<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:0634-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1068032">#1068032</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1175995">#1175995</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1186449">#1186449</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1194535">#1194535</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198971">#1198971</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1201420">#1201420</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202195">#1202195</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202712">#1202712</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202713">#1202713</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203200">#1203200</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203332">#1203332</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203693">#1203693</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204356">#1204356</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204514">#1204514</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204662">#1204662</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205149">#1205149</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205397">#1205397</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205495">#1205495</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206602">#1206602</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206635">#1206635</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206640">#1206640</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206641">#1206641</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206642">#1206642</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206643">#1206643</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206645">#1206645</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206646">#1206646</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206648">#1206648</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206649">#1206649</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206664">#1206664</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206677">#1206677</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206698">#1206698</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206784">#1206784</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206855">#1206855</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206858">#1206858</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206873">#1206873</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206876">#1206876</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206877">#1206877</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206878">#1206878</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206880">#1206880</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206882">#1206882</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206883">#1206883</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206884">#1206884</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206885">#1206885</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206887">#1206887</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206888">#1206888</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206890">#1206890</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207092">#1207092</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207093">#1207093</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207094">#1207094</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207097">#1207097</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207102">#1207102</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207103">#1207103</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207104">#1207104</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207107">#1207107</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207108">#1207108</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207134">#1207134</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207186">#1207186</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207201">#1207201</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207237">#1207237</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207773">#1207773</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207795">#1207795</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207875">#1207875</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208108">#1208108</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208541">#1208541</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208570">#1208570</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2017-5754.html">CVE-2017-5754</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-4203.html">CVE-2021-4203</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-2991.html">CVE-2022-2991</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-36280.html">CVE-2022-36280</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-4662.html">CVE-2022-4662</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-47929.html">CVE-2022-47929</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-0045.html">CVE-2023-0045</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-0266.html">CVE-2023-0266</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-0590.html">CVE-2023-0590</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2017-5754</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2017-5754</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.6</span>
