<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:2808-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">#1065729</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1160435">#1160435</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1174852">#1174852</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1190317">#1190317</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205758">#1205758</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208600">#1208600</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208604">#1208604</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209039">#1209039</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209779">#1209779</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210533">#1210533</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211519">#1211519</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212051">#1212051</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212128">#1212128</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212129">#1212129</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212154">#1212154</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212158">#1212158</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212164">#1212164</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212165">#1212165</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212167">#1212167</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212170">#1212170</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212173">#1212173</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212175">#1212175</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212185">#1212185</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212236">#1212236</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212240">#1212240</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212244">#1212244</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212266">#1212266</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212443">#1212443</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212501">#1212501</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212502">#1212502</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212606">#1212606</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212701">#1212701</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212842">#1212842</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212938">#1212938</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1077.html">CVE-2023-1077</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1079.html">CVE-2023-1079</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1249.html">CVE-2023-1249</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1637.html">CVE-2023-1637</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-2002.html">CVE-2023-2002</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3090.html">CVE-2023-3090</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3111.html">CVE-2023-3111</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3141.html">CVE-2023-3141</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3159.html">CVE-2023-3159</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3161.html">CVE-2023-3161</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3268.html">CVE-2023-3268</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-3358.html">CVE-2023-3358</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-35824.html">CVE-2023-35824</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1077</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1077</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1079</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1079</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1249</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1249</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1637</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1637</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-2002</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-2002</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.8</span>
<span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3090</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3090</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3111</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3111</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3141</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3141</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3159</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3159</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3161</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3161</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3268</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3268</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3358</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-3358</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-35824</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-35824</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 13 vulnerabilities and has 21 fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).</li>
<li>CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).</li>
<li>CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).</li>
