<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:0770-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">#1065729</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198438">#1198438</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203331">#1203331</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205711">#1205711</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206103">#1206103</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207051">#1207051</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207845">#1207845</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208542">#1208542</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208700">#1208700</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208837">#1208837</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209188">#1209188</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-38096.html">CVE-2022-38096</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-4129.html">CVE-2022-4129</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-0597.html">CVE-2023-0597</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1118.html">CVE-2023-1118</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-23559.html">CVE-2023-23559</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-26545.html">CVE-2023-26545</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-38096</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-38096</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4129</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4129</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0597</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0597</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1118</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1118</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-23559</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-23559</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-26545</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-26545</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Availability Extension 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Live Patching 12-SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Workstation Extension 12 12-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves six vulnerabilities and has five fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).</li>
<li>CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)</li>
<li>CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).</li>
<li>CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).</li>
<li>CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).</li>
<li>CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes).</li>
<li>icmp: do not fail on fragment reassembly time exceeded (git-fixes).</li>
<li>ipmi: fix initialization when workqueue allocation fails (git-fixes).</li>
<li>ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes).</li>
<li>kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes).</li>
<li>kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes).</li>
<li>kabi/severities: add l2tp local symbols</li>
<li>net: aquantia: fix RSS table and key sizes (git-fixes).</li>
<li>netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).</li>
<li>netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes).</li>
<li>nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git-fixes).</li>
<li>nfs: Pass error information to the pgio error cleanup routine (git-fixes).</li>
<li>nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).</li>
<li>nfsd: fix race to check ls_layouts (git-fixes).</li>
<li>nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).</li>
<li>ocfs2: Fix data corruption after failed write (bsc#1208542).</li>
<li>pNFS/filelayout: Fix coalescing test for single DS (git-fixes).</li>
<li>powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).</li>
<li>powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729).</li>
<li>powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729).</li>
<li>powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729).</li>
<li>scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).</li>
<li>sunrpc: Fix priority queue fairness (git-fixes).</li>
<li>sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).</li>
<li>vlan: Fix out of order vlan headers with reorder header off (git-fixes).</li>
<li>vlan: Fix vlan insertion for packets without ethernet header (git-fixes).</li>
<li>vxlan: Fix error path in __vxlan_dev_create() (git-fixes).</li>
<li>vxlan: changelink: Fix handling of default remotes (git-fixes).</li>
<li>xfrm: Copy policy family in clone_policy (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Important update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-770=1 SUSE-SLE-HA-12-SP5-2023-770=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Availability Extension 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-HA-12-SP5-2023-770=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Live Patching 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-770=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-770=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-770=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-770=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 12 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-WE-12-SP5-2023-770=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>kernel-default-debuginfo-4.12.14-122.153.1</li>
<li>cluster-md-kmp-default-4.12.14-122.153.1</li>
<li>dlm-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-devel-4.12.14-122.153.1</li>
<li>kernel-syms-4.12.14-122.153.1</li>
<li>gfs2-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>ocfs2-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-debugsource-4.12.14-122.153.1</li>
<li>gfs2-kmp-default-4.12.14-122.153.1</li>
<li>kernel-default-base-debuginfo-4.12.14-122.153.1</li>
<li>ocfs2-kmp-default-4.12.14-122.153.1</li>
<li>cluster-md-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-base-4.12.14-122.153.1</li>
<li>dlm-kmp-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64)
<ul>
<li>kernel-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
<ul>
<li>kernel-devel-4.12.14-122.153.1</li>
<li>kernel-macros-4.12.14-122.153.1</li>
<li>kernel-source-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>kernel-default-devel-debuginfo-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64)
<ul>
<li>kernel-default-debuginfo-4.12.14-122.153.1</li>
<li>cluster-md-kmp-default-4.12.14-122.153.1</li>
<li>dlm-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>gfs2-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>ocfs2-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-debugsource-4.12.14-122.153.1</li>
<li>gfs2-kmp-default-4.12.14-122.153.1</li>
<li>ocfs2-kmp-default-4.12.14-122.153.1</li>
<li>cluster-md-kmp-default-debuginfo-4.12.14-122.153.1</li>
<li>dlm-kmp-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
<ul>
<li>kernel-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
<ul>
<li>kernel-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
<ul>
<li>kernel-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-kgraft-devel-4.12.14-122.153.1</li>
<li>kernel-default-kgraft-4.12.14-122.153.1</li>
<li>kernel-default-debugsource-4.12.14-122.153.1</li>
<li>kgraft-patch-4_12_14-122_153-default-1-8.3.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
<ul>
<li>kernel-docs-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>kernel-obs-build-debugsource-4.12.14-122.153.1</li>
<li>kernel-obs-build-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64)
<ul>
<li>kernel-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>kernel-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-devel-4.12.14-122.153.1</li>
<li>kernel-syms-4.12.14-122.153.1</li>
<li>kernel-default-debugsource-4.12.14-122.153.1</li>
<li>kernel-default-base-4.12.14-122.153.1</li>
<li>kernel-default-base-debuginfo-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
<ul>
<li>kernel-devel-4.12.14-122.153.1</li>
<li>kernel-macros-4.12.14-122.153.1</li>
<li>kernel-source-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>kernel-default-devel-debuginfo-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
<ul>
<li>kernel-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>kernel-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-devel-4.12.14-122.153.1</li>
<li>kernel-syms-4.12.14-122.153.1</li>
<li>kernel-default-debugsource-4.12.14-122.153.1</li>
<li>kernel-default-base-4.12.14-122.153.1</li>
<li>kernel-default-base-debuginfo-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>
<li>kernel-devel-4.12.14-122.153.1</li>
<li>kernel-macros-4.12.14-122.153.1</li>
<li>kernel-source-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (s390x)
<ul>
<li>kernel-default-man-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (x86_64)
<ul>
<li>kernel-default-devel-debuginfo-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
<ul>
<li>kernel-default-4.12.14-122.153.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
<ul>
<li>kernel-default-debugsource-4.12.14-122.153.1</li>
<li>kernel-default-debuginfo-4.12.14-122.153.1</li>
<li>kernel-default-extra-4.12.14-122.153.1</li>
<li>kernel-default-extra-debuginfo-4.12.14-122.153.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-38096.html">https://www.suse.com/security/cve/CVE-2022-38096.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-4129.html">https://www.suse.com/security/cve/CVE-2022-4129.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-0597.html">https://www.suse.com/security/cve/CVE-2023-0597.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1118.html">https://www.suse.com/security/cve/CVE-2023-1118.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-23559.html">https://www.suse.com/security/cve/CVE-2023-23559.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-26545.html">https://www.suse.com/security/cve/CVE-2023-26545.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">https://bugzilla.suse.com/show_bug.cgi?id=1065729</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198438">https://bugzilla.suse.com/show_bug.cgi?id=1198438</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203331">https://bugzilla.suse.com/show_bug.cgi?id=1203331</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205711">https://bugzilla.suse.com/show_bug.cgi?id=1205711</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206103">https://bugzilla.suse.com/show_bug.cgi?id=1206103</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207051">https://bugzilla.suse.com/show_bug.cgi?id=1207051</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207845">https://bugzilla.suse.com/show_bug.cgi?id=1207845</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208542">https://bugzilla.suse.com/show_bug.cgi?id=1208542</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208700">https://bugzilla.suse.com/show_bug.cgi?id=1208700</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208837">https://bugzilla.suse.com/show_bug.cgi?id=1208837</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209188">https://bugzilla.suse.com/show_bug.cgi?id=1209188</a>
</li>
</ul>
</div>