SUSE-SU-2023:2538-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jun 19 12:30:18 UTC 2023



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:2538-1  
Rating: important  
References:

  * #1065729
  * #1118212
  * #1129770
  * #1154048
  * #1204405
  * #1205756
  * #1205758
  * #1205760
  * #1205762
  * #1205803
  * #1206878
  * #1209287
  * #1209366
  * #1209857
  * #1210544
  * #1210629
  * #1210715
  * #1210783
  * #1210806
  * #1210940
  * #1211044
  * #1211105
  * #1211186
  * #1211275
  * #1211360
  * #1211361
  * #1211362
  * #1211363
  * #1211364
  * #1211365
  * #1211366
  * #1211466
  * #1211592
  * #1211622
  * #1211801
  * #1211816
  * #1211960

  
Cross-References:

  * CVE-2022-3566
  * CVE-2022-45884
  * CVE-2022-45885
  * CVE-2022-45886
  * CVE-2022-45887
  * CVE-2022-45919
  * CVE-2023-1380
  * CVE-2023-2176
  * CVE-2023-2194
  * CVE-2023-2269
  * CVE-2023-2513
  * CVE-2023-28466
  * CVE-2023-31084
  * CVE-2023-31436
  * CVE-2023-32269

  
CVSS scores:

  * CVE-2022-3566 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-3566 ( NVD ):  7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45884 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45884 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45885 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45885 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45886 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45886 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45887 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45887 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45919 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45919 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1380 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-1380 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-2176 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2176 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2194 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  * CVE-2023-2194 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2269 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2269 ( NVD ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2513 ( SUSE ):  6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2513 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28466 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28466 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31084 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-31084 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-31436 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31436 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-32269 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-32269 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Availability Extension 12 SP5
  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Live Patching 12-SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * SUSE Linux Enterprise Software Development Kit 12 SP5
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5

  
  
An update that solves 15 vulnerabilities and has 22 fixes can now be installed.

## Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive
    locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-
    ioctl.c (bsc#1210806).
  * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
  * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in
    dvb_net.c that lead to a use-after-free (bsc#1205760).
  * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a
    use-after-free when a device is disconnected (bsc#1205758).
  * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a
    dvb_frontend_detach call (bsc#1205762).
  * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur
    if there is a disconnect after an open, because of the lack of a wait_event
    (bsc#1205803).
  * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to
    dvb_register_device dynamically allocating fops (bsc#1205756).
  * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-
    core/dvb_frontend.c (bsc#1210783).
  * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because
    lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
  * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C
    device driver (bsc#1210715).
  * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact
    that accept() was also allowed for a successfully connected AF_NETROM socket
    (bsc#1211186).
  * CVE-2023-28466: Fixed race condition that could lead to use-after-free or
    NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c
    (bsc#1209366).
  * CVE-2023-1380: Fixed a slab-out-of-bound read problem in
    brcmf_get_assoc_ies() (bsc#1209287).
  * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem
    (bsc#1211105).
  * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in
    drivers/infiniband/core/cma.c in RDMA (bsc#1210629).

The following non-security bugs were fixed:

  * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-
    fixes).
  * Documentation: Document sysfs interfaces purr, spurr, idle_purr, idle_spurr
    (PED-3947 bsc#1210544 ltc#202303).
  * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
  * IB/hfi1: Assign npages earlier (git-fixes)
  * IB/iser: bound protection_sg size by data_sg size (git-fixes)
  * IB/mlx4: Fix memory leaks (git-fixes)
  * IB/mlx4: Increase the timeout for CM cache (git-fixes)
  * IB/mlx5: Fix initializing CQ fragments buffer (git-fixes)
  * IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-
    fixes)
  * IB/usnic: Fix potential deadlock (git-fixes)
  * KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting
    to L1 (git-fixes).
  * KVM: x86: Update the exit_qualification access bits while walking an address
    (git-fixes).
  * KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
    tracing (git-fixes).
  * KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
  * KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
  * KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
  * KVM: x86: fix empty-body warnings (git-fixes).
  * KVM: x86: fix incorrect comparison in trace event (git-fixes).
  * KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (git-fixes).
  * Move upstreamed media fixes into sorted section
  * PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
  * PCI: Call Max Payload Size-related fixup quirks early (git-fixes).
  * PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
  * PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
  * PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes).
  * PCI: aardvark: Configure PCIe resources from 'ranges' DT property (git-
    fixes).
  * PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes).
  * PCI: aardvark: Fix checking for PIO status (git-fixes).
  * PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
  * PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
    (git-fixes).
  * PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
  * RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes)
  * RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes)
  * RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes)
  * RDMA/core: Do not access cm_id after its destruction (git-fixes)
  * RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes)
  * RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
  * RDMA/hns: Bugfix for querying qkey (git-fixes)
  * RDMA/i40iw: Fix potential use after free (git-fixes)
  * RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes)
  * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes)
  * RDMA/mlx5: Block delay drop to unprivileged users (git-fixes)
  * RDMA/rxe: Fix error type of mmap_offset (git-fixes)
  * RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
  * RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git-
    fixes)
  * RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
  * RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
  * RDS: IB: Fix null pointer issue (git-fixes).
  * USB: core: Add routines for endpoint checks in old drivers (git-fixes).
  * USB: sisusbvga: Add endpoint checks (git-fixes).
  * Update patch reference for libata fix (bsc#1118212).
  * adm8211: fix error return code in adm8211_probe() (git-fixes).
  * backlight: lm3630a: Fix return code of .update_status() callback
    (bsc#1129770)
  * blacklist.conf: workqueue: Cosmetic change. Not worth backporting
    (bsc#1211275)
  * bonding: show full hw address in sysfs for slave entries (git-fixes).
  * ceph: force updating the msg pointer in non-split case (bsc#1211801).
  * cpuidle/powernv: avoid double irq enable coming out of idle (PED-3947
    bsc#1210544 ltc#202303).
  * cpuidle: powerpc: cpuidle set polling before enabling irqs (PED-3947
    bsc#1210544 ltc#202303).
  * cpuidle: powerpc: no memory barrier after break from idle (PED-3947
    bsc#1210544 ltc#202303).
  * cpuidle: powerpc: read mostly for common globals (PED-3947 bsc#1210544
    ltc#202303).
  * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
  * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
  * fbcon: Check font dimension limits (bsc#1154048)
  * fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
    (bsc#1154048)
  * fix kcm_clone() (git-fixes).
  * fotg210-udc: Add missing completion handler (git-fixes).
  * ip6_tunnel: allow ip6gre dev mtu to be set below 1280 (git-fixes).
  * ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes).
  * ipoib: correcly show a VF hardware address (git-fixes)
  * ipv4: ipv4_default_advmss() should use route mtu (git-fixes).
  * ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT (git-fixes).
  * ipv6: icmp6: Allow icmp messages to be looped back (git-fixes).
  * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
  * kcm: Check if sk_user_data already set in kcm_attach (git-fixes).
  * kvm: mmu: Do not read PDPTEs when paging is not enabled (git-fixes).
  * l2tp: remove configurable payload offset (git-fixes).
  * l2tp: remove l2specific_len dependency in l2tp_core (git-fixes).
  * libata: add horkage for ASMedia 1092 (git-fixes).
