<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:0762-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">#1065729</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198438">#1198438</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203331">#1203331</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205711">#1205711</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206103">#1206103</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207051">#1207051</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207845">#1207845</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208179">#1208179</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208542">#1208542</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208700">#1208700</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208837">#1208837</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209008">#1209008</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209188">#1209188</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-38096.html">CVE-2022-38096</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-4129.html">CVE-2022-4129</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-0597.html">CVE-2023-0597</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1118.html">CVE-2023-1118</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-23559.html">CVE-2023-23559</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-26545.html">CVE-2023-26545</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-38096</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-38096</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4129</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-4129</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0597</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-0597</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1118</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1118</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-23559</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-23559</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-26545</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-26545</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves six vulnerabilities and has seven fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).</li>
<li>CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)</li>
<li>CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).</li>
<li>CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).</li>
<li>CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).</li>
<li>CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes).</li>
<li>do not sign the vanilla kernel (bsc#1209008).</li>
<li>icmp: do not fail on fragment reassembly time exceeded (git-fixes).</li>
<li>ipmi: fix initialization when workqueue allocation fails (git-fixes).</li>
<li>ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes).</li>
<li>kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes).</li>
<li>kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes).</li>
<li>kabi/severities: add l2tp local symbols</li>
<li>kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.</li>
<li>media: coda: Add check for dcoda_iram_alloc (git-fixes).</li>
<li>media: coda: Add check for kmalloc (git-fixes).</li>
<li>media: platform: ti: Add missing check for devm_regulator_get (git-fixes).</li>
<li>net: aquantia: fix RSS table and key sizes (git-fixes).</li>
<li>netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).</li>
<li>netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes).</li>
<li>nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git-fixes).</li>
<li>nfs: Pass error information to the pgio error cleanup routine (git-fixes).</li>
<li>nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).</li>
<li>nfsd: fix race to check ls_layouts (git-fixes).</li>
<li>nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).</li>
<li>ocfs2: Fix data corruption after failed write (bsc#1208542).</li>
<li>pNFS/filelayout: Fix coalescing test for single DS (git-fixes).</li>
<li>powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).</li>
<li>powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729).</li>
<li>powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729).</li>
<li>powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729).</li>
<li>scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).</li>
<li>sunrpc: Fix priority queue fairness (git-fixes).</li>
<li>sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).</li>
<li>vlan: Fix out of order vlan headers with reorder header off (git-fixes).</li>
<li>vlan: Fix vlan insertion for packets without ethernet header (git-fixes).</li>
<li>vxlan: Fix error path in __vxlan_dev_create() (git-fixes).</li>
<li>vxlan: changelink: Fix handling of default remotes (git-fixes).</li>
<li>xfrm: Copy policy family in clone_policy (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Important update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>kernel-azure-base-debuginfo-4.12.14-16.127.1</li>
<li>kernel-azure-debugsource-4.12.14-16.127.1</li>
<li>kernel-azure-devel-4.12.14-16.127.1</li>
<li>kernel-azure-debuginfo-4.12.14-16.127.1</li>
<li>kernel-azure-base-4.12.14-16.127.1</li>
<li>kernel-syms-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
<ul>
<li>kernel-devel-azure-4.12.14-16.127.1</li>
<li>kernel-source-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>kernel-azure-base-debuginfo-4.12.14-16.127.1</li>
<li>kernel-azure-debugsource-4.12.14-16.127.1</li>
<li>kernel-azure-devel-4.12.14-16.127.1</li>
<li>kernel-azure-debuginfo-4.12.14-16.127.1</li>
<li>kernel-azure-base-4.12.14-16.127.1</li>
<li>kernel-syms-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
<ul>
<li>kernel-devel-azure-4.12.14-16.127.1</li>
<li>kernel-source-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (x86_64)
<ul>
<li>kernel-azure-base-debuginfo-4.12.14-16.127.1</li>
<li>kernel-azure-debugsource-4.12.14-16.127.1</li>
<li>kernel-azure-devel-4.12.14-16.127.1</li>
<li>kernel-azure-debuginfo-4.12.14-16.127.1</li>
<li>kernel-azure-base-4.12.14-16.127.1</li>
<li>kernel-syms-azure-4.12.14-16.127.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>
<li>kernel-devel-azure-4.12.14-16.127.1</li>
<li>kernel-source-azure-4.12.14-16.127.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-38096.html">https://www.suse.com/security/cve/CVE-2022-38096.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-4129.html">https://www.suse.com/security/cve/CVE-2022-4129.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-0597.html">https://www.suse.com/security/cve/CVE-2023-0597.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1118.html">https://www.suse.com/security/cve/CVE-2023-1118.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-23559.html">https://www.suse.com/security/cve/CVE-2023-23559.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-26545.html">https://www.suse.com/security/cve/CVE-2023-26545.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">https://bugzilla.suse.com/show_bug.cgi?id=1065729</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198438">https://bugzilla.suse.com/show_bug.cgi?id=1198438</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203331">https://bugzilla.suse.com/show_bug.cgi?id=1203331</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205711">https://bugzilla.suse.com/show_bug.cgi?id=1205711</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206103">https://bugzilla.suse.com/show_bug.cgi?id=1206103</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207051">https://bugzilla.suse.com/show_bug.cgi?id=1207051</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207845">https://bugzilla.suse.com/show_bug.cgi?id=1207845</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208179">https://bugzilla.suse.com/show_bug.cgi?id=1208179</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208542">https://bugzilla.suse.com/show_bug.cgi?id=1208542</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208700">https://bugzilla.suse.com/show_bug.cgi?id=1208700</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208837">https://bugzilla.suse.com/show_bug.cgi?id=1208837</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209008">https://bugzilla.suse.com/show_bug.cgi?id=1209008</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209188">https://bugzilla.suse.com/show_bug.cgi?id=1209188</a>
</li>
</ul>
</div>