<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:0483-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">bsc#1065729</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1108281">bsc#1108281</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1123986">bsc#1123986</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1141539">bsc#1141539</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1181674">bsc#1181674</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206889">bsc#1206889</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212152">bsc#1212152</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1216702">bsc#1216702</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1216989">bsc#1216989</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217525">bsc#1217525</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218689">bsc#1218689</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218713">bsc#1218713</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218730">bsc#1218730</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218752">bsc#1218752</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218757">bsc#1218757</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218768">bsc#1218768</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218836">bsc#1218836</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218968">bsc#1218968</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219022">bsc#1219022</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219053">bsc#1219053</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219120">bsc#1219120</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219128">bsc#1219128</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219412">bsc#1219412</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219434">bsc#1219434</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219445">bsc#1219445</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219446">bsc#1219446</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-33631.html">CVE-2021-33631</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-46838.html">CVE-2023-46838</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-47233.html">CVE-2023-47233</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-51042.html">CVE-2023-51042</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-51043.html">CVE-2023-51043</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-51780.html">CVE-2023-51780</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-51782.html">CVE-2023-51782</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6040.html">CVE-2023-6040</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0340.html">CVE-2024-0340</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0775.html">CVE-2024-0775</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-1086.html">CVE-2024-1086</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-33631</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-33631</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-46838</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-46838</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-47233</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-47233</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51042</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51042</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51043</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51043</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51780</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51780</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51782</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-51782</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6040</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6040</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-0340</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-0340</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-0775</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-0775</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-1086</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-1086</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 11 vulnerabilities and has 15 security fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).</li>
<li>CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).</li>
<li>CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).</li>
<li>CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).</li>
<li>CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).</li>
<li>CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).</li>
<li>CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).</li>
<li>CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within <code>nf_tables_newtable</code> function (bsc#1218752).</li>
<li>CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).</li>
<li>CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).</li>
<li>CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>Store the old kernel changelog entries in kernel-docs package (bsc#1218713)</li>
<li>9p: missing chunk of "fs/9p: Do not update file type when updating file attributes" (git-fixes).</li>
<li>ACPICA: Avoid cache flush inside virtual machines (git-fixes).</li>
<li>GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads (git-fixes).</li>
<li>KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1219022).</li>
<li>UAPI: ndctl: Fix g++-unsupported initialisation in headers (git-fixes).</li>
<li>USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).</li>
<li>USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).</li>
<li>USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).</li>
<li>USB: serial: option: fix FM101R-GL defines (git-fixes).</li>
<li>acpi/nfit: Require opt-in for read-only label configurations (git-fixes).</li>
<li>acpi/nfit: improve bounds checking for 'func' (git-fixes).</li>
