SUSE-IU-2023:318-1: Security update of suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64

sle-security-updates at sle-security-updates at
Thu May 11 10:15:32 UTC 2023

SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64
Image Advisory ID : SUSE-IU-2023:318-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64:20230510
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1109158 1142685 1155798 1168481 1171479 1174777 1187810
                        1189036 1189998 1189999 1191467 1191525 1193629 1194869 1194869
                        1198932 1200321 1201209 1201234 1202705 1202820 1203039 1203079
                        1203200 1203325 1203446 1204042 1206195 1206439 1206513 1206552
                        1206649 1206891 1206992 1207014 1207064 1207088 1207168 1207185
                        1207574 1207876 1208076 1208079 1208423 1208426 1208529 1208602
                        1208815 1208822 1208828 1208829 1208845 1208902 1208962 1209026
                        1209042 1209052 1209118 1209122 1209165 1209187 1209234 1209256
                        1209290 1209292 1209366 1209372 1209532 1209547 1209556 1209572
                        1209600 1209615 1209634 1209635 1209636 1209667 1209681 1209684
                        1209687 1209693 1209713 1209714 1209739 1209779 1209788 1209798
                        1209799 1209804 1209805 1209871 1209873 1209878 1209884 1209888
                        1209918 1209927 1209999 1210034 1210050 1210135 1210158 1210202
                        1210203 1210206 1210301 1210328 1210329 1210336 1210337 1210382
                        1210411 1210412 1210418 1210434 1210439 1210453 1210454 1210469
                        1210499 1210506 1210507 1210629 1210630 1210725 1210729 1210762
                        1210763 1210764 1210765 1210766 1210767 1210768 1210769 1210770
                        1210771 1210793 1210816 1210817 1210827 1210943 1210953 1210986
                        1211025 CVE-2017-5753 CVE-2020-12762 CVE-2022-2196 CVE-2022-28737
                        CVE-2022-4744 CVE-2023-0386 CVE-2023-0394 CVE-2023-0465 CVE-2023-0466
                        CVE-2023-1127 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1513
                        CVE-2023-1582 CVE-2023-1611 CVE-2023-1637 CVE-2023-1652 CVE-2023-1670
                        CVE-2023-1838 CVE-2023-1855 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990
                        CVE-2023-1998 CVE-2023-2008 CVE-2023-2019 CVE-2023-2176 CVE-2023-2235
                        CVE-2023-23001 CVE-2023-23006 CVE-2023-24593 CVE-2023-25153 CVE-2023-25173
                        CVE-2023-25180 CVE-2023-25809 CVE-2023-27561 CVE-2023-28327 CVE-2023-28464
                        CVE-2023-28466 CVE-2023-28484 CVE-2023-28642 CVE-2023-29383 CVE-2023-29469
                        CVE-2023-29491 CVE-2023-30630 CVE-2023-30772 

The container suse-sles-15-sp4-chost-byos-v20230510-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2023:1805-1
Released:    Tue Apr 11 10:12:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
This update for timezone fixes the following issues:

- Version update from 2022g to 2023c:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.

Advisory ID: SUSE-RU-2023:1809-1
Released:    Tue Apr 11 11:47:44 2023
Summary:     Recommended update for haveged
Type:        recommended
Severity:    moderate
References:  1203079
This update for haveged fixes the following issues:

- Synchronize haveged instances during switching root (bsc#1203079)

Advisory ID: SUSE-RU-2023:1810-1
Released:    Tue Apr 11 12:06:13 2023
Summary:     Recommended update for cups
Type:        recommended
Severity:    moderate
References:  1191467,1191525,1198932,1200321,1201234,1203446
This update for cups fixes the following issues:

- Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525)
- Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446)
- Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932)
- Add ' sssd.service' to the systemd unit (bsc#1201234, bsc#1200321)    

Advisory ID: SUSE-SU-2023:1827-1
Released:    Thu Apr 13 10:18:16 2023
Summary:     Security update for containerd
Type:        security
Severity:    moderate
References:  1208423,1208426,CVE-2023-25153,CVE-2023-25173
This update for containerd fixes the following issues:

Update to containerd v1.6.19:

Security fixes:
- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).
- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).