<span class="cvss-vector">CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-4203</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-4203</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-2991</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-2991</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-36280</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-36280</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4662</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4662</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-47929</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-47929</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0045</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0266</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0266</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0590</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Availability Extension 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Live Patching 12-SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Workstation Extension 12 12-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves nine vulnerabilities, contains two features and has 56 fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).</li>
<li>CVE-2017-5754: Fixed speculative side channel attacks on various CPU platforms (bsc#1068032).</li>
<li>CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).</li>
<li>CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).</li>
<li>CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bsc#1206664).</li>
<li>CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).</li>
<li>CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).</li>
<li>CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).</li>
<li>CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>add 00f3ca2c2d66 ("mm: memcontrol: per-lruvec stats infrastructure")</li>
<li>add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts</li>
<li>add 168e06f7937d kernel/hung_task.c: force console verbose before panic</li>
<li>add 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface")</li>
<li>add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies</li>
<li>add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic</li>
<li>add Tegra repository to git_sort.</li>
<li>add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend</li>
<li>add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats</li>
<li>add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()</li>
<li>add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers</li>
<li>add support for enabling livepatching related packages on -RT (jsc#PED-1706)</li>
<li>add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)</li>
<li>amiflop: clean up on errors during setup (git-fixes).</li>
<li>audit: ensure userspace is penalized the same as the kernel when under pressure (bsc#1204514).</li>
<li>audit: improve robustness of the audit queue handling (bsc#1204514).</li>
<li>bcache: fix super block seq numbers comparision in register_cache_set() (git-fixes).</li>
<li>blk-cgroup: Fix memleak on error path (git-fixes).</li>
<li>blk-cgroup: Pre-allocate tree node on blkg_conf_prep (git-fixes).</li>
<li>blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes).</li>
<li>blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).</li>
<li>blk-mq: insert request not through ->queue_rq into sw/scheduler queue (git-fixes).</li>
<li>blk-mq: move cancel of requeue_work into blk_mq_release (git-fixes).</li>
<li>blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).</li>
<li>blktrace: break out of blktrace setup on concurrent calls (git-fixes).</li>
<li>blktrace: ensure our debugfs dir exists (git-fixes).</li>
<li>blktrace: fix endianness for blk_log_remap() (git-fixes).</li>
<li>blktrace: fix endianness in get_pdu_int() (git-fixes).</li>
<li>blktrace: use errno instead of bi_status (git-fixes).</li>
<li>block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (bsc#1175995,jsc#SLE-15608).</li>
<li>block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() (git-fixes).</li>
<li>block, bfq: increase idling for weight-raised queues (git-fixes).</li>
<li>block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (bsc#1207102).</li>
<li>block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).</li>
<li>block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (git-fixes).</li>
<li>block/bio-integrity: fix a memory leak bug (git-fixes).</li>
<li>block/swim: Check drive type (git-fixes).</li>
<li>block/swim: Do not log an error message for an invalid ioctl (git-fixes).</li>
<li>block/swim: Fix IO error at end of medium (git-fixes).</li>
<li>block/swim: Rename macros to avoid inconsistent inverted logic (git-fixes).</li>
<li>block/swim: Select appropriate drive on device open (git-fixes).</li>
<li>block: Fix use-after-free issue accessing struct io_cq (git-fixes).</li>
<li>block: add a lower-level bio_add_page interface (git-fixes).</li>
<li>block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).</li>
<li>block: fix memleak when __blk_rq_map_user_iov() is failed (git-fixes).</li>
<li>block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).</li>
<li>brd: check and limit max_part par (git-fixes).</li>
<li>compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES (git-fixes).</li>
<li>constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.</li>
<li>cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (git-fixes).</li>
<li>cryptoloop: add a deprecation warning (git-fixes).</li>
<li>d6810d730022 ("memcg, THP, swap: make mem_cgroup_swapout() support THP")</li>
<li>dm bio record: save/restore bi_end_io and bi_integrity (git-fixes).</li>
