wake up error handler (git-fixes).
   - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
     (git-fixes).
   - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
     (git-fixes).
   - scsi: libfc: Fix a format specifier (git-fixes).
   - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
   - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
   - scsi: libiscsi: Fix NOP race condition (git-fixes).
   - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
     (git-fixes).
   - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
     (git-fixes).
   - scsi: libsas: Check SMP PHY control function result (git-fixes).
   - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
     (git-fixes).
   - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
     (git-fixes).
   - scsi: megaraid_sas: fix panic on loading firmware crashdump (git-fixes).
   - scsi: megaraid_sas: reduce module load time (git-fixes).
   - scsi: megaraid: disable device when probe failed after enabled device
     (git-fixes).
   - scsi: megaraid: Fix error check return value of register_chrdev()
     (git-fixes).
   - scsi: mpt3sas: Fix clear pending bit in ioctl status (git-fixes).
   - scsi: mpt3sas: Fix double free warnings (git-fixes).
   - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
   - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
   - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
   - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
   - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
   - scsi: NCR5380: Check for bus reset (git-fixes).
   - scsi: NCR5380: Check for invalid reselection target (git-fixes).
   - scsi: NCR5380: Clear all unissued commands on host reset (git-fixes).
   - scsi: NCR5380: Do not call dsprintk() following reselection interrupt
     (git-fixes).
   - scsi: NCR5380: Do not clear busy flag when abort fails (git-fixes).
   - scsi: NCR5380: Handle BUS FREE during reselection (git-fixes).
   - scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes).
   - scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data (git-fixes).
   - scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
     (git-fixes).
   - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort (git-fixes).
   - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
   - scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes).
   - scsi: pm80xx: Fix for SATA device discovery (git-fixes).
   - scsi: pm80xx: Fixed system hang issue during kexec boot (git-fixes).
   - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
   - scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails (git-fixes).
   - scsi: qedi: Abort ep termination if offload not scheduled (git-fixes).
   - scsi: qedi: Do not flush offload work if ARP not resolved (git-fixes).
   - scsi: qedi: Fix list_del corruption while removing active I/O
     (git-fixes).
   - scsi: qedi: Fix null ref during abort handling (git-fixes).
   - scsi: qedi: Fix termination timeouts in session logout (git-fixes).
   - scsi: qedi: Protect active command list to avoid list corruption
     (git-fixes).
   - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
   - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
   - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts
     (jsc#PED-568).
   - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
     (jsc#PED-568).
   - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
   - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
     (git-fixes).
   - scsi: qla4xxx: fix a potential NULL pointer dereference (git-fixes).
   - scsi: Revert "target: iscsi: Wait for all commands to finish before
     freeing a session" (git-fixes).
   - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
     (git-fixes).
   - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
   - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
     (git-fixes).
   - scsi: scsi_dh_alua: handle RTPG sense code correctly during state
     transitions (git-fixes).
   - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
   - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
   - scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
   - scsi: scsi_transport_srp: Do not block target in failfast state
     (git-fixes).
   - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state
     (git-fixes).
   - scsi: sd: do not crash the host on invalid commands (git-fixes).
   - scsi: sd: Free scsi_disk device via put_device() (git-fixes).
   - scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
   - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
   - scsi: sni_53c710: fix compilation error (git-fixes).
   - scsi: sr: Do not use GFP_DMA (git-fixes).
   - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
   - scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
   - scsi: sr: Return correct event when media event code is 3 (git-fixes).
   - scsi: st: Fix a use after free in st_open() (git-fixes).
   - scsi: target: iscsi: Wait for all commands to finish before freeing a
     session (git-fixes).
   - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
     suspend-to-disk ->poweroff() (git-fixes).
   - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
   - scsi: ufs: Avoid configuring regulator with undefined voltage range
     (git-fixes).
   - scsi: ufs: Clean up completed request without interrupt notification
     (git-fixes).
   - scsi: ufs: Complete pending requests in host reset and restore path
     (git-fixes).
   - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes).
   - scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
   - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
   - scsi: ufs: fix potential bug which ends in system hang (git-fixes).
   - scsi: ufs: Fix regulator load and icc-level configuration (git-fixes).
   - scsi: ufs: Fix system suspend status (git-fixes).
   - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
   - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
     (git-fixes).
   - scsi: ufs: skip shutdown if hba is not powered (git-fixes).
   - scsi: ufs: ufs-qcom: Fix race conditions caused by
     ufs_qcom_testbus_config() (git-fixes).
   - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
     (git-fixes).
   - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq
     during unload (git-fixes).
   - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
   - scsi: vmw_pvscsi: Return DID_RESET for status
     SAM_STAT_COMMAND_TERMINATED (git-fixes).
   - scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
   - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
   - SUNRPC: Do not call __UDPX_INC_STATS() from a preemptible context
     (git-fixes).
   - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails
     (git-fixes).
   - SUNRPC: do not mark uninitialised items as VALID (git-fixes).
   - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
     (git-fixes).
   - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (git-fixes).
   - SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes).
   - SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes).
   - SUNRPC: fix cache_head leak due to queued request (git-fixes).
   - SUNRPC: Fix connect metrics (git-fixes).
   - SUNRPC: fix crash when cache_head become valid before update (git-fixes).
   - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
   - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes).
   - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
     (git-fixes).
   - SUNRPC: stop printk reading past end of string (git-fixes).
   - svcrdma: Ignore source port when computing DRC hash (git-fixes).
   - tracing: Fix code comments in trace.c (git-fixes).
   - usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded
     (git-fixes).
   - usb: dwc3: gadget: only unmap requests from DMA if mapped (git-fixes).
   - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).


Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP5:

      zypper in -t patch SUSE-SLE-WE-12-SP5-2023-145=1

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-145=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-145=1

   - SUSE Linux Enterprise Live Patching 12-SP5:

      zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-145=1

      Please note that this is the initial kernel livepatch without fixes
      itself, this livepatch package is later updated by seperate standalone
      livepatch updates.

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2023-145=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):

      kernel-default-debuginfo-4.12.14-122.147.1
      kernel-default-debugsource-4.12.14-122.147.1
      kernel-default-extra-4.12.14-122.147.1
      kernel-default-extra-debuginfo-4.12.14-122.147.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-obs-build-4.12.14-122.147.1
      kernel-obs-build-debugsource-4.12.14-122.147.1

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):

      kernel-docs-4.12.14-122.147.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      kernel-default-4.12.14-122.147.1
      kernel-default-base-4.12.14-122.147.1
      kernel-default-base-debuginfo-4.12.14-122.147.1
      kernel-default-debuginfo-4.12.14-122.147.1
      kernel-default-debugsource-4.12.14-122.147.1
      kernel-default-devel-4.12.14-122.147.1
      kernel-syms-4.12.14-122.147.1

   - SUSE Linux Enterprise Server 12-SP5 (x86_64):

      kernel-default-devel-debuginfo-4.12.14-122.147.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      kernel-devel-4.12.14-122.147.1
      kernel-macros-4.12.14-122.147.1
      kernel-source-4.12.14-122.147.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x):

      kernel-default-man-4.12.14-122.147.1

   - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):

      kernel-default-debuginfo-4.12.14-122.147.1
      kernel-default-debugsource-4.12.14-122.147.1
      kernel-default-kgraft-4.12.14-122.147.1
      kernel-default-kgraft-devel-4.12.14-122.147.1
      kgraft-patch-4_12_14-122_147-default-1-8.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      cluster-md-kmp-default-4.12.14-122.147.1
      cluster-md-kmp-default-debuginfo-4.12.14-122.147.1
      dlm-kmp-default-4.12.14-122.147.1
      dlm-kmp-default-debuginfo-4.12.14-122.147.1
      gfs2-kmp-default-4.12.14-122.147.1
      gfs2-kmp-default-debuginfo-4.12.14-122.147.1
      kernel-default-debuginfo-4.12.14-122.147.1
      kernel-default-debugsource-4.12.14-122.147.1
      ocfs2-kmp-default-4.12.14-122.147.1
      ocfs2-kmp-default-debuginfo-4.12.14-122.147.1


References:

   https://www.suse.com/security/cve/CVE-2022-3107.html
   https://www.suse.com/security/cve/CVE-2022-3108.html
   https://www.suse.com/security/cve/CVE-2022-3564.html
   https://www.suse.com/security/cve/CVE-2022-4662.html
   https://www.suse.com/security/cve/CVE-2023-23454.html
   https://bugzilla.suse.com/1065729
   https://bugzilla.suse.com/1203740
   https://bugzilla.suse.com/1204250
   https://bugzilla.suse.com/1205695
   https://bugzilla.suse.com/1206073
   https://bugzilla.suse.com/1206344
   https://bugzilla.suse.com/1206389
   https://bugzilla.suse.com/1206395
   https://bugzilla.suse.com/1206664
   https://bugzilla.suse.com/1207036
   https://bugzilla.suse.com/1207168
   https://bugzilla.suse.com/1207195



More information about the sle-security-updates mailing list