  * mac80211: choose first enabled channel for monitor (git-fixes).
  * mac80211: drop multicast fragments (git-fixes).
  * mac80211: fix fast-rx encryption check (git-fixes).
  * mac80211: pause TX while changing interface type (git-fixes).
  * media: radio-shark: Add endpoint checks (git-fixes).
  * mlx4: Use snprintf instead of complicated strcpy (git-fixes)
  * mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
  * net/iucv: Fix size of interrupt data (bsc#1211466).
  * net/mlx4_core: Fix return codes of unsupported operations (git-fixes).
  * net/tcp/illinois: replace broken algorithm reference link (git-fixes).
  * net: Extra '_get' in declaration of arch_get_platform_mac_address (git-
    fixes).
  * net: altera_tse: fix connect_local_phy error path (git-fixes).
  * net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (git-
    fixes).
  * net: amd: add missing of_node_put() (git-fixes).
  * net: arc_emac: fix arc_emac_rx() error paths (git-fixes).
  * net: broadcom: fix return type of ndo_start_xmit function (git-fixes).
  * net: davinci_emac: match the mdio device against its compatible if possible
    (git-fixes).
  * net: dsa: b53: Add BCM5389 support (git-fixes).
  * net: dsa: bcm_sf2: Turn on PHY to allow successful registration (git-fixes).
  * net: dsa: mt7530: fix module autoloading for OF platform drivers (git-
    fixes).
  * net: dsa: qca8k: Add support for QCA8334 switch (git-fixes).
  * net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes).
  * net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value (git-
    fixes).
  * net: faraday: fix return type of ndo_start_xmit function (git-fixes).
  * net: hisilicon: remove unexpected free_netdev (git-fixes).
  * net: hns3: fix return type of ndo_start_xmit function (git-fixes).
  * net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (git-fixes).
  * net: ibm: fix possible object reference leak (git-fixes).
  * net: ipv6: send NS for DAD when link operationally up (git-fixes).
  * net: mediatek: setup proper state for disabled GMAC on the default (git-
    fixes).
  * net: micrel: fix return type of ndo_start_xmit function (git-fixes).
  * net: mvneta: fix enable of all initialized RXQs (git-fixes).
  * net: netxen: fix a missing check and an uninitialized use (git-fixes).
  * net: propagate dev_get_valid_name return code (git-fixes).
  * net: qca_spi: Fix log level if probe fails (git-fixes).
  * net: qcom/emac: Use proper free methods during TX (git-fixes).
  * net: qla3xxx: Remove overflowing shift statement (git-fixes).
  * net: smsc: fix return type of ndo_start_xmit function (git-fixes).
  * net: stmmac: do not log oversized frames (git-fixes).
  * net: stmmac: fix dropping of multi-descriptor RX frames (git-fixes).
  * net: sun: fix return type of ndo_start_xmit function (git-fixes).
  * net: toshiba: fix return type of ndo_start_xmit function (git-fixes).
  * net: xfrm: allow clearing socket xfrm policies (git-fixes).
  * net: xilinx: fix return type of ndo_start_xmit function (git-fixes).
  * netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes).
  * netfilter: ipt_CLUSTERIP: put config instead of freeing it (git-fixes).
  * netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct
    refcount (git-fixes).
  * nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (git-fixes).
  * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-
    fixes).
  * nvme-pci: unquiesce admin queue on shutdown (git-fixes).
  * nvme-pci: use the same attributes when freeing host_mem_desc_bufs (git-
    fixes).
  * nvme: Fix u32 overflow in the number of namespace list calculation (git-
    fixes).
  * nvme: free sq/cq dbbuf pointers when dbbuf set fails (git-fixes).
  * nvme: refine the Qemu Identify CNS quirk (git-fixes).
  * nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes).
  * platform/x86: alienware-wmi: Adjust instance of wmi_evaluate_method calls to
    0 (git-fixes).
  * platform/x86: alienware-wmi: constify attribute_group structures (git-
    fixes).
  * platform/x86: alienware-wmi: fix format string overflow warning (git-fixes).
  * platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
    (git-fixes).
  * platform/x86: dell-laptop: fix rfkill functionality.
  * platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
    run_smbios_call (git-fixes).
  * platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
  * powerpc/idle: Store PURR snapshot in a per-cpu global variable (PED-3947
    bsc#1210544 ltc#202303).
  * powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947 bsc#1210544
    ltc#202303).
  * powerpc/rtas: use memmove for potentially overlapping buffer copy
    (bsc#1065729).
  * powerpc/sysfs: Show idle_purr and idle_spurr for every CPU (PED-3947
    bsc#1210544 ltc#202303).
  * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
  * powerpc: Move idle_loop_prolog()/epilog() functions to header file (PED-3947
    bsc#1210544 ltc#202303).
  * powerpc: Squash lines for simple wrapper functions (bsc#1065729).
  * rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (git-fixes).
