SUSE-SU-2023:3681-1: important: Security update for the Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Sep 19 16:31:19 UTC 2023



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:3681-1  
Rating: important  
References:

  * #1120059
  * #1203517
  * #1210327
  * #1210448
  * #1212051
  * #1213543
  * #1213546
  * #1213601
  * #1213666
  * #1213899
  * #1213904
  * #1213906
  * #1213908
  * #1213910
  * #1213911
  * #1213912
  * #1213921
  * #1213927
  * #1213969
  * #1213970
  * #1213971
  * #1214019
  * #1214149
  * #1214157
  * #1214209
  * #1214233
  * #1214299
  * #1214335
  * #1214348
  * #1214350
  * #1214451
  * #1214453
  * #1214752
  * #1214928
  * #1215028
  * #1215032
  * #1215034
  * #1215035
  * #1215036
  * #1215037
  * #1215038
  * #1215041
  * #1215046
  * #1215049
  * #1215057
  * PED-4579
  * SLE-18779

  
Cross-References:

  * CVE-2022-36402
  * CVE-2023-2007
  * CVE-2023-20588
  * CVE-2023-34319
  * CVE-2023-3772
  * CVE-2023-3812
  * CVE-2023-3863
  * CVE-2023-40283
  * CVE-2023-4128
  * CVE-2023-4132
  * CVE-2023-4133
  * CVE-2023-4134
  * CVE-2023-4194
  * CVE-2023-4385
  * CVE-2023-4387
  * CVE-2023-4459

  
CVSS scores:

  * CVE-2022-36402 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-36402 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2007 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-2007 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-20588 ( SUSE ):  6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-20588 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-34319 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-3772 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-3772 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-3812 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3812 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3863 ( SUSE ):  7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3863 ( NVD ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-40283 ( SUSE ):  5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2023-40283 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4128 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4128 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4132 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4132 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4133 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4133 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4134 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4194 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-4194 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  * CVE-2023-4385 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4385 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4387 ( SUSE ):  6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4387 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-4459 ( SUSE ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4459 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves 16 vulnerabilities, contains two features and has 29
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in
    that allowed a local attacker with a user account on the system to gain
    privilege, causing a denial of service (bsc#1203517).
  * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could
    allow an attacker to escalate privileges and execute arbitrary code in the
    context of the kernel (bsc#1210448).
  * CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a
    malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL
    pointer leading to a possible kernel crash and denial of service
    (bsc#1213666).
  * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
    device driver functionality that could allow a local user to crash or
    potentially escalate their privileges on the system (bsc#1213543).
  * CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local
    that allowed a local user with special privileges to impact a kernel
    information leak issue (bsc#1213601).
  * CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that
    allowed a local attacker to perform a local privilege escalation due to
    incorrect handling of the existing filter, leading to a kernel information
    leak issue (bsc#1214149).
  * CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano
    smsusb module that allowed a local user to crash the system, causing a
    denial of service condition (bsc#1213969).
  * CVE-2023-4133: Fixed use after free bugs caused by circular dependency
    problem in cxgb4 (bsc#1213970).
  * CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work()
    (bsc#1213971).
  * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
  * CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have
    allowed a local attacker to crash the system due to a missing sanity check
    (bsc#1214348).
  * CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that
    could allow a local attacker to crash the system due to a double-free
    (bsc#1214350).
  * CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup
    that may have allowed a local attacker with normal user privilege to cause a
    denial of service (bsc#1214451).
  * CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that
    can potentially return speculative data resulting in loss of confidentiality
    (bsc#1213927).
  * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in
    xen/netback (XSA-432) (bsc#1213546).
  * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).

The following non-security bugs were fixed:

  * ARM: spear: Do not use timer namespace for timer_shutdown() function
    (bsc#1213970).
  * Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-
    fixes).
  * Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
  * SUNRPC: always clear XPRT_SOCK_CONNECTING before xprt_clear_connecting on
    TCP xprt (bsc#1214453).
  * af_key: Fix send_acquire race with pfkey_register (git-fixes).
  * af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git-
    fixes).
  * af_unix: Fix a data race of sk->sk_receive_queue->qlen (git-fixes).
  * arm64: Re-enable support for contiguous hugepages (git-fixes)
  * arm64: vdso: Fix clock_getres() for CLOCK_REALTIME (git-fixes)
  * bnx2x: fix page fault following EEH recovery (bsc#1214299).
  * bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
    (git-fixes).
  * bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
  * bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-
    fixes)
  * bridge: ebtables: do not crash when using dnat target in output chains (git-
    fixes).
  * btrfs-allow-use-of-global-block-reserve-for-balance-.patch: (bsc#1214335).
  * btrfs-unset-reloc-control-if-transaction-commit-fail.patch: (bsc#1212051).
  * clocksource/drivers/arm_arch_timer: Do not use timer namespace for
    timer_shutdown() function (bsc#1213970).
  * clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown()
    function (bsc#1213970).
  * fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
  * fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-
    fixes).
  * fs: lockd: avoid possible wrong NULL parameter (git-fixes).
  * inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes).
  * kabi/severities: Ignore newly added SRSO mitigation functions
  * libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752).
  * module: avoid allocation if module is already present and ready
    (bsc#1213921).
  * module: extract patient module check into helper (bsc#1213921).
  * module: move check_modinfo() early to early_mod_check() (bsc#1213921).
  * module: move early sanity checks into a helper (bsc#1213921).
  * net-sysfs: Call dev_hold always in netdev_queue_add_kobject (git-fixes).
  * net-sysfs: Call dev_hold always in rx_queue_add_kobject (git-fixes).
  * net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject (git-
    fixes).
  * net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes).
  * net/af_unix: fix a data-race in unix_dgram_poll (git-fixes).
  * net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git-
    fixes).
  * net/fq_impl: Switch to kvmalloc() for memory allocation (git-fixes).
  * net: bnx2x: fix variable dereferenced before check (git-fixes).
  * net: icmp: fix data-race in cmp_global_allow() (git-fixes).
  * net: mana: add support for XDP_QUERY_PROG (jsc#SLE-18779, bsc#1214209).
  * net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
  * netfilter: ipset: Fix an error code in ip_set_sockfn_get() (git-fixes).
  * netfilter: nf_conntrack: Fix possible possible crash on module loading (git-
    fixes).
  * nfs/blocklayout: Use the passed in gfp flags (git-fixes).
  * nfs: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-
    fixes).
  * nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
  * nfsd: add encoding of op_recall flag for write delegation (git-fixes).
  * nfsd: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
  * packet: fix data-race in fanout_flow_is_huge() (git-fixes).
  * packet: unconditionally free po->rollover (git-fixes).
  * powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
  * ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
  * ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
  * s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes
    bsc#1215057).
  * s390/cpum_sf: Avoid SBD overflow condition in irq handler (git-fixes
    bsc#1213908).
  * s390/cpum_sf: Check for SDBT and SDB consistency (git-fixes bsc#1213910).
  * s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly (git-
    fixes bsc#1215049).
  * s390/dasd: Fix capacity calculation for large volumes (git-fixes
    bsc#1215034).
  * s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).
  * s390/ftrace: fix endless recursion in function_graph tracer (git-fixes
    bsc#1213912).
  * s390/jump_label: print real address in a case of a jump label bug (git-fixes
    bsc#1213899).
  * s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037).
  * s390/kdump: Fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).
  * s390/pkey: add one more argument space for debug feature entry (git-fixes
    bsc#1215035).
  * s390/qdio: add sanity checks to the fast-requeue path (git-fixes
    bsc#1215038).
  * s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes
    bsc#1213906).
  * s390/smp: fix physical to logical CPU map for SMT (git-fixes bsc#1213904).
  * s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes
    bsc#1213911).
  * s390/uaccess: avoid (false positive) compiler warnings (git-fixes
    bsc#1215041).
  * s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR (git-fixes
    bsc#1215046).
  * s390/zcrypt: improve special ap message cmd handling (git-fixes
    bsc#1215032).
  * s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).
  * sched/core: Check quota and period overflow at usec to nsec conversion (git
    fixes).
  * sched/core: Handle overflow in cpu_shares_write_u64 (git fixes).
  * sched/cpufreq: Fix kobject memleak (git fixes).
  * sched/fair: Do not NUMA balance for kthreads (git fixes).