<li>dm btree: add a defensive bounds check to insert_at() (git-fixes).</li>
<li>dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).</li>
<li>dm cache: Fix UAF in destroy() (git-fixes).</li>
<li>dm cache: set needs_check flag after aborting metadata (git-fixes).</li>
<li>dm crypt: use u64 instead of sector_t to store iv_offset (git-fixes).</li>
<li>dm flakey: Properly corrupt multi-page bios (git-fixes).</li>
<li>dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).</li>
<li>dm ioctl: prevent potential spectre v1 gadget (git-fixes).</li>
<li>dm kcopyd: Fix bug causing workqueue stalls (git-fixes).</li>
<li>dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).</li>
<li>dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).</li>
<li>dm space maps: do not reset space map allocation cursor when committing (git-fixes).</li>
<li>dm table: Remove BUG_ON(in_interrupt()) (git-fixes).</li>
<li>dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).</li>
<li>dm thin: Fix UAF in run_timer_softirq() (git-fixes).</li>
<li>dm thin: Use last transaction's pmd->root when commit failed (git-fixes).</li>
<li>dm thin: add sanity checks to thin-pool and external snapshot creation (git-fixes).</li>
<li>dm thin: resume even if in FAIL mode (git-fixes).</li>
<li>dm verity: skip verity work if I/O error when system is shutting down (git-fixes).</li>
<li>dm verity: use message limit for data block corruption message (git-fixes).</li>
<li>dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (git-fixes).</li>
<li>dm: Use kzalloc for all structs with embedded biosets/mempools (git-fixes).</li>
<li>do not dump the threads that had been already exiting when zapped (git-fixes).</li>
<li>drbd: Change drbd_request_detach_interruptible's return type to int (git-fixes).</li>
<li>drbd: destroy workqueue when drbd device was freed (git-fixes).</li>
<li>drbd: do not block when adjusting "disk-options" while IO is frozen (git-fixes).</li>
<li>drbd: dynamically allocate shash descriptor (git-fixes).</li>
<li>drbd: fix potential silent data corruption (git-fixes).</li>
<li>drbd: fix print_st_err()'s prototype to match the definition (git-fixes).</li>
<li>drbd: ignore "all zero" peer volume sizes in handshake (git-fixes).</li>
<li>drbd: reject attach of unsuitable uuids even if connected (git-fixes).</li>
<li>drbd: remove usage of list iterator variable after loop (git-fixes).</li>
<li>drbd: use after free in drbd_create_device() (git-fixes).</li>
<li>drivers/block/zram/zram_drv.c: fix bug storing backing_dev (git-fixes).</li>
<li>drivers:md:fix a potential use-after-free bug (git-fixes).</li>
<li>ext4: Detect already used quota file early (bsc#1206873).</li>
<li>ext4: Fixup pages without buffers (bsc#1205495).</li>
<li>ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).</li>
<li>ext4: add reserved GDT blocks check (bsc#1202712).</li>
<li>ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).</li>
<li>ext4: avoid resizing to a partial cluster size (bsc#1206880).</li>
<li>ext4: clear mmp sequence number when remounting read-only (bsc#1207093).</li>
<li>ext4: continue to expand file system when the target size does not reach (bsc#1206882).</li>
<li>ext4: correct max_inline_xattr_value_size computing (bsc#1206878).</li>
<li>ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).</li>
<li>ext4: do not BUG if someone dirty pages without asking ext4 first (bsc#1207097).</li>
<li>ext4: fix a data race at inode->i_disksize (bsc#1206855).</li>
<li>ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).</li>
<li>ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).</li>
<li>ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).</li>
<li>ext4: fix race when reusing xattr blocks (bsc#1198971).</li>
<li>ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).</li>
<li>ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).</li>
<li>ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).</li>
<li>ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).</li>
<li>ext4: make ext4_lazyinit_thread freezable (bsc#1206885).</li>
<li>ext4: prohibit fstrim in norecovery mode (bsc#1207094).</li>
<li>ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).</li>
<li>ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).</li>
<li>ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).</li>
<li>ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).</li>
<li>floppy: Add max size check for user space request (git-fixes).</li>
<li>ftrace: Enable trampoline when rec count returns back to one (git-fixes).</li>
<li>ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper() (git-fixes).</li>
<li>ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).</li>
<li>ftrace: fpid_next() should increase position index (git-fixes).</li>
<li>git_sort: add usb-linus branch for gregkh/usb</li>
<li>gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).</li>
<li>hid: betop: check shape of output reports (git-fixes, bsc#1207186).</li>
<li>hid: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186).</li>
<li>hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).</li>
<li>iforce: restore old iforce_dump_packet (git-fixes).</li>
<li>input: convert autorepeat timer to use timer_setup() (git-fixes).</li>
<li>input: do not use WARN() in input_alloc_absinfo() (git-fixes).</li>
<li>input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).</li>
<li>input: iforce - reformat the packet dump output (git-fixes).</li>
<li>input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). Heavily modified, as prerequisites for taking it as is would utterly ruin kABI</li>
<li>input: replace hard coded string with <strong>func</strong> in pr_err() (git-fixes).</li>