  * ring-buffer: Ensure proper resetting of atomic variables in
    ring_buffer_reset_online_cpus (git-fixes).
  * ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
  * rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes)
  * s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes bsc#1211362).
  * s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes bsc#1211363).
  * s390/kasan: fix early pgm check handler execution (git-fixes bsc#1211360).
  * s390/pci: fix sleeping in atomic during hotplug (git-fixes bsc#1211364).
  * s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes
    bsc#1211365).
  * s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes bsc#1211366).
  * s390/uaccess: add missing earlyclobber annotations to __clear_user()
    (LTC#202116 bsc#1209857 git-fixes).
  * s390: ctcm: fix ctcm_new_device error return code (git-fixes bsc#1211361).
  * scsi: qla2xxx: Declare SCSI host template const (bsc#1211960).
  * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
    (bsc#1211960).
  * scsi: qla2xxx: Fix hang in task management (bsc#1211960).
  * scsi: qla2xxx: Fix hang in task management (bsc#1211960).
  * scsi: qla2xxx: Fix mem access after free (bsc#1211960).
  * scsi: qla2xxx: Fix mem access after free (bsc#1211960).
  * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource
    (bsc#1211960).
  * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource
    (bsc#1211960).
  * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
  * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
  * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
  * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
  * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
  * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
  * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
    (bsc#1211960).
  * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
    (bsc#1211960).
  * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
  * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
  * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
  * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
  * scsi: storvsc: Parameterize number hardware queues (bsc#1211622).
  * sctp: avoid flushing unsent queue when doing asoc reset (git-fixes).
  * sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes).
  * sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
    (git-fixes).
  * sctp: make use of pre-calculated len (git-fixes).
  * seccomp: Set PF_SUPERPRIV when checking capability (git-fixes bsc#1211816).
  * sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe (git-
    fixes).
  * sit: fix IFLA_MTU ignored on NEWLINK (git-fixes).
  * stmmac: fix valid numbers of unicast filter entries (git-fixes).
  * sunvnet: does not support GSO for sctp (git-fixes).
  * usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
  * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-
    fixes).
  * vrf: mark skb for multicast or link-local as enslaved to VRF (git-fixes).
  * wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement
    (git-fixes).
  * wcn36xx: Add ieee80211 rx status rate information (git-fixes).
  * wcn36xx: Channel list update before hardware scan (git-fixes).
  * wcn36xx: Disable bmps when encryption is disabled (git-fixes).
  * wcn36xx: Ensure finish scan is not requested before start scan (git-fixes).
  * wcn36xx: Fix TX data path (git-fixes).
  * wcn36xx: Fix multiple AMPDU sessions support (git-fixes).
  * wcn36xx: Fix software-driven scan (git-fix).
  * wcn36xx: Fix warning due to bad rate_idx (git-fixes).
  * wcn36xx: Increase number of TX retries (git-fixes).
  * wcn36xx: Specify ieee80211_rx_status.nss (git-fixes).
  * wcn36xx: Use kmemdup instead of duplicating it in
    wcn36xx_smd_process_ptt_msg_rsp (git-fixes).
  * wcn36xx: Use sequence number allocated by mac80211 (git-fixes).
  * wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes).
  * wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan
    (git-fixes).
  * wcn36xx: fix spelling mistake "to" -> "too" (git-fixes).
  * wcn36xx: fix typo (git-fixes).
  * wcn36xx: remove unecessary return (git-fixes).
  * wcn36xx: use dma_zalloc_coherent instead of allocator/memset (git-fixes).
  * workqueue: Fix hung time report of worker pools (bsc#1211044).
  * workqueue: Interrupted create_worker() is not a repeated event
    (bsc#1211044).
  * workqueue: Print backtraces from CPUs with hung CPU bound workqueues
    (bsc#1211044).
  * workqueue: Warn when a new worker could not be created (bsc#1211044).
  * workqueue: Warn when a rescuer could not be created (bsc#1211044).
  * x86/kvm/vmx: fix old-style function declaration (git-fixes).
  * x86/kvm: Do not call kvm_spurious_fault() from .fixup (git-fixes).
  * x86: kvm: avoid constant-conversion warning (git-fixes).
  * xen/netback: do not do grant copy across page boundary (git-fixes).
  * xen/netback: use same error messages for same errors (git-fixes).
  * xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies
    (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2538=1 SUSE-SLE-
SERVER-12-SP5-2023-2538=1