Advisory ID: SUSE-RU-2023:1880-1
Released:    Tue Apr 18 11:11:27 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    low
References:  1208079
This update for systemd-rpm-macros fixes the following issue:

- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079).

Advisory ID: SUSE-RU-2023:1882-1
Released:    Tue Apr 18 11:13:49 2023
Summary:     Recommended update for makedumpfile
Type:        recommended
Severity:    moderate
References:  1201209
This update for makedumpfile fixes the following issues:

- Fix memory leak issue in init_xen_crash_info (bsc#1201209)

Advisory ID: SUSE-RU-2023:1885-1
Released:    Tue Apr 18 11:15:17 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1206195,1206439
This update for dracut fixes the following issues:

- Update to version 055+suse.335.gccf7fbc6:
  * Always include all drivers that LVM can use (bsc#1206195)
  * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439)

Advisory ID: SUSE-SU-2023:1897-1
Released:    Tue Apr 18 11:59:49 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1109158,1189998,1193629,1194869,1203200,1206552,1207168,1207185,1207574,1208602,1208815,1208829,1208902,1209052,1209118,1209256,1209290,1209292,1209366,1209532,1209547,1209556,1209572,1209600,1209634,1209635,1209636,1209681,1209684,1209687,1209779,1209788,1209798,1209799,1209804,1209805,1210050,1210203,CVE-2017-5753,CVE-2022-4744,CVE-2023-0394,CVE-2023-1281,CVE-2023-1513,CVE-2023-1582,CVE-2023-1611,CVE-2023-1637,CVE-2023-1652,CVE-2023-1838,CVE-2023-23001,CVE-2023-28327,CVE-2023-28464,CVE-2023-28466

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).

The following non-security bugs were fixed:

- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFS4trace: fix state manager flag printing (git-fixes).
- NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix race to check ls_layouts (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- NFSv4: provide mount option to toggle trunking discovery (git-fixes).
- NFSv4: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4: Fail client initialisation if state manager thread can't run (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/ Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/ Do not discard .comment (bsc#1194869).
- powerpc/ Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/ increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5.
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86: Annotate call_on_stack() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).

Advisory ID: SUSE-SU-2023:1911-1
Released:    Wed Apr 19 13:02:33 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1209873,1209878,CVE-2023-0465,CVE-2023-0466
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).

Advisory ID: SUSE-RU-2023:1915-1
Released:    Wed Apr 19 16:17:38 2023
Summary:     Recommended update for kexec-tools
Type:        recommended
Severity:    moderate
References:  1202820
This update for kexec-tools fixes the following issues:

- kexec-bootloader: Add -a argument to load using kexec_load_file() when available (bsc#1202820).

Advisory ID: SUSE-RU-2023:1916-1
Released:    Wed Apr 19 16:17:58 2023
Summary:     Recommended update for sles-release
Type:        recommended
Severity:    low
References:  1208529
This update for sles-release fixes the following issue:
- Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529)

Advisory ID: SUSE-RU-2023:1920-1
Released:    Wed Apr 19 16:22:58 2023
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
This update for hwdata fixes the following issues:

- Update pci, usb and vendor ids

Advisory ID: SUSE-SU-2023:1947-1
Released:    Fri Apr 21 14:14:41 2023
Summary:     Security update for dmidecode
Type:        security
Severity:    moderate
References:  1210418,CVE-2023-30630
This update for dmidecode fixes the following issues:

- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).

Advisory ID: SUSE-RU-2023:1963-1
Released:    Mon Apr 24 15:03:10 2023
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1187810,1189036,1207064,1209165,1209234,1209372,1209667
This update for grub2 fixes the following issues:

- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165)
- Make grub more robust against storage race condition causing system boot failures (bsc#1189036)
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234)  
- Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372)

Advisory ID: SUSE-SU-2023:1994-1
Released:    Tue Apr 25 13:53:25 2023
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1210328,CVE-2023-1981
This update for avahi fixes the following issues:

- CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328).