<li>CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).</li>
<li>CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).</li>
<li>CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).</li>
<li>CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).</li>
<li>CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).</li>
<li>CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).</li>
<li>CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).</li>
<li>CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).</li>
<li>CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).</li>
<li>CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>Also include kernel-docs build requirements for ALP</li>
<li>Avoid unsuported tar parameter on SLE12</li>
<li>CDC-NCM: avoid overflow in sanity checking (git-fixes).</li>
<li>CIFS: Spelling s/EACCESS/EACCES/ (bsc#1190317).</li>
<li>Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317).</li>
<li>Fix formatting of client smbdirect RDMA logging (bsc#1190317).</li>
<li>Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).</li>
<li>Generalize kernel-doc build requirements.</li>
<li>Handle variable number of SGEs in client smbdirect send (bsc#1190317).</li>
<li>Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.</li>
<li>Move setting %%build_html to config.sh</li>
<li>Move setting %%split_optional to config.sh</li>
<li>Move setting %%supported_modules_check to config.sh</li>
<li>Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.</li>
<li>PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).</li>
<li>PCI/MSI: Destroy sysfs before freeing entries (git-fixes).</li>
<li>PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes).</li>
<li>PCI/MSI: Mask MSI-X vectors only on success (git-fixes).</li>
<li>PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).</li>
<li>PCI: aardvark: Clear all MSIs at setup (git-fixes).</li>
<li>PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).</li>
<li>PCI: aardvark: Do not unmask unused interrupts (git-fixes).</li>
<li>PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).</li>
<li>PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).</li>
<li>PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (git-fixes).</li>
<li>PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).</li>
<li>PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes).</li>
<li>README.BRANCH: Add Miroslav Franc as a co-maintainer</li>
<li>Reduce client smbdirect max receive segment size (bsc#1190317).</li>
<li>Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).</li>
<li>Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.</li>
<li>USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).</li>
<li>USB: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).</li>
<li>USB: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes).</li>
<li>USB: idmouse: fix an uninit-value in idmouse_open (git-fixes).</li>
<li>USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).</li>
<li>USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).</li>
<li>USB: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller.</li>
<li>USB: xhci: rework grace period logic (git-fixes).</li>
<li>affs: initialize fsdata in affs_truncate() (git-fixes).</li>
<li>bnx2x: Check if transceiver implements DDM before access (git-fixes).</li>
<li>bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes).</li>
<li>bnxt_en: Fix typo in PCI id to device description string mapping (git-fixes).</li>
<li>bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).</li>
<li>bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).</li>
<li>bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (git-fixes).</li>
<li>bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).</li>
<li>bnxt_en: reclaim max resources if sriov enable fails (git-fixes).</li>
<li>ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212938).</li>
<li>cifs: Add helper function to check smb1+ server (bsc#1190317).</li>
<li>cifs: Convert struct fealist away from 1-element array (bsc#1190317).</li>
<li>cifs: Fix connections leak when tlink setup failed (bsc#1190317).</li>
<li>cifs: Fix lost destroy smbd connection when MR allocate failed (bsc#1190317).</li>
<li>cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1190317).</li>
<li>cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#1190317).</li>
<li>cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1190317).</li>
<li>cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1190317).</li>
<li>cifs: Fix smb2_set_path_size() (bsc#1190317).</li>
<li>cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1190317).</li>
<li>cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1190317).</li>
<li>cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1190317).</li>
<li>cifs: Fix uninitialized memory reads for oparms.mode (bsc#1190317).</li>
<li>cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1190317).</li>
<li>cifs: Fix warning and UAF when destroy the MR list (bsc#1190317).</li>
<li>cifs: Fix wrong return value checking when GETFLAGS (bsc#1190317).</li>
<li>cifs: Fix xid leak in cifs_copy_file_range() (bsc#1190317).</li>
<li>cifs: Fix xid leak in cifs_create() (bsc#1190317).</li>
<li>cifs: Fix xid leak in cifs_flock() (bsc#1190317).</li>
<li>cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1190317).</li>