  * SUSE Linux Enterprise High Availability Extension 12 SP5  
    zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2538=1

  * SUSE Linux Enterprise Live Patching 12-SP5  
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2538=1

  * SUSE Linux Enterprise Software Development Kit 12 SP5  
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2538=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2538=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2538=1

  * SUSE Linux Enterprise Workstation Extension 12 12-SP5  
    zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2538=1

## Package List:

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
    * gfs2-kmp-default-4.12.14-122.162.1
    * dlm-kmp-default-debuginfo-4.12.14-122.162.1
    * ocfs2-kmp-default-4.12.14-122.162.1
    * ocfs2-kmp-default-debuginfo-4.12.14-122.162.1
    * kernel-default-debugsource-4.12.14-122.162.1
    * cluster-md-kmp-default-debuginfo-4.12.14-122.162.1
    * cluster-md-kmp-default-4.12.14-122.162.1
    * dlm-kmp-default-4.12.14-122.162.1
    * kernel-default-base-debuginfo-4.12.14-122.162.1
    * kernel-syms-4.12.14-122.162.1
    * kernel-default-base-4.12.14-122.162.1
    * kernel-default-devel-4.12.14-122.162.1
    * kernel-default-debuginfo-4.12.14-122.162.1
    * gfs2-kmp-default-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le
    x86_64)
    * kernel-default-4.12.14-122.162.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    * kernel-devel-4.12.14-122.162.1
    * kernel-macros-4.12.14-122.162.1
    * kernel-source-4.12.14-122.162.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    * kernel-default-devel-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x
    x86_64)
    * gfs2-kmp-default-4.12.14-122.162.1
    * dlm-kmp-default-debuginfo-4.12.14-122.162.1
    * ocfs2-kmp-default-4.12.14-122.162.1
    * ocfs2-kmp-default-debuginfo-4.12.14-122.162.1
    * kernel-default-debugsource-4.12.14-122.162.1
    * cluster-md-kmp-default-debuginfo-4.12.14-122.162.1
    * cluster-md-kmp-default-4.12.14-122.162.1
    * dlm-kmp-default-4.12.14-122.162.1
    * kernel-default-debuginfo-4.12.14-122.162.1
    * gfs2-kmp-default-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
    * kernel-default-4.12.14-122.162.1
  * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
    * kernel-default-4.12.14-122.162.1
  * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
    * kernel-default-debugsource-4.12.14-122.162.1
    * kernel-default-kgraft-devel-4.12.14-122.162.1
    * kgraft-patch-4_12_14-122_162-default-1-8.3.1
    * kernel-default-kgraft-4.12.14-122.162.1
    * kernel-default-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
    * kernel-docs-4.12.14-122.162.1
  * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
    x86_64)
    * kernel-obs-build-debugsource-4.12.14-122.162.1
    * kernel-obs-build-4.12.14-122.162.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc
    x86_64)
    * kernel-default-4.12.14-122.162.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
    * kernel-default-debugsource-4.12.14-122.162.1
    * kernel-default-base-debuginfo-4.12.14-122.162.1
    * kernel-syms-4.12.14-122.162.1
    * kernel-default-base-4.12.14-122.162.1
    * kernel-default-devel-4.12.14-122.162.1
    * kernel-default-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    * kernel-devel-4.12.14-122.162.1
    * kernel-macros-4.12.14-122.162.1
    * kernel-source-4.12.14-122.162.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    * kernel-default-devel-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-4.12.14-122.162.1
  * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
    * kernel-default-debugsource-4.12.14-122.162.1
    * kernel-default-base-debuginfo-4.12.14-122.162.1
    * kernel-syms-4.12.14-122.162.1
    * kernel-default-base-4.12.14-122.162.1