Advisory ID: SUSE-SU-2023:2003-1
Released:    Tue Apr 25 18:05:42 2023
Summary:     Security update for runc
Type:        security
Severity:    important
References:  1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642
This update for runc fixes the following issues:

Update to runc v1.1.5:

Security fixes:

- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).

Other fixes:

 - Fix the inability to use `/dev/null` when inside a container.
 - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
 - Fix rare runc exec/enter unshare error on older kernels.
 - nsexec: Check for errors in `write_log()`.
 - Drop version-specific Go requirement.

Advisory ID: SUSE-RU-2023:2040-1
Released:    Wed Apr 26 11:44:03 2023
Summary:     Recommended update for suseconnect-ng
Type:        recommended
Severity:    moderate
References:  1202705,1207876
This update for suseconnect-ng fixes the following issues:

- Update to version 1.1.0~git0.e3c41e60892e
  * Added MemTotal detection for HwInfo
  * Make keepalive on SUMA systems exit without error (bsc#1207876)
  * Add deactivate API to ruby bindings (bsc#1202705)
  * Allow non-root users to use --version
  * Update Dockerfile.yast
  * Use openssl go for SLE and Leap 15.5+ builds

Advisory ID: SUSE-SU-2023:2053-1
Released:    Thu Apr 27 11:31:08 2023
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).

The following non-security bug was fixed:

- Remove unneeded dependency (bsc#1209918). 

Advisory ID: SUSE-SU-2023:2060-1
Released:    Thu Apr 27 17:04:25 2023
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180
This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

Advisory ID: SUSE-SU-2023:2066-1
Released:    Fri Apr 28 13:54:17 2023
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1210507,CVE-2023-29383
This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

Advisory ID: SUSE-SU-2023:2084-1
Released:    Tue May  2 13:31:52 2023
Summary:     Security update for shim
Type:        security
Severity:    important
References:  1210382,CVE-2022-28737
This update for shim fixes the following issues:

- CVE-2022-28737 was missing as reference previously.

- Upgrade shim-install for bsc#1210382

  After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
  uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
  CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
  so all files in /boot/efi/EFI/boot are not updated.

  Logic was added that is using ID field in os-release for
  checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
  Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.

Advisory ID: SUSE-SU-2023:2103-1
Released:    Thu May  4 20:05:44 2023
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 1443, fixes the following security problems

-  CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042).
-  CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187).
-  CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).

Advisory ID: SUSE-RU-2023:2104-1
Released:    Thu May  4 21:05:30 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1209122
This update for procps fixes the following issue:

- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

Advisory ID: SUSE-SU-2023:2111-1
Released:    Fri May  5 14:34:00 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1210434,CVE-2023-29491
This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

Advisory ID: SUSE-RU-2023:2131-1
Released:    Tue May  9 13:35:24 2023
Summary:     Recommended update for openssh
Type:        recommended
Severity:    important
References:  1207014
This update for openssh fixes the following issues:

- Remove some patches that cause invalid environment assignments (bsc#1207014).

Advisory ID: SUSE-RU-2023:2133-1
Released:    Tue May  9 13:37:10 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1206513
This update for zlib fixes the following issues:

- Add DFLTCC support for using inflate() with a small window (bsc#1206513)

Advisory ID: SUSE-SU-2023:2135-1
Released:    Tue May  9 13:38:11 2023
Summary:     Security update for libfastjson
Type:        security
Severity:    important
References:  1171479,CVE-2020-12762
This update for libfastjson fixes the following issues:

- CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479).

Advisory ID: SUSE-SU-2023:2140-1
Released:    Tue May  9 14:28:34 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1142685,1155798,1174777,1189999,1194869,1203039,1203325,1204042,1206649,1206891,1206992,1207088,1208076,1208822,1208845,1209615,1209693,1209739,1209871,1209927,1209999,1210034,1210158,1210202,1210206,1210301,1210329,1210336,1210337,1210439,1210453,1210454,1210469,1210499,1210506,1210629,1210630,1210725,1210729,1210762,1210763,1210764,1210765,1210766,1210767,1210768,1210769,1210770,1210771,1210793,1210816,1210817,1210827,1210943,1210953,1210986,1211025,CVE-2022-2196,CVE-2023-0386,CVE-2023-1670,CVE-2023-1855,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2019,CVE-2023-2176,CVE-2023-2235,CVE-2023-23006,CVE-2023-30772
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).