<li>input: switch to using sizeof(*type) when allocating memory (git-fixes).</li>
<li>input: use seq_putc() in input_seq_print_bitmap() (git-fixes).</li>
<li>input: use seq_puts() in input_devices_seq_show() (git-fixes).</li>
<li>ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).</li>
<li>ipmi: Move remove_work to dedicated workqueue (git-fixes).</li>
<li>ipmi: fix memleak when unload ipmi driver (git-fixes).</li>
<li>ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).</li>
<li>isofs: reject hardware sector size > 2048 bytes (bsc#1207103).</li>
<li>jbd2: use the correct print format (git-fixes).</li>
<li>kABI: cpu/hotplug: reexport cpu_smt_control (kabi).</li>
<li>kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).</li>
<li>kernel/sys.c: avoid copying possible padding bytes in copy_to_user (git-fixes).</li>
<li>kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules (git-fixes).</li>
<li>kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack (git-fixes).</li>
<li>loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).</li>
<li>loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).</li>
<li>m68k/mac: Do not remap SWIM MMIO region (git-fixes).</li>
<li>makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).</li>
<li>mbcache: add functions to delete entry if unused (bsc#1198971).</li>
<li>mbcache: do not reclaim used entries (bsc#1198971).</li>
<li>md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).</li>
<li>md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).</li>
<li>md: fix a crash in mempool_free (git-fixes).</li>
<li>md: protect md_unregister_thread from reentrancy (git-fixes).</li>
<li>memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure (bsc#1208108).</li>
<li>mm/filemap.c: clear page error before actual read (bsc#1206635).</li>
<li>module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).</li>
<li>nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag (git-fixes).</li>
<li>nbd: Fix NULL pointer in flush_workqueue (git-fixes).</li>
<li>nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).</li>
<li>nbd: add a flush_workqueue in nbd_start_device (git-fixes).</li>
<li>nbd: add missing config put (git-fixes).</li>
<li>nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).</li>
<li>nbd: do not requeue the same request twice (git-fixes).</li>
<li>nbd: fix a block_device refcount leak in nbd_release (git-fixes).</li>
<li>nbd: fix crash when the blksize is zero (git-fixes).</li>
<li>nbd: fix io hung while disconnecting device (git-fixes).</li>
<li>nbd: fix max number of supported devs (git-fixes).</li>
<li>nbd: fix possible sysfs duplicate warning (git-fixes).</li>
<li>nbd: fix race between nbd_alloc_config() and module removal (git-fixes).</li>
<li>nbd: fix shutdown and recv work deadlock v2 (git-fixes).</li>
<li>nbd: handle racing with error'ed out commands (git-fixes).</li>
<li>nbd: handle unexpected replies better (git-fixes).</li>
<li>nbd: make the config put is called before the notifying the waiter (git-fixes).</li>
<li>nbd: verify socket is supported during setup (git-fixes).</li>
<li>nbd:fix memory leak in nbd_get_socket() (git-fixes).</li>
<li>net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).</li>
<li>net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes).</li>
<li>net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).</li>
<li>net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).</li>
<li>net: allwinner: Fix use correct return type for ndo_start_xmit() (git-fixes).</li>
<li>net: bcmgenet: suppress warnings on failed Rx SKB allocations (git-fixes).</li>
<li>net: bmac: Fix read of MAC address from ROM (git-fixes).</li>
<li>net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans (git-fixes).</li>
<li>net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).</li>
<li>net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).</li>
<li>net: stmmac: Fix sub-second increment (git-fixes).</li>
<li>net: systemport: suppress warnings on failed Rx SKB allocations (git-fixes).</li>
<li>net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).</li>
<li>net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (git-fixes).</li>
<li>net: usb: lan78xx: do not modify phy_device state concurrently (git-fixes).</li>
<li>net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).</li>
<li>net: usb: qmi_wwan: add Quectel RM520N (git-fixes).</li>
<li>net: usb: sr9700: Handle negative len (git-fixes).</li>
<li>null_blk: Handle null_add_dev() failures properly (git-fixes).</li>
<li>null_blk: fix spurious IO errors after failed past-wp access (git-fixes).</li>
<li>panic: unset panic_on_warn inside panic() (git-fixes).</li>
<li>parisc: Fix HP SDC hpa address output (git-fixes).</li>
<li>parisc: Fix serio address output (git-fixes).</li>
<li>pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes).</li>
<li>pci/aspm: Declare threshold_ns as u32, not u64 (git-fixes).</li>
<li>pci/sysfs: Fix double free in error path (git-fixes).</li>
<li>pci: Check for alloc failure in pci_request_irq() (git-fixes).</li>
<li>pci: Fix pci_device_is_present() for VFs by checking PF (git-fixes).</li>
<li>pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).</li>
<li>pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).</li>
<li>prlimit: do_prlimit needs to have a speculation check (git-fixes).</li>
<li>ps3disk: use the default segment boundary (git-fixes).</li>
<li>ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (git-fixes).</li>
<li>quota: Check next/prev free block number after reading from quota file (bsc#1206640).</li>
<li>quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls (bsc#1207104).</li>