<li>affs: fix basic permission bits to actually work (git-fixes).</li>
<li>aio: fix mremap after fork null-deref (git-fixes).</li>
<li>asix: Add check for usbnet_get_endpoints (git-fixes).</li>
<li>bnxt_en: Log unknown link speed appropriately (git-fixes).</li>
<li>ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1219445).</li>
<li>chardev: fix error handling in cdev_device_add() (git-fixes).</li>
<li>configfs: fix a deadlock in configfs_symlink() (git-fixes).</li>
<li>configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).</li>
<li>configfs: fix a use-after-free in __configfs_open_file (git-fixes).</li>
<li>configfs: fix config_item refcnt leak in configfs_rmdir() (git-fixes).</li>
<li>configfs: fix memleak in configfs_release_bin_file (git-fixes).</li>
<li>configfs: new object reprsenting tree fragments (git-fixes).</li>
<li>configfs: provide exclusion between IO and removals (git-fixes).</li>
<li>configfs: stash the data we need into configfs_buffer at open time (git-fixes).</li>
<li>ext4: Avoid freeing inodes on dirty list (bsc#1216989).</li>
<li>ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).</li>
<li>fat: add ratelimit to fat*_ent_bread() (git-fixes).</li>
<li>fs/exofs: fix potential memory leak in mount option parsing (git-fixes).</li>
<li>fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (git-fixes).</li>
<li>fs/fat/file.c: issue flush after the writeback of FAT (git-fixes).</li>
<li>fs/file.c: initialize init_files.resize_wait (git-fixes).</li>
<li>fs: do not audit the capability check in simple_xattr_list() (git-fixes).</li>
<li>fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).</li>
<li>fs: orangefs: fix error return code of orangefs_revalidate_lookup() (git-fixes).</li>
<li>fs: ratelimit __find_get_block_slow() failure message (git-fixes).</li>
<li>fs: warn about impending deprecation of mandatory locks (git-fixes).</li>
<li>gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).</li>
<li>gfs2: Check sb_bsize_shift after reading superblock (git-fixes).</li>
<li>gfs2: Do not call dlm after protocol is unmounted (git-fixes).</li>
<li>gfs2: Do not set GFS2_RDF_UPTODATE when the lvb is updated (git-fixes).</li>
<li>gfs2: Do not skip dlm unlock if glock had an lvb (git-fixes).</li>
<li>gfs2: Fix inode height consistency check (git-fixes).</li>
<li>gfs2: Fix lru_count going negative (git-fixes).</li>
<li>gfs2: Fix marking bitmaps non-full (git-fixes).</li>
<li>gfs2: Fix possible data races in gfs2_show_options() (git-fixes).</li>
<li>gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes).</li>
<li>gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes).</li>
<li>gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (git-fixes).</li>
<li>gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).</li>
<li>gfs2: Special-case rindex for gfs2_grow (git-fixes).</li>
<li>gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes).</li>
<li>gfs2: add validation checks for size of superblock (git-fixes).</li>
<li>gfs2: assign rgrp glock before compute_bitstructs (git-fixes).</li>
<li>gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes).</li>
<li>gfs2: check for live vs. read-only file system in gfs2_fitrim (git-fixes).</li>
<li>gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (git-fixes).</li>
<li>gfs2: fix use-after-free on transaction ail lists (git-fixes).</li>
<li>gfs2: ignore negated quota changes (git-fixes).</li>
<li>gfs2: initialize transaction tr_ailX_lists earlier (git-fixes).</li>
<li>gfs2: report "already frozen/thawed" errors (git-fixes).</li>
<li>gfs2: take jdata unstuff into account in do_grow (git-fixes).</li>
<li>gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache (git-fixes).</li>
<li>gtp: change NET_UDP_TUNNEL dependency to select (git-fixes).</li>
<li>help_next should increase position index (git-fixes).</li>
<li>iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).</li>
<li>kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes).</li>
<li>kernfs: bring names in comments in line with code (git-fixes).</li>
<li>kernfs: fix use-after-free in __kernfs_remove (git-fixes).</li>
<li>libceph: use kernel_connect() (bsc#1219446).</li>
<li>libnvdimm/btt: Fix LBA masking during 'free list' population (git-fixes).</li>
<li>libnvdimm/btt: Fix a kmemdup failure check (git-fixes).</li>
<li>libnvdimm/btt: Remove unnecessary code in btt_freelist_init (git-fixes).</li>
<li>libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).</li>
<li>libnvdimm/namespace: Fix a potential NULL pointer dereference (git-fixes).</li>
<li>libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).</li>
<li>libnvdimm/pmem: Delete include of nd-core.h (git-fixes).</li>
<li>libnvdimm/pmem: fix a possible OOB access when read and write pmem (git-fixes).</li>
<li>libnvdimm/region: Fix label activation vs errors (git-fixes).</li>
<li>libnvdimm: Fix compilation warnings with W=1 (git-fixes).</li>
<li>libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes).</li>
<li>libnvdimm: Validate command family indices (git-fixes).</li>
<li>libnvdimm: cover up changes in struct nvdimm_bus_descriptor (git-fixes).</li>
<li>locks: print a warning when mount fails due to lack of "mand" support (git-fixes).</li>
<li>mce: fix set_mce_nospec to always unmap the whole page (git-fixes).</li>
<li>mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases.</li>
<li>mlx4: handle non-napi callers to napi_poll (git-fixes).</li>
<li>mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).</li>
<li>mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG (git-fixes).</li>
<li>mlxsw: spectrum: Set LAG port collector only when active (git-fixes).</li>
<li>mm,mremap: bail out earlier in mremap_to under map pressure (bsc#1123986).</li>
<li>net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes).</li>
<li>net: (cpts) fix a missing check of clk_prepare (git-fixes).</li>
<li>net: dsa: bcm_sf2: Propagate error value from mdio_write (git-fixes).</li>