  * sched/fair: Fix CFS bandwidth hrtimer expiry type (git fixes).
  * sched/topology: Fix off by one bug (git fixes).
  * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
  * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
  * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
  * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
  * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
  * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
  * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
  * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
  * scsi: qla2xxx: Remove unused declarations (bsc#1214928).
  * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs()
    (bsc#1214928).
  * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
  * scsi: storvsc: Always set no_report_opcodes (git-fixes).
  * scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
  * skbuff: fix a data race in skb_queue_len() (git-fixes).
  * timers: Add shutdown mechanism to the internal functions (bsc#1213970).
  * timers: Provide timer_shutdown_sync (bsc#1213970).
  * timers: Rename del_timer() to timer_delete() (bsc#1213970).
  * timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
  * timers: Replace BUG_ON()s (bsc#1213970).
  * timers: Silently ignore timers with a NULL function (bsc#1213970).
  * timers: Split [try_to_]del_timer_sync to prepare for shutdown mode
    (bsc#1213970).
  * timers: Update kernel-doc for various functions (bsc#1213970).
  * timers: Use del_timer_sync() even on UP (bsc#1213970).
  * tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
  * tun: fix bonding active backup with arp monitoring (git-fixes).
  * ubifs: fix snprintf() checking (git-fixes).
  * udp6: Fix race condition in udp6_sendmsg & connect (git-fixes).
  * udp: fix race between close() and udp_abort() (git-fixes).
  * usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
  * usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-
    fixes).
  * usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
  * usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
  * usb: serial: option: add LARA-R6 01B PIDs (git-fixes).
  * usb: serial: option: add Quectel EC200A module support (git-fixes).
  * usb: serial: option: add Quectel EC200U modem (git-fixes).
  * usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
  * usb: serial: option: add Quectel EM05CN modem (git-fixes).
  * usb: serial: option: add Quectel EM061KGL series (git-fixes).
  * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes).
  * usb: serial: option: add u-blox LARA-L6 modem (git-fixes).
  * usb: serial: option: support Quectel EM060K_128 (git-fixes).
  * usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
  * usb: serial: simple: sort driver entries (git-fixes).
  * usb: xhci-mtk: set the dma max_seg_size (git-fixes).
  * usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
  * usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
  * x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
  * x86/bugs: Reset speculation control settings on init (git-fixes).
  * x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
  * x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
  * x86/cpu/vmware: Fix platform detection VMWARE_PORT macro (bsc#1210327).
  * x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm
    (bsc#1210327).
  * x86/cpu/vmware: Use the full form of INL in VMWARE_PORT (bsc#1210327).
  * x86/cpu: Cleanup the untrain mess (git-fixes).
  * x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
  * x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
  * x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
  * x86/cpu: Rename original retbleed methods (git-fixes).
  * x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes).
  * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
    (git-fixes).
  * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
  * x86/microcode/AMD: Load late on both threads too (git-fixes).
  * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
  * x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
  * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
  * x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
    (git-fixes).
  * x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
    retpolines and IBT (git-fixes).
  * x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
  * x86/speculation: Add cpu_show_gds() prototype (git-fixes).
  * x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
  * x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
  * x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
  * x86/srso: Explain the untraining sequences a bit more (git-fixes).
  * x86/srso: Fix build breakage with the LLVM linker (git-fixes).
  * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
  * x86/vmware: Add a header file for hypercall definitions (bsc#1210327).
  * x86/vmware: Add steal time clock support for VMware guests (bsc#1210327).
  * x86/vmware: Enable steal time accounting (bsc#1210327).
  * x86/vmware: Update platform detection code for VMCALL/VMMCALL hypercalls
    (bsc#1210327).
  * x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
  * xfrm: release device reference for invalid state (git-fixes).
  * xhci-pci: set the dma max_seg_size (git-fixes).
  * xhci: Remove device endpoints from bandwidth list when freeing the device
    (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3681=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3681=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3681=1