<li>revert "blkdev: check for valid request queue before issuing flush" (git-fixes).</li>
<li>revert "dm cache: fix arm link errors with inline" (git-fixes).</li>
<li>revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" (git-fixes).</li>
<li>rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well.</li>
<li>rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.</li>
<li>rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings.</li>
<li>rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage</li>
<li>rsxx: add missed destroy_workqueue calls in remove (git-fixes).</li>
<li>sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).</li>
<li>sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).</li>
<li>sbitmap: fix lockup while swapping (bsc#1206602).</li>
<li>scripts/CKC: Do not use empty branches file Do not use it and do not write neither.</li>
<li>scripts/CKC: Make checker more specific</li>
<li>scripts/CKC: Make checker script download branches.conf Requires curl, downloads and caches the branches.conf file.</li>
<li>scripts/CKC: do not output from shopt shopt outputs the status of the flag, so that git grep looks like: git grep -qi 'nocasematch off ^References:.<em>bsc#1202195' remotes/origin/SLE15-SP2-RT -- 'patches.</em>' I do not know how it can work (it does -- maybe thanks to ^), but it's not definitely OK. So make shopt in term2regex() quiet.</li>
<li>scripts/CKC: simplify print_branch AFAIU, it's simply: printf "%-23s"</li>
<li>scripts/CKC: store local branches with $USER prefix So that on shared machines, it can be overwritten when expires.</li>
<li>scripts/CKC: test accepts only =, not == And put $1 into "" too.</li>
<li>scripts/git_sort/git_sort.py: Add arm-soc for-next tree.</li>
<li>scripts/wd-functions.sh: fix get_branch_name() in worktree Instead of using a hard-coded path for the git directory, use git rev-parse with --git-dir flag, introduced since 0.99.7, to find the git directory so branch name can be correctly detected while in git worktrees.</li>
<li>scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).</li>
<li>scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).</li>
<li>scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).</li>
<li>scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).</li>
<li>scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).</li>
<li>scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).</li>
<li>scsi: ipr: Fix WARNING in ipr_init() (git-fixes).</li>
<li>scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).</li>
<li>scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix erroneous link down (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix printk() format string (bsc#1208570).</li>
<li>scsi: qla2xxx: Fix stalled login (bsc#1208570).</li>
<li>scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).</li>
<li>scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).</li>
<li>scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).</li>
<li>scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).</li>
<li>scsi: qla2xxx: Remove dead code (bsc#1208570).</li>
<li>scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).</li>
<li>scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).</li>
<li>scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).</li>
<li>scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).</li>
<li>scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).</li>
<li>scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).</li>
<li>scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).</li>
<li>scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).</li>
<li>scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).</li>
<li>scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).</li>
<li>scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).</li>
<li>scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).</li>
<li>scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).</li>
<li>scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).</li>
<li>scsi: smartpqi: use processor ID for hwqueue for non-mq case .</li>
<li>scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).</li>
<li>scsi: target: core: Add CONTROL field for trace events (git-fixes).</li>
<li>sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).</li>
<li>signal handling: do not use BUG_ON() for debugging (git-fixes).</li>
<li>struct dwc3: move new members to the end (git-fixes).</li>
<li>sunrpc: make lockless test safe (bsc#1207201).</li>
<li>sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (git-fixes).</li>
<li>swim: fix cleanup on setup error (git-fixes).</li>
<li>tracing/cfi: Fix cmp_entries_* functions signature mismatch (git-fixes).</li>
<li>tracing: Adding NULL checks for trace_array descriptor pointer (git-fixes).</li>
<li>tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).</li>
<li>tracing: Fix a kmemleak false positive in tracing_map (git-fixes).</li>
<li>tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).</li>
<li>tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).</li>
<li>tracing: Fix stack trace event size (git-fixes).</li>
<li>tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).</li>
<li>tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).</li>
<li>tracing: Set kernel_stack's caller size properly (git-fixes).</li>
<li>tracing: Use address-of operator on section symbols (git-fixes).</li>
<li>tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).</li>
<li>trigger_next should increase position index (git-fixes).</li>
<li>udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).</li>
<li>udf: Check LVID earlier (bsc#1207108).</li>