<li>net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 (git-fixes).</li>
<li>net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 (git-fixed).</li>
<li>net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).</li>
<li>net: ethernet: ti: fix possible object reference leak (git-fixes).</li>
<li>net: fec: Do not use netdev messages too early (git-fixes).</li>
<li>net: ks8851: Delay requesting IRQ until opened (git-fixes).</li>
<li>net: ks8851: Reassert reset pin if chip ID check fails (git-fixes).</li>
<li>net: ks8851: Set initial carrier state to down (git-fixes).</li>
<li>net: macb: Add null check for PCLK and HCLK (git-fixed).</li>
<li>net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes).</li>
<li>net: mvneta: fix double free of txq->buf (git-fixes).</li>
<li>net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).</li>
<li>net: phylink: avoid resolving link state too early (git-fixes).</li>
<li>net: sfp: do not probe SFP module before we're attached (git-fixes).</li>
<li>net: stmmac: Disable EEE mode earlier in XMIT callback (git-fixes).</li>
<li>net: stmmac: Fallback to Platform Data clock in Watchdog conversion (git-fixes).</li>
<li>net: stmmac: do not overwrite discard_frame status (git-fixes).</li>
<li>net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (git-fixes).</li>
<li>net: stmmac: dwmac1000: Clear unused address entries (git-fixed).</li>
<li>net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting (git-fixes).</li>
<li>net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).</li>
<li>net: systemport: Fix reception of BPDUs (git-fixes).</li>
<li>net: xilinx: fix possible object reference leak (git-fixed).</li>
<li>nfsd: drop st_mutex and rp_mutex before calling move_to_close_lru() (bsc#1217525).</li>
<li>nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).</li>
<li>nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).</li>
<li>nvdimm: Fix badblocks clear off-by-one error (git-fixes).</li>
<li>nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes).</li>
<li>orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).</li>
<li>orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).</li>
<li>orangefs: fix orangefs df output (git-fixes).</li>
<li>orangefs: rate limit the client not running info message (git-fixes).</li>
<li>powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).</li>
<li>powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).</li>
<li>powerpc/pseries/memhotplug: Quieten some DLPAR operations (bsc#1065729).</li>
<li>powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).</li>
<li>powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1065729).</li>
<li>preserve KABI for struct plat_stmmacenet_data (git-fixes).</li>
<li>preserve KABI for struct sfp_socket_ops (git-fixes).</li>
<li>proc: fix /proc/*/map_files lookup (git-fixes).</li>
<li>pstore/ram: Check start of empty przs during init (git-fixes).</li>
<li>pstore/ram: Fix error return code in ramoops_probe() (git-fixes).</li>
<li>pstore/ram: Run without kernel crash dump region (git-fixes).</li>
<li>pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).</li>
<li>pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).</li>
<li>r8169: fix data corruption issue on RTL8402 (git-fixes).</li>
<li>reiserfs: Check the return value from __getblk() (git-fixes).</li>
<li>reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).</li>
<li>s390/dasd: fix double module refcount decrement (bsc#1141539).</li>
<li>scsi: qedf: fc_rport_priv reference counting fixes (bsc#1212152).</li>
<li>scsi: qla0xxx: Fix system crash due to bad pointer access (git-fixes).</li>
<li>sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes).</li>
<li>statfs: enforce statfs[64] structure initialization (git-fixes).</li>
<li>tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).</li>
<li>usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).</li>
<li>veth: Fixing transmit return status for dropped packets (git-fixes).</li>
<li>vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).</li>
<li>writeback: Export inode_io_list_del() (bsc#1216989).</li>
<li>x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).</li>
<li>x86/alternatives: Sync core before enabling interrupts (git-fixes).</li>
<li>x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).</li>
<li>x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes).</li>
<li>x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes).</li>
<li>x86/build: Turn off -fcf-protection for realmode targets (git-fixes).</li>
<li>x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).</li>
<li>x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).</li>
<li>x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).</li>
<li>x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).</li>
<li>x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).</li>
<li>x86/lib: Fix overflow when counting digits (git-fixes).</li>
<li>x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).</li>
<li>x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).</li>
<li>x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).</li>
<li>x86/mm: Add a x86_has_pat_wp() helper (git-fixes).</li>
<li>x86/pat: Fix x86_has_pat_wp() (git-fixes).</li>
<li>x86/pat: Pass valid address to sanitize_phys() (git-fixes).</li>
<li>x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).</li>
<li>x86/pm: Fix false positive kmemleak report in msr_build_context() (git-fixes).</li>
<li>x86/purgatory: Do not generate debug info for purgatory.ro (git-fixes).</li>
<li>x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).</li>
<li>x86/topology: Fix duplicated core ID within a package (git-fixes).</li>
<li>x86/topology: Fix multiple packages shown on a single-package system (git-fixes).</li>
<li>x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).</li>
<li>x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).</li>
<li>x86: Clear .brk area at early boot (git-fixes).</li>
<li>x86: Fix __get_wchan() for !STACKTRACE (git-fixes).</li>