    * kernel-default-devel-4.12.14-122.162.1
    * kernel-default-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise Server 12 SP5 (noarch)
    * kernel-devel-4.12.14-122.162.1
    * kernel-macros-4.12.14-122.162.1
    * kernel-source-4.12.14-122.162.1
  * SUSE Linux Enterprise Server 12 SP5 (s390x)
    * kernel-default-man-4.12.14-122.162.1
  * SUSE Linux Enterprise Server 12 SP5 (x86_64)
    * kernel-default-devel-debuginfo-4.12.14-122.162.1
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
    * kernel-default-4.12.14-122.162.1
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
    * kernel-default-debugsource-4.12.14-122.162.1
    * kernel-default-extra-debuginfo-4.12.14-122.162.1
    * kernel-default-debuginfo-4.12.14-122.162.1
    * kernel-default-extra-4.12.14-122.162.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-3566.html
  * https://www.suse.com/security/cve/CVE-2022-45884.html
  * https://www.suse.com/security/cve/CVE-2022-45885.html
  * https://www.suse.com/security/cve/CVE-2022-45886.html
  * https://www.suse.com/security/cve/CVE-2022-45887.html
  * https://www.suse.com/security/cve/CVE-2022-45919.html
  * https://www.suse.com/security/cve/CVE-2023-1380.html
  * https://www.suse.com/security/cve/CVE-2023-2176.html
  * https://www.suse.com/security/cve/CVE-2023-2194.html
  * https://www.suse.com/security/cve/CVE-2023-2269.html
  * https://www.suse.com/security/cve/CVE-2023-2513.html
  * https://www.suse.com/security/cve/CVE-2023-28466.html
  * https://www.suse.com/security/cve/CVE-2023-31084.html
  * https://www.suse.com/security/cve/CVE-2023-31436.html
  * https://www.suse.com/security/cve/CVE-2023-32269.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1065729
  * https://bugzilla.suse.com/show_bug.cgi?id=1118212
  * https://bugzilla.suse.com/show_bug.cgi?id=1129770
  * https://bugzilla.suse.com/show_bug.cgi?id=1154048
  * https://bugzilla.suse.com/show_bug.cgi?id=1204405
  * https://bugzilla.suse.com/show_bug.cgi?id=1205756
  * https://bugzilla.suse.com/show_bug.cgi?id=1205758
  * https://bugzilla.suse.com/show_bug.cgi?id=1205760
  * https://bugzilla.suse.com/show_bug.cgi?id=1205762
  * https://bugzilla.suse.com/show_bug.cgi?id=1205803
  * https://bugzilla.suse.com/show_bug.cgi?id=1206878
  * https://bugzilla.suse.com/show_bug.cgi?id=1209287
  * https://bugzilla.suse.com/show_bug.cgi?id=1209366
  * https://bugzilla.suse.com/show_bug.cgi?id=1209857
  * https://bugzilla.suse.com/show_bug.cgi?id=1210544
  * https://bugzilla.suse.com/show_bug.cgi?id=1210629
  * https://bugzilla.suse.com/show_bug.cgi?id=1210715
  * https://bugzilla.suse.com/show_bug.cgi?id=1210783
  * https://bugzilla.suse.com/show_bug.cgi?id=1210806
  * https://bugzilla.suse.com/show_bug.cgi?id=1210940
  * https://bugzilla.suse.com/show_bug.cgi?id=1211044
  * https://bugzilla.suse.com/show_bug.cgi?id=1211105
  * https://bugzilla.suse.com/show_bug.cgi?id=1211186
  * https://bugzilla.suse.com/show_bug.cgi?id=1211275
  * https://bugzilla.suse.com/show_bug.cgi?id=1211360
  * https://bugzilla.suse.com/show_bug.cgi?id=1211361
  * https://bugzilla.suse.com/show_bug.cgi?id=1211362
  * https://bugzilla.suse.com/show_bug.cgi?id=1211363
  * https://bugzilla.suse.com/show_bug.cgi?id=1211364
  * https://bugzilla.suse.com/show_bug.cgi?id=1211365
  * https://bugzilla.suse.com/show_bug.cgi?id=1211366
  * https://bugzilla.suse.com/show_bug.cgi?id=1211466
  * https://bugzilla.suse.com/show_bug.cgi?id=1211592
  * https://bugzilla.suse.com/show_bug.cgi?id=1211622
  * https://bugzilla.suse.com/show_bug.cgi?id=1211801
  * https://bugzilla.suse.com/show_bug.cgi?id=1211816
  * https://bugzilla.suse.com/show_bug.cgi?id=1211960

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230619/6648ab15/attachment.htm>


More information about the sle-security-updates mailing list