<li>udf: Fix BUG on corrupted inode (bsc#1207107).</li>
<li>udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).</li>
<li>udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).</li>
<li>udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).</li>
<li>udf: Limit sparing table size (bsc#1206643).</li>
<li>udf: fix silent AED tagLocation corruption (bsc#1206645).</li>
<li>udf_get_extendedattr() had no boundary checks (bsc#1206648).</li>
<li>usb: dwc3: Disable phy suspend after power-on reset (git-fixes).</li>
<li>usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys (git-fixes).</li>
<li>usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume (git-fixes).</li>
<li>usb: dwc3: core: initialize ULPI before trying to get the PHY (git-fixes).</li>
<li>usb: dwc3: fix PHY disable sequence (git-fixes).</li>
<li>usb: dwc3: gadget: Fix event pending check (git-fixes).</li>
<li>usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).</li>
<li>usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).</li>
<li>usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).</li>
<li>usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).</li>
<li>usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).</li>
<li>virtio-blk: Fix memory leak among suspend/resume procedure (git-fixes).</li>
<li>virtio_console: break out of buf poll on remove (git-fixes).</li>
<li>virtio_console: eliminate anonymous module_init & module_exit (git-fixes).</li>
<li>x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk (git-fixes).</li>
<li>x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models (git-fixes).</li>
<li>x86/asm: Add instruction suffixes to bitops (git-fixes).</li>
<li>x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates (git-fixes).</li>
<li>x86/bugs: Move the l1tf function and define pr_fmt properly (git-fixes).</li>
<li>x86/earlyprintk: Add a force option for pciserial device (git-fixes).</li>
<li>x86/entry/64: Add instruction suffix (git-fixes).</li>
<li>x86/fpu: Add might_fault() to user_insn() (git-fixes).</li>
<li>x86/hpet: Prevent potential NULL pointer dereference (git-fixes).</li>
<li>x86/kexec: Do not setup EFI info if EFI runtime is not enabled (git-fixes).</li>
<li>x86/mce-inject: Reset injection struct after injection (git-fixes).</li>
<li>x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).</li>
<li>x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).</li>
<li>x86/mm: Do not leak kernel addresses (git-fixes).</li>
<li>x86/speculation: Add support for STIBP always-on preferred mode (git-fixes).</li>
<li>x86/speculation: Change misspelled STIPB to STIBP (git-fixes).</li>
<li>x86: boot: Fix EFI stub alignment (git-fixes).</li>
<li>x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).</li>
<li>xen-netfront: Fix hang on device removal (bsc#1206698).</li>
<li>xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).</li>
<li>xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).</li>
<li>xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).</li>
<li>xfs: fix attr leaf header freemap.size underflow (git-fixes).</li>
<li>xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).</li>
<li>xfs: fix mount failure crash on invalid iclog memory access (git-fixes).</li>
<li>xfs: fix partially uninitialized structure in xfs_reflink_remap_extent (git-fixes).</li>
<li>xfs: fix realtime bitmap/summary file truncation when growing rt volume (git-fixes).</li>
<li>xfs: fix use-after-free race in xfs_buf_rele (git-fixes).</li>
<li>xfs: initialize the shortform attr header padding entry (git-fixes).</li>
<li>xfs: make sure the rt allocator does not run off the end (git-fixes).</li>
<li>xfs: require both realtime inodes to mount (git-fixes).</li>
<li>xhci: Do not show warning for reinit on known broken suspend (git-fixes).</li>
<li>zram: fix double free backing device (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Important update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1 SUSE-SLE-HA-12-SP5-2023-634=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Availability Extension 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-HA-12-SP5-2023-634=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Live Patching 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-634=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-634=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-634=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 12 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-WE-12-SP5-2023-634=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>kernel-syms-4.12.14-122.150.1</li>
<li>kernel-default-debugsource-4.12.14-122.150.1</li>
<li>gfs2-kmp-default-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-base-debuginfo-4.12.14-122.150.1</li>
<li>dlm-kmp-default-4.12.14-122.150.1</li>
<li>ocfs2-kmp-default-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-base-4.12.14-122.150.1</li>
<li>gfs2-kmp-default-4.12.14-122.150.1</li>
<li>kernel-default-devel-4.12.14-122.150.1</li>
<li>dlm-kmp-default-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-debuginfo-4.12.14-122.150.1</li>
<li>ocfs2-kmp-default-4.12.14-122.150.1</li>
<li>cluster-md-kmp-default-4.12.14-122.150.1</li>
<li>cluster-md-kmp-default-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64)
<ul>
<li>kernel-default-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
<ul>
<li>kernel-devel-4.12.14-122.150.1</li>
<li>kernel-macros-4.12.14-122.150.1</li>
<li>kernel-source-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>kernel-default-devel-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64)
<ul>
<li>kernel-default-debugsource-4.12.14-122.150.1</li>