<li>cifs: Move the in_send statistic to __smb_send_rqst() (bsc#1190317).</li>
<li>cifs: Remove duplicated include in cifsglob.h (bsc#1190317).</li>
<li>cifs: Replace zero-length arrays with flexible-array members (bsc#1190317).</li>
<li>cifs: Use help macro to get the header preamble size (bsc#1190317).</li>
<li>cifs: Use help macro to get the mid header size (bsc#1190317).</li>
<li>cifs: Use kstrtobool() instead of strtobool() (bsc#1190317).</li>
<li>cifs: add check for returning value of SMB2_close_init (bsc#1190317).</li>
<li>cifs: add check for returning value of SMB2_set_info_init (bsc#1190317).</li>
<li>cifs: add missing spinlock around tcon refcount (bsc#1190317).</li>
<li>cifs: always initialize struct msghdr smb_msg completely (bsc#1190317).</li>
<li>cifs: avoid re-lookups in dfs_cache_find() (bsc#1190317).</li>
<li>cifs: avoid use of global locks for high contention data (bsc#1190317).</li>
<li>cifs: destage dirty pages before re-reading them for cache=none (bsc#1190317).</li>
<li>cifs: do not include page data when checking signature (bsc#1190317).</li>
<li>cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1190317).</li>
<li>cifs: do not take exclusive lock for updating target hints (bsc#1190317).</li>
<li>cifs: do not try to use rdma offload on encrypted connections (bsc#1190317).</li>
<li>cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1190317).</li>
<li>cifs: fix confusing debug message (bsc#1190317).</li>
<li>cifs: fix double free on failed kerberos auth (bsc#1190317).</li>
<li>cifs: fix double-fault crash during ntlmssp (bsc#1190317).</li>
<li>cifs: fix indentation in make menuconfig options (bsc#1190317).</li>
<li>cifs: fix memory leaks in session setup (bsc#1190317).</li>
<li>cifs: fix missing display of three mount options (bsc#1190317).</li>
<li>cifs: fix mount on old smb servers (bsc#1190317).</li>
<li>cifs: fix oops during encryption (bsc#1190317).</li>
<li>cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1190317).</li>
<li>cifs: fix potential deadlock in cache_refresh_path() (bsc#1190317).</li>
<li>cifs: fix potential memory leaks in session setup (bsc#1190317).</li>
<li>cifs: fix race in assemble_neg_contexts() (bsc#1190317).</li>
<li>cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1190317).</li>
<li>cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317).</li>
<li>cifs: fix use-after-free caused by invalid pointer <code>hostname</code> (bsc#1190317).</li>
<li>cifs: fix various whitespace errors in headers (bsc#1190317).</li>
<li>cifs: get rid of dns resolve worker (bsc#1190317).</li>
<li>cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1190317).</li>
<li>cifs: handle cache lookup errors different than -ENOENT (bsc#1190317).</li>
<li>cifs: ignore ipc reconnect failures during dfs failover (bsc#1190317).</li>
<li>cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1190317).</li>
<li>cifs: lease key is uninitialized in smb1 paths (bsc#1190317).</li>
<li>cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1190317).</li>
<li>cifs: match even the scope id for ipv6 addresses (bsc#1190317).</li>
<li>cifs: minor cleanup of some headers (bsc#1190317).</li>
<li>cifs: misc: fix spelling typo in comment (bsc#1190317).</li>
<li>cifs: prevent copying past input buffer boundaries (bsc#1190317).</li>
<li>cifs: prevent data race in cifs_reconnect_tcon() (bsc#1190317).</li>
<li>cifs: prevent data race in smb2_reconnect() (bsc#1190317).</li>
<li>cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317).</li>
<li>cifs: print last update time for interface list (bsc#1190317).</li>
<li>cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1190317).</li>
<li>cifs: remove ->writepage (bsc#1190317).</li>
<li>cifs: remove duplicate code in __refresh_tcon() (bsc#1190317).</li>
<li>cifs: remove initialization value (bsc#1190317).</li>
<li>cifs: remove redundant assignment to the variable match (bsc#1190317).</li>
<li>cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1190317).</li>
<li>cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317).</li>
<li>cifs: return correct error in ->calc_signature() (bsc#1190317).</li>
<li>cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1190317).</li>
<li>cifs: revalidate mapping when doing direct writes (bsc#1190317).</li>
<li>cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317).</li>
<li>cifs: secmech: use shash_desc directly, remove sdesc (bsc#1190317).</li>
<li>cifs: set correct ipc status after initial tree connect (bsc#1190317).</li>
<li>cifs: set correct tcon status after initial tree connect (bsc#1190317).</li>
<li>cifs: set resolved ip in sockaddr (bsc#1190317).</li>
<li>cifs: skip alloc when request has no pages (bsc#1190317).</li>
<li>cifs: skip extra NULL byte in filenames (bsc#1190317).</li>
<li>cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1190317).</li>
<li>cifs: split out smb3_use_rdma_offload() helper (bsc#1190317).</li>
<li>cifs: stop using generic_writepages (bsc#1190317).</li>
<li>cifs: update Kconfig description (bsc#1190317).</li>
<li>cifs: update internal module number (bsc#1190317).</li>
<li>cifs: use ALIGN() and round_up() macros (bsc#1190317).</li>
<li>cifs: use stub posix acl handlers (bsc#1190317).</li>
<li>cifs_atomic_open(): fix double-put on late allocation failure (bsc#1190317).</li>
<li>coda: add error handling for fget (git-fixes).</li>
<li>coda: fix build using bare-metal toolchain (git-fixes).</li>