## Package List:

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
    * kernel-azure-4.12.14-16.149.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    * kernel-azure-debuginfo-4.12.14-16.149.1
    * kernel-azure-base-4.12.14-16.149.1
    * kernel-azure-base-debuginfo-4.12.14-16.149.1
    * kernel-syms-azure-4.12.14-16.149.1
    * kernel-azure-devel-4.12.14-16.149.1
    * kernel-azure-debugsource-4.12.14-16.149.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    * kernel-source-azure-4.12.14-16.149.1
    * kernel-devel-azure-4.12.14-16.149.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
    * kernel-azure-4.12.14-16.149.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    * kernel-azure-debuginfo-4.12.14-16.149.1
    * kernel-azure-base-4.12.14-16.149.1
    * kernel-azure-base-debuginfo-4.12.14-16.149.1
    * kernel-syms-azure-4.12.14-16.149.1
    * kernel-azure-devel-4.12.14-16.149.1
    * kernel-azure-debugsource-4.12.14-16.149.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    * kernel-source-azure-4.12.14-16.149.1
    * kernel-devel-azure-4.12.14-16.149.1
  * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
    * kernel-azure-4.12.14-16.149.1
  * SUSE Linux Enterprise Server 12 SP5 (x86_64)
    * kernel-azure-debuginfo-4.12.14-16.149.1
    * kernel-azure-base-4.12.14-16.149.1
    * kernel-azure-base-debuginfo-4.12.14-16.149.1
    * kernel-syms-azure-4.12.14-16.149.1
    * kernel-azure-devel-4.12.14-16.149.1
    * kernel-azure-debugsource-4.12.14-16.149.1
  * SUSE Linux Enterprise Server 12 SP5 (noarch)
    * kernel-source-azure-4.12.14-16.149.1
    * kernel-devel-azure-4.12.14-16.149.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-36402.html
  * https://www.suse.com/security/cve/CVE-2023-2007.html
  * https://www.suse.com/security/cve/CVE-2023-20588.html
  * https://www.suse.com/security/cve/CVE-2023-34319.html
  * https://www.suse.com/security/cve/CVE-2023-3772.html
  * https://www.suse.com/security/cve/CVE-2023-3812.html
  * https://www.suse.com/security/cve/CVE-2023-3863.html
  * https://www.suse.com/security/cve/CVE-2023-40283.html
  * https://www.suse.com/security/cve/CVE-2023-4128.html
  * https://www.suse.com/security/cve/CVE-2023-4132.html
  * https://www.suse.com/security/cve/CVE-2023-4133.html
  * https://www.suse.com/security/cve/CVE-2023-4134.html
  * https://www.suse.com/security/cve/CVE-2023-4194.html
  * https://www.suse.com/security/cve/CVE-2023-4385.html
  * https://www.suse.com/security/cve/CVE-2023-4387.html
  * https://www.suse.com/security/cve/CVE-2023-4459.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1120059
  * https://bugzilla.suse.com/show_bug.cgi?id=1203517
  * https://bugzilla.suse.com/show_bug.cgi?id=1210327
  * https://bugzilla.suse.com/show_bug.cgi?id=1210448
  * https://bugzilla.suse.com/show_bug.cgi?id=1212051
  * https://bugzilla.suse.com/show_bug.cgi?id=1213543
  * https://bugzilla.suse.com/show_bug.cgi?id=1213546
  * https://bugzilla.suse.com/show_bug.cgi?id=1213601
  * https://bugzilla.suse.com/show_bug.cgi?id=1213666
  * https://bugzilla.suse.com/show_bug.cgi?id=1213899
  * https://bugzilla.suse.com/show_bug.cgi?id=1213904
  * https://bugzilla.suse.com/show_bug.cgi?id=1213906
  * https://bugzilla.suse.com/show_bug.cgi?id=1213908
  * https://bugzilla.suse.com/show_bug.cgi?id=1213910
  * https://bugzilla.suse.com/show_bug.cgi?id=1213911
  * https://bugzilla.suse.com/show_bug.cgi?id=1213912
  * https://bugzilla.suse.com/show_bug.cgi?id=1213921
  * https://bugzilla.suse.com/show_bug.cgi?id=1213927
  * https://bugzilla.suse.com/show_bug.cgi?id=1213969
  * https://bugzilla.suse.com/show_bug.cgi?id=1213970
  * https://bugzilla.suse.com/show_bug.cgi?id=1213971
  * https://bugzilla.suse.com/show_bug.cgi?id=1214019
  * https://bugzilla.suse.com/show_bug.cgi?id=1214149
  * https://bugzilla.suse.com/show_bug.cgi?id=1214157
  * https://bugzilla.suse.com/show_bug.cgi?id=1214209
  * https://bugzilla.suse.com/show_bug.cgi?id=1214233
  * https://bugzilla.suse.com/show_bug.cgi?id=1214299
  * https://bugzilla.suse.com/show_bug.cgi?id=1214335
  * https://bugzilla.suse.com/show_bug.cgi?id=1214348
  * https://bugzilla.suse.com/show_bug.cgi?id=1214350
  * https://bugzilla.suse.com/show_bug.cgi?id=1214451
  * https://bugzilla.suse.com/show_bug.cgi?id=1214453
  * https://bugzilla.suse.com/show_bug.cgi?id=1214752
  * https://bugzilla.suse.com/show_bug.cgi?id=1214928
  * https://bugzilla.suse.com/show_bug.cgi?id=1215028
  * https://bugzilla.suse.com/show_bug.cgi?id=1215032
  * https://bugzilla.suse.com/show_bug.cgi?id=1215034
  * https://bugzilla.suse.com/show_bug.cgi?id=1215035
  * https://bugzilla.suse.com/show_bug.cgi?id=1215036
  * https://bugzilla.suse.com/show_bug.cgi?id=1215037
  * https://bugzilla.suse.com/show_bug.cgi?id=1215038
  * https://bugzilla.suse.com/show_bug.cgi?id=1215041
  * https://bugzilla.suse.com/show_bug.cgi?id=1215046
  * https://bugzilla.suse.com/show_bug.cgi?id=1215049
  * https://bugzilla.suse.com/show_bug.cgi?id=1215057
  * https://jira.suse.com/browse/PED-4579
  * https://jira.suse.com/browse/SLE-18779

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230919/05880ec0/attachment.htm>


More information about the sle-security-updates mailing list