<li>gfs2-kmp-default-debuginfo-4.12.14-122.150.1</li>
<li>dlm-kmp-default-4.12.14-122.150.1</li>
<li>ocfs2-kmp-default-debuginfo-4.12.14-122.150.1</li>
<li>gfs2-kmp-default-4.12.14-122.150.1</li>
<li>dlm-kmp-default-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-debuginfo-4.12.14-122.150.1</li>
<li>ocfs2-kmp-default-4.12.14-122.150.1</li>
<li>cluster-md-kmp-default-4.12.14-122.150.1</li>
<li>cluster-md-kmp-default-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
<ul>
<li>kernel-default-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
<ul>
<li>kernel-default-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
<ul>
<li>kernel-default-debugsource-4.12.14-122.150.1</li>
<li>kgraft-patch-4_12_14-122_150-default-1-8.3.1</li>
<li>kernel-default-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-kgraft-devel-4.12.14-122.150.1</li>
<li>kernel-default-kgraft-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
<ul>
<li>kernel-docs-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>kernel-obs-build-4.12.14-122.150.1</li>
<li>kernel-obs-build-debugsource-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64)
<ul>
<li>kernel-default-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>kernel-syms-4.12.14-122.150.1</li>
<li>kernel-default-debugsource-4.12.14-122.150.1</li>
<li>kernel-default-base-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-base-4.12.14-122.150.1</li>
<li>kernel-default-devel-4.12.14-122.150.1</li>
<li>kernel-default-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
<ul>
<li>kernel-devel-4.12.14-122.150.1</li>
<li>kernel-macros-4.12.14-122.150.1</li>
<li>kernel-source-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>kernel-default-devel-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
<ul>
<li>kernel-default-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>kernel-syms-4.12.14-122.150.1</li>
<li>kernel-default-debugsource-4.12.14-122.150.1</li>
<li>kernel-default-base-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-base-4.12.14-122.150.1</li>
<li>kernel-default-devel-4.12.14-122.150.1</li>
<li>kernel-default-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>
<li>kernel-devel-4.12.14-122.150.1</li>
<li>kernel-macros-4.12.14-122.150.1</li>
<li>kernel-source-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (s390x)
<ul>
<li>kernel-default-man-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (x86_64)
<ul>
<li>kernel-default-devel-debuginfo-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
<ul>
<li>kernel-default-4.12.14-122.150.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
<ul>
<li>kernel-default-extra-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-debuginfo-4.12.14-122.150.1</li>
<li>kernel-default-debugsource-4.12.14-122.150.1</li>
<li>kernel-default-extra-4.12.14-122.150.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2017-5754.html">https://www.suse.com/security/cve/CVE-2017-5754.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2021-4203.html">https://www.suse.com/security/cve/CVE-2021-4203.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-2991.html">https://www.suse.com/security/cve/CVE-2022-2991.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-36280.html">https://www.suse.com/security/cve/CVE-2022-36280.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-4662.html">https://www.suse.com/security/cve/CVE-2022-4662.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-47929.html">https://www.suse.com/security/cve/CVE-2022-47929.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-0045.html">https://www.suse.com/security/cve/CVE-2023-0045.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-0266.html">https://www.suse.com/security/cve/CVE-2023-0266.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-0590.html">https://www.suse.com/security/cve/CVE-2023-0590.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1068032">https://bugzilla.suse.com/show_bug.cgi?id=1068032</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1175995">https://bugzilla.suse.com/show_bug.cgi?id=1175995</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1186449">https://bugzilla.suse.com/show_bug.cgi?id=1186449</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1194535">https://bugzilla.suse.com/show_bug.cgi?id=1194535</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198971">https://bugzilla.suse.com/show_bug.cgi?id=1198971</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1201420">https://bugzilla.suse.com/show_bug.cgi?id=1201420</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202195">https://bugzilla.suse.com/show_bug.cgi?id=1202195</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202712">https://bugzilla.suse.com/show_bug.cgi?id=1202712</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202713">https://bugzilla.suse.com/show_bug.cgi?id=1202713</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203200">https://bugzilla.suse.com/show_bug.cgi?id=1203200</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203332">https://bugzilla.suse.com/show_bug.cgi?id=1203332</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203693">https://bugzilla.suse.com/show_bug.cgi?id=1203693</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204356">https://bugzilla.suse.com/show_bug.cgi?id=1204356</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204514">https://bugzilla.suse.com/show_bug.cgi?id=1204514</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204662">https://bugzilla.suse.com/show_bug.cgi?id=1204662</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205149">https://bugzilla.suse.com/show_bug.cgi?id=1205149</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