<li>coda: pass the host file in vma->vm_file on mmap (git-fixes).</li>
<li>cxgb4: fix a memory leak bug (git-fixes).</li>
<li>dim: initialize all struct fields (bsc#1174852).</li>
<li>e1000e: Correct NVM checksum verification flow (git-fixes).</li>
<li>e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).</li>
<li>e1000e: Fix TX dispatch condition (git-fixes).</li>
<li>e1000e: Fix possible overflow in LTR decoding (git-fixes).</li>
<li>fs/adfs: super: fix use-after-free bug (git-fixes).</li>
<li>fs/affs: release old buffer head on error path (git-fixes).</li>
<li>fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes).</li>
<li>fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() (git-fixes).</li>
<li>fs/ufs: avoid potential u32 multiplication overflow (git-fixes).</li>
<li>fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).</li>
<li>fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() (git-fixes).</li>
<li>fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() (git-fixes).</li>
<li>fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).</li>
<li>google/gve:fix repeated words in comments (bsc#1211519).</li>
<li>gve: Adding a new AdminQ command to verify driver (bsc#1211519).</li>
<li>gve: Cache link_speed value from device (bsc#1211519).</li>
<li>gve: Fix GFP flags when allocing pages (bsc#1211519).</li>
<li>gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).</li>
<li>gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).</li>
<li>gve: Handle alternate miss completions (bsc#1211519).</li>
<li>gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).</li>
<li>gve: Remove the code of clearing PBA bit (bsc#1211519).</li>
<li>gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).</li>
<li>gve: enhance no queue page list detection (bsc#1211519).</li>
<li>hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).</li>
<li>hfs/hfsplus: use WARN_ON for sanity check (git-fixes).</li>
<li>hfs: Fix OOB Write in hfs_asc2mac (git-fixes).</li>
<li>hfs: add lock nesting notation to hfs_find_init (git-fixes).</li>
<li>hfs: add missing clean-up in hfs_fill_super (git-fixes).</li>
<li>hfs: fix BUG on bnode parent update (git-fixes).</li>
<li>hfs: fix OOB Read in __hfs_brec_find (git-fixes).</li>
<li>hfs: fix high memory mapping in hfs_bnode_read (git-fixes).</li>
<li>hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).</li>
<li>hfs: fix return value of hfs_get_block() (git-fixes).</li>
<li>hfs: prevent btree data loss on ENOSPC (git-fixes).</li>
<li>hfs: update timestamp on truncate() (git-fixes).</li>
<li>hfsplus: fix BUG on bnode parent update (git-fixes).</li>
<li>hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).</li>
<li>hfsplus: fix crash and filesystem corruption when deleting files (git-fixes).</li>
<li>hfsplus: fix return value of hfsplus_get_block() (git-fixes).</li>
<li>hfsplus: prevent btree data loss on ENOSPC (git-fixes).</li>
<li>hfsplus: update timestamps on truncate() (git-fixes).</li>
<li>igb: Add lock to avoid data race (git-fixes).</li>
<li>igb: Allocate MSI-X vector when testing (git-fixes).</li>
<li>igb: Enable SR-IOV after reinit (git-fixes).</li>
<li>igb: Initialize mailbox message for VF reset (git-fixes).</li>
<li>igb: Make DMA faster when CPU is active on the PCIe link (git-fixes).</li>
<li>igb: fix bit_shift to be in [1..8] range (git-fixes).</li>
<li>igb: fix netpoll exit with traffic (git-fixes).</li>
<li>igb: fix nvm.ops.read() error handling (git-fixes).</li>
<li>igb: skip phy status check where unavailable (git-fixes).</li>
<li>igbvf: Regard vf reset nack as success (git-fixes).</li>
<li>igbvf: fix double free in <code>igbvf_probe</code> (git-fixes).</li>
<li>igc: Fix BUG: scheduling while atomic (git-fixes).</li>
<li>igc: Fix infinite loop in release_swfw_sync (git-fixes).</li>
<li>igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).</li>
<li>igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).</li>
<li>intel/igbvf: free irq on the error path in igbvf_request_msix() (git-fixes).</li>
<li>ipv4: fix uninit-value in ip_route_output_key_hash_rcu() (git-fixes).</li>
<li>ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes).</li>
<li>ixgbe: Allow flow hash to be set via ethtool (git-fixes).</li>
<li>ixgbe: Check DDM existence in transceiver before access (git-fixes).</li>
<li>ixgbe: Enable setting RSS table to default values (git-fixes).</li>
<li>ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes).</li>
<li>ixgbe: ensure IPsec VF<->PF compatibility (git-fixes).</li>
<li>ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes).</li>
<li>ixgbe: fix pci device refcount leak (git-fixes).</li>
<li>ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).</li>
<li>ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).</li>
<li>ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (git-fixes).</li>
<li>kprobes: Do not call BUG_ON() if there is a kprobe in use on free list (git-fixes).</li>
<li>kprobes: Do not use local variable when creating debugfs file (git-fixes).</li>
<li>kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes).</li>
<li>kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).</li>
<li>kprobes: Fix error check when reusing optimized probes (git-fixes).</li>
<li>kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic (git-fixes).</li>
<li>kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes).</li>