The following non-security bugs were fixed:

- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798).
- sched/fair: Limit sched slice duration (bsc#1189999).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).

kernel-default-base changed:

- Do not ship on s390x (bsc#1210729)
- Add exfat (bsc#1208822)
- Add _diag modules for included socket types (bsc#1204042)

Advisory ID: SUSE-RU-2023:2166-1
Released:    Wed May 10 20:18:51 2023
Summary:     Recommended update for supportutils-plugin-suse-public-cloud
Type:        recommended
Severity:    moderate
References:  1209026
This update for supportutils-plugin-suse-public-cloud fixes the following issues:

- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during

The following package changes have been done:

- containerd-ctr-1.6.19-150000.87.1 updated
- containerd-1.6.19-150000.87.1 updated
- cups-config-2.2.7-150000.3.40.1 updated
- dmidecode-3.4-150400.16.8.1 updated
- dracut-055+suse.335.gccf7fbc6-150400.3.19.1 updated
- grub2-i386-pc-2.06-150400.11.30.1 updated
- grub2-x86_64-efi-2.06-150400.11.30.1 updated
- grub2-x86_64-xen-2.06-150400.11.30.1 updated
- grub2-2.06-150400.11.30.1 updated
- haveged-1.9.14-150400.3.3.1 updated
- hwdata-0.368-150000.3.57.1 updated
- kernel-default-5.14.21-150400.24.63.1 updated
- kexec-tools-2.0.20-150400.16.6.1 updated
- libavahi-client3-0.8-150400.7.3.1 updated
- libavahi-common3-0.8-150400.7.3.1 updated
- libcups2-2.2.7-150000.3.40.1 updated
- libfastjson4-0.99.9-150400.3.3.1 updated
- libglib-2_0-0-2.70.5-150400.3.8.1 updated
- libhavege2-1.9.14-150400.3.3.1 updated
- libncurses6-6.1-150000.5.15.1 updated
- libopenssl1_1-1.1.1l-150400.7.34.1 updated
- libprocps7-3.3.15-150000.7.31.1 updated
- libxml2-2-2.9.14-150400.5.16.1 updated
- libz1-1.2.11-150000.3.42.1 updated
- login_defs-4.8.1-150400.10.6.1 updated
- makedumpfile-1.7.0-150400.4.3.1 updated
- ncurses-utils-6.1-150000.5.15.1 updated
- openssh-clients-8.4p1-150300.3.18.2 updated
- openssh-common-8.4p1-150300.3.18.2 updated
- openssh-server-8.4p1-150300.3.18.2 updated
- openssh-8.4p1-150300.3.18.2 updated
- openssl-1_1-1.1.1l-150400.7.34.1 updated
- procps-3.3.15-150000.7.31.1 updated
- rsyslog-module-relp-8.2106.0-150400.5.11.1 added
- runc-1.1.5-150000.41.1 updated
- shadow-4.8.1-150400.10.6.1 updated
- shim-15.7-150300.4.16.1 updated
- sles-release-15.4-150400.58.7.3 updated
- supportutils-plugin-suse-public-cloud-1.0.7-150000.3.12.1 updated
- suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 updated
- systemd-rpm-macros-12-150000.7.30.1 updated
- terminfo-base-6.1-150000.5.15.1 updated
- terminfo-6.1-150000.5.15.1 updated
- timezone-2023c-150000.75.23.1 updated
- vim-data-common-9.0.1443-150000.5.40.1 updated
- vim-9.0.1443-150000.5.40.1 updated
- xxd-9.0.1443-150000.5.40.1 added

More information about the sle-security-updates mailing list