205397">https://bugzilla.suse.com/show_bug.cgi?id=1205397</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205495">https://bugzilla.suse.com/show_bug.cgi?id=1205495</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206602">https://bugzilla.suse.com/show_bug.cgi?id=1206602</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206635">https://bugzilla.suse.com/show_bug.cgi?id=1206635</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206640">https://bugzilla.suse.com/show_bug.cgi?id=1206640</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206641">https://bugzilla.suse.com/show_bug.cgi?id=1206641</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206642">https://bugzilla.suse.com/show_bug.cgi?id=1206642</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206643">https://bugzilla.suse.com/show_bug.cgi?id=1206643</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206645">https://bugzilla.suse.com/show_bug.cgi?id=1206645</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206646">https://bugzilla.suse.com/show_bug.cgi?id=1206646</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206648">https://bugzilla.suse.com/show_bug.cgi?id=1206648</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206649">https://bugzilla.suse.com/show_bug.cgi?id=1206649</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206664">https://bugzilla.suse.com/show_bug.cgi?id=1206664</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206677">https://bugzilla.suse.com/show_bug.cgi?id=1206677</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206698">https://bugzilla.suse.com/show_bug.cgi?id=1206698</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206784">https://bugzilla.suse.com/show_bug.cgi?id=1206784</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206855">https://bugzilla.suse.com/show_bug.cgi?id=1206855</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206858">https://bugzilla.suse.com/show_bug.cgi?id=1206858</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206873">https://bugzilla.suse.com/show_bug.cgi?id=1206873</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206876">https://bugzilla.suse.com/show_bug.cgi?id=1206876</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206877">https://bugzilla.suse.com/show_bug.cgi?id=1206877</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206878">https://bugzilla.suse.com/show_bug.cgi?id=1206878</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206880">https://bugzilla.suse.com/show_bug.cgi?id=1206880</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206882">https://bugzilla.suse.com/show_bug.cgi?id=1206882</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206883">https://bugzilla.suse.com/show_bug.cgi?id=1206883</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206884">https://bugzilla.suse.com/show_bug.cgi?id=1206884</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206885">https://bugzilla.suse.com/show_bug.cgi?id=1206885</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206887">https://bugzilla.suse.com/show_bug.cgi?id=1206887</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206888">https://bugzilla.suse.com/show_bug.cgi?id=1206888</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206890">https://bugzilla.suse.com/show_bug.cgi?id=1206890</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207092">https://bugzilla.suse.com/show_bug.cgi?id=1207092</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207093">https://bugzilla.suse.com/show_bug.cgi?id=1207093</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207094">https://bugzilla.suse.com/show_bug.cgi?id=1207094</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207097">https://bugzilla.suse.com/show_bug.cgi?id=1207097</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207102">https://bugzilla.suse.com/show_bug.cgi?id=1207102</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207103">https://bugzilla.suse.com/show_bug.cgi?id=1207103</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207104">https://bugzilla.suse.com/show_bug.cgi?id=1207104</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207107">https://bugzilla.suse.com/show_bug.cgi?id=1207107</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207108">https://bugzilla.suse.com/show_bug.cgi?id=1207108</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207134">https://bugzilla.suse.com/show_bug.cgi?id=1207134</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207186">https://bugzilla.suse.com/show_bug.cgi?id=1207186</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207201">https://bugzilla.suse.com/show_bug.cgi?id=1207201</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207237">https://bugzilla.suse.com/show_bug.cgi?id=1207237</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207773">https://bugzilla.suse.com/show_bug.cgi?id=1207773</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207795">https://bugzilla.suse.com/show_bug.cgi?id=1207795</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207875">https://bugzilla.suse.com/show_bug.cgi?id=1207875</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208108">https://bugzilla.suse.com/show_bug.cgi?id=1208108</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208541">https://bugzilla.suse.com/show_bug.cgi?id=1208541</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208570">https://bugzilla.suse.com/show_bug.cgi?id=1208570</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-1706">https://jira.suse.com/browse/PED-1706</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SLE-15608">https://jira.suse.com/browse/SLE-15608</a>
</li>
</ul>
</div>