<li>kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).</li>
<li>kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex (git-fixes).</li>
<li>kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).</li>
<li>kprobes: Prohibit probes in gate area (git-fixes).</li>
<li>kprobes: Prohibit probing on BUG() and WARN() address (git-fixes).</li>
<li>kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe() (git-fixes).</li>
<li>kprobes: Set unoptimized flag after unoptimizing code (git-fixes).</li>
<li>kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y (git-fixes).</li>
<li>kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).</li>
<li>kprobes: fix kill kprobe which has been marked as gone (git-fixes).</li>
<li>kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes).</li>
<li>l2tp: hold reference on tunnels in netlink dumps (git-fixes).</li>
<li>l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file (git-fixes).</li>
<li>l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes).</li>
<li>mlx5: count all link events (git-fixes).</li>
<li>net/ethernet/qlogic/qed: force the string buffer NULL-terminated (git-fixes).</li>
<li>net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).</li>
<li>net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).</li>
<li>net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).</li>
<li>net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes).</li>
<li>net/mlx4_en: Resolve bad operstate value (git-fixes).</li>
<li>net/usb/drivers: Remove useless hrtimer_active check (git-fixes).</li>
<li>net: axienet: Fix race condition causing TX hang (git-fixes).</li>
<li>net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).</li>
<li>net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes).</li>
<li>net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' (git-fixes).</li>
<li>net: dev: Use unsigned integer as an argument to left-shift (git-fixes).</li>
<li>net: fec: fix rare tx timeout (git-fixes).</li>
<li>net: fix warning in af_unix (git-fixes).</li>
<li>net: hisilicon: Fix "Trying to free already-free IRQ" (git-fixes).</li>
<li>net: ks8851: Dequeue RX packets explicitly (git-fixes).</li>
<li>net: macb: Clean 64b dma addresses if they are not detected (git-fixes).</li>
<li>net: marvell: mvneta: fix DMA debug warning (git-fixes).</li>
<li>net: myri10ge: fix memory leaks (git-fixes).</li>
<li>net: set static variable an initial value in atl2_probe() (git-fixes).</li>
<li>net: thunderx: make CFG_DONE message to run through generic send-ack sequence (git-fixes).</li>
<li>net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).</li>
<li>netfilter: x_tables: add and use xt_check_proc_name (git-fixes).</li>
<li>netlabel: If PF_INET6, check sk_buff ip header version (git-fixes).</li>
<li>ocfs2/dlm: do not handle migrate lockres if already in shutdown (git-fixes).</li>
<li>ocfs2: call journal flush to mark journal as empty after journal recovery when mount (git-fixes).</li>
<li>ocfs2: clear dinode links count in case of error (git-fixes).</li>
<li>ocfs2: clear journal dirty flag after shutdown journal (git-fixes).</li>
<li>ocfs2: clear zero in unaligned direct IO (git-fixes).</li>
<li>ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (git-fixes).</li>
<li>ocfs2: do not clear bh uptodate for block read (git-fixes).</li>
<li>ocfs2: do not put and assigning null to bh allocated outside (git-fixes).</li>
<li>ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes).</li>
<li>ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() (git-fixes).</li>
<li>ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes).</li>
<li>ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes).</li>
<li>ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes).</li>
<li>ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).</li>
<li>ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes).</li>
<li>ocfs2: fix non-auto defrag path not working issue (git-fixes).</li>
<li>ocfs2: fix panic due to unrecovered local alloc (git-fixes).</li>
<li>ocfs2: fix potential use after free (git-fixes).</li>
<li>ocfs2: remove set but not used variable 'last_hash' (git-fixes).</li>
<li>ocfs2: take inode cluster lock before moving reflinked inode from orphan dir (git-fixes).</li>
<li>ocfs2: wait for recovering done after direct unlock request (git-fixes).</li>
<li>openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS (git-fixes).</li>
<li>powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).</li>
<li>powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1212701).</li>
<li>put quirk_disable_autosuspend into a hole (git-fixes).</li>
<li>qed: Add cleanup in qed_slowpath_start() (git-fixes).</li>
<li>qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes).</li>
<li>reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).</li>
<li>reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).</li>
<li>reiserfs: Fix memory leak in reiserfs_parse_options() (git-fixes).</li>
<li>reiserfs: add check for invalid 1st journal block (git-fixes).</li>
<li>reiserfs: add check for root_inode in reiserfs_fill_super (git-fixes).</li>
<li>reiserfs: change j_timestamp type to time64_t (git-fixes).</li>
<li>reiserfs: check directory items on read from disk (git-fixes).</li>
<li>reiserfs: only call unlock_new_inode() if I_NEW (git-fixes).</li>