<li>x86: Fix get_wchan() to support the ORC unwinder (git-fixes).</li>
<li>x86: Mark stop_this_cpu() __noreturn (git-fixes).</li>
<li>x86: Pin task-stack in __get_wchan() (git-fixes).</li>
<li>x86: <strong>always_inline </strong>{rd,wr}msr() (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-483=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-483=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-483=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>kernel-azure-debuginfo-4.12.14-16.168.1</li>
<li>kernel-azure-base-debuginfo-4.12.14-16.168.1</li>
<li>kernel-syms-azure-4.12.14-16.168.1</li>
<li>kernel-azure-base-4.12.14-16.168.1</li>
<li>kernel-azure-debugsource-4.12.14-16.168.1</li>
<li>kernel-azure-devel-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
<ul>
<li>kernel-source-azure-4.12.14-16.168.1</li>
<li>kernel-devel-azure-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>kernel-azure-debuginfo-4.12.14-16.168.1</li>
<li>kernel-azure-base-debuginfo-4.12.14-16.168.1</li>
<li>kernel-syms-azure-4.12.14-16.168.1</li>
<li>kernel-azure-base-4.12.14-16.168.1</li>
<li>kernel-azure-debugsource-4.12.14-16.168.1</li>
<li>kernel-azure-devel-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
<ul>
<li>kernel-source-azure-4.12.14-16.168.1</li>
<li>kernel-devel-azure-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (x86_64)
<ul>
<li>kernel-azure-debuginfo-4.12.14-16.168.1</li>
<li>kernel-azure-base-debuginfo-4.12.14-16.168.1</li>
<li>kernel-syms-azure-4.12.14-16.168.1</li>
<li>kernel-azure-base-4.12.14-16.168.1</li>
<li>kernel-azure-debugsource-4.12.14-16.168.1</li>
<li>kernel-azure-devel-4.12.14-16.168.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>
<li>kernel-source-azure-4.12.14-16.168.1</li>
<li>kernel-devel-azure-4.12.14-16.168.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2021-33631.html">https://www.suse.com/security/cve/CVE-2021-33631.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-46838.html">https://www.suse.com/security/cve/CVE-2023-46838.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-47233.html">https://www.suse.com/security/cve/CVE-2023-47233.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-51042.html">https://www.suse.com/security/cve/CVE-2023-51042.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-51043.html">https://www.suse.com/security/cve/CVE-2023-51043.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-51780.html">https://www.suse.com/security/cve/CVE-2023-51780.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-51782.html">https://www.suse.com/security/cve/CVE-2023-51782.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6040.html">https://www.suse.com/security/cve/CVE-2023-6040.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0340.html">https://www.suse.com/security/cve/CVE-2024-0340.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0775.html">https://www.suse.com/security/cve/CVE-2024-0775.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-1086.html">https://www.suse.com/security/cve/CVE-2024-1086.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">https://bugzilla.suse.com/show_bug.cgi?id=1065729</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1108281">https://bugzilla.suse.com/show_bug.cgi?id=1108281</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1123986">https://bugzilla.suse.com/show_bug.cgi?id=1123986</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1141539">https://bugzilla.suse.com/show_bug.cgi?id=1141539</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1181674">https://bugzilla.suse.com/show_bug.cgi?id=1181674</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206889">https://bugzilla.suse.com/show_bug.cgi?id=1206889</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212152">https://bugzilla.suse.com/show_bug.cgi?id=1212152</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1216702">https://bugzilla.suse.com/show_bug.cgi?id=1216702</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1216989">https://bugzilla.suse.com/show_bug.cgi?id=1216989</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217525">https://bugzilla.suse.com/show_bug.cgi?id=1217525</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218689">https://bugzilla.suse.com/show_bug.cgi?id=1218689</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218713">https://bugzilla.suse.com/show_bug.cgi?id=1218713</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218730">https://bugzilla.suse.com/show_bug.cgi?id=1218730</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218752">https://bugzilla.suse.com/show_bug.cgi?id=1218752</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218757">https://bugzilla.suse.com/show_bug.cgi?id=1218757</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218768">https://bugzilla.suse.com/show_bug.cgi?id=1218768</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218836">https://bugzilla.suse.com/show_bug.cgi?id=1218836</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218968">https://bugzilla.suse.com/show_bug.cgi?id=1218968</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219022">https://bugzilla.suse.com/show_bug.cgi?id=1219022</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219053">https://bugzilla.suse.com/show_bug.cgi?id=1219053</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219120">https://bugzilla.suse.com/show_bug.cgi?id=1219120</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219128">https://bugzilla.suse.com/show_bug.cgi?id=1219128</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219412">https://bugzilla.suse.com/show_bug.cgi?id=1219412</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219434">https://bugzilla.suse.com/show_bug.cgi?id=1219434</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219445">https://bugzilla.suse.com/show_bug.cgi?id=1219445</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219446">https://bugzilla.suse.com/show_bug.cgi?id=1219446</a>
</li>
</ul>
</div>