<li>reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() (git-fixes).</li>
<li>reiserfs: propagate errors from fill_with_dentries() properly (git-fixes).</li>
<li>revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git-fixes).</li>
<li>rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm</li>
<li>rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)</li>
<li>s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185).</li>
<li>s390/dasd: Use correct lock while counting channel queue length (LTC#202775 bsc#1212443).</li>
<li>s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1212165).</li>
<li>s390/dasd: fix no record found for raw_track_access (git-fixes bsc#1212266).</li>
<li>s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244).</li>
<li>s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1212167).</li>
<li>s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1212170).</li>
<li>s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1212173).</li>
<li>s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175).</li>
<li>s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1212164).</li>
<li>s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236).</li>
<li>samples/kretprobes: Fix return value if register_kretprobe() failed (git-fixes).</li>
<li>sched/core: Use smp_mb() in wake_woken_function() (git-fixes)</li>
<li>sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes)</li>
<li>scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).</li>
<li>scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).</li>
<li>scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).</li>
<li>scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).</li>
<li>scsi: ipr: Work around fortify-string warning (git-fixes).</li>
<li>scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).</li>
<li>scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (git-fixes).</li>
<li>scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).</li>
<li>scsi: megaraid_sas: Fix crash after a double completion (git-fixes).</li>
<li>scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).</li>
<li>scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).</li>
<li>scsi: mpt3sas: Fix a memory leak (git-fixes).</li>
<li>scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).</li>
<li>scsi: ses: Do not attach if enclosure has no components (git-fixes).</li>
<li>scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).</li>
<li>scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).</li>
<li>scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).</li>
<li>scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).</li>
<li>scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger (git-fixes bsc#1212240).</li>
<li>smb3: fix oops in calculating shash_setkey (bsc#1190317).</li>
<li>smb3: fix problem remounting a share after shutdown (bsc#1190317).</li>
<li>smb3: fix temporary data corruption in collapse range (bsc#1190317).</li>
<li>smb3: fix temporary data corruption in insert range (bsc#1190317).</li>
<li>smb3: improve SMB3 change notification support (bsc#1190317).</li>
<li>smb3: must initialize two ACL struct fields to zero (bsc#1190317).</li>
<li>smb3: rename encryption/decryption TFMs (bsc#1190317).</li>
<li>squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).</li>
<li>sysv: use BUILD_BUG_ON instead of runtime check (git-fixes).</li>
<li>uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers (git-fixes).</li>
<li>update internal module version number for cifs.ko (bsc#1190317).</li>
<li>x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).</li>
<li>x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).</li>
<li>xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (git-fixes).</li>
<li>xfs: fix rm_offset flag handling in rmap keys (git-fixes).</li>
<li>xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Important update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2808=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2808=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2808=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>kernel-azure-debuginfo-4.12.14-16.139.1</li>
<li>kernel-azure-debugsource-4.12.14-16.139.1</li>
<li>kernel-azure-base-debuginfo-4.12.14-16.139.1</li>
<li>kernel-azure-devel-4.12.14-16.139.1</li>
<li>kernel-syms-azure-4.12.14-16.139.1</li>
<li>kernel-azure-base-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
<ul>
<li>kernel-source-azure-4.12.14-16.139.1</li>
<li>kernel-devel-azure-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>kernel-azure-debuginfo-4.12.14-16.139.1</li>
<li>kernel-azure-debugsource-4.12.14-16.139.1</li>
<li>kernel-azure-base-debuginfo-4.12.14-16.139.1</li>
<li>kernel-azure-devel-4.12.14-16.139.1</li>
<li>kernel-syms-azure-4.12.14-16.139.1</li>
<li>kernel-azure-base-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
<ul>
<li>kernel-source-azure-4.12.14-16.139.1</li>
<li>kernel-devel-azure-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-azure-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (x86_64)
<ul>
<li>kernel-azure-debuginfo-4.12.14-16.139.1</li>
<li>kernel-azure-debugsource-4.12.14-16.139.1</li>
<li>kernel-azure-base-debuginfo-4.12.14-16.139.1</li>
<li>kernel-azure-devel-4.12.14-16.139.1</li>
<li>kernel-syms-azure-4.12.14-16.139.1</li>
<li>kernel-azure-base-4.12.14-16.139.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>
<li>kernel-source-azure-4.12.14-16.139.1</li>
<li>kernel-devel-azure-4.12.14-16.139.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1077.html">https://www.suse.com/security/cve/CVE-2023-1077.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1079.html">https://www.suse.com/security/cve/CVE-2023-1079.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1249.html">https://www.suse.com/security/cve/CVE-2023-1249.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1637.html">https://www.suse.com/security/cve/CVE-2023-1637.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-2002.html">https://www.suse.com/security/cve/CVE-2023-2002.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3090.html">https://www.suse.com/security/cve/CVE-2023-3090.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3111.html">https://www.suse.com/security/cve/CVE-2023-3111.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3141.html">https://www.suse.com/security/cve/CVE-2023-3141.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3159.html">https://www.suse.com/security/cve/CVE-2023-3159.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3161.html">https://www.suse.com/security/cve/CVE-2023-3161.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3268.html">https://www.suse.com/security/cve/CVE-2023-3268.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-3358.html">https://www.suse.com/security/cve/CVE-2023-3358.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-35824.html">https://www.suse.com/security/cve/CVE-2023-35824.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">https://bugzilla.suse.com/show_bug.cgi?id=1065729</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1160435">https://bugzilla.suse.com/show_bug.cgi?id=1160435</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1174852">https://bugzilla.suse.com/show_bug.cgi?id=1174852</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1190317">https://bugzilla.suse.com/show_bug.cgi?id=1190317</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205758">https://bugzilla.suse.com/show_bug.cgi?id=1205758</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208600">https://bugzilla.suse.com/show_bug.cgi?id=1208600</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208604">https://bugzilla.suse.com/show_bug.cgi?id=1208604</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209039">https://bugzilla.suse.com/show_bug.cgi?id=1209039</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209779">https://bugzilla.suse.com/show_bug.cgi?id=1209779</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210533">https://bugzilla.suse.com/show_bug.cgi?id=1210533</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211519">https://bugzilla.suse.com/show_bug.cgi?id=1211519</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212051">https://bugzilla.suse.com/show_bug.cgi?id=1212051</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212128">https://bugzilla.suse.com/show_bug.cgi?id=1212128</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212129">https://bugzilla.suse.com/show_bug.cgi?id=1212129</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212154">https://bugzilla.suse.com/show_bug.cgi?id=1212154</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212158">https://bugzilla.suse.com/show_bug.cgi?id=1212158</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212164">https://bugzilla.suse.com/show_bug.cgi?id=1212164</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212165">https://bugzilla.suse.com/show_bug.cgi?id=1212165</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212167">https://bugzilla.suse.com/show_bug.cgi?id=1212167</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212170">https://bugzilla.suse.com/show_bug.cgi?id=1212170</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212173">https://bugzilla.suse.com/show_bug.cgi?id=1212173</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212175">https://bugzilla.suse.com/show_bug.cgi?id=1212175</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212185">https://bugzilla.suse.com/show_bug.cgi?id=1212185</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212236">https://bugzilla.suse.com/show_bug.cgi?id=1212236</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212240">https://bugzilla.suse.com/show_bug.cgi?id=1212240</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212244">https://bugzilla.suse.com/show_bug.cgi?id=1212244</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212266">https://bugzilla.suse.com/show_bug.cgi?id=1212266</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212443">https://bugzilla.suse.com/show_bug.cgi?id=1212443</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212501">https://bugzilla.suse.com/show_bug.cgi?id=1212501</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212502">https://bugzilla.suse.com/show_bug.cgi?id=1212502</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212606">https://bugzilla.suse.com/show_bug.cgi?id=1212606</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212701">https://bugzilla.suse.com/show_bug.cgi?id=1212701</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212842">https://bugzilla.suse.com/show_bug.cgi?id=1212842</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212938">https://bugzilla.suse.com/show_bug.cgi?id=1212938</a>
</li>
</ul>
</div>