<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:4033-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">#1065729</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1109837">#1109837</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1152446">#1152446</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1154048">#1154048</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208995">#1208995</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210169">#1210169</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212703">#1212703</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213016">#1213016</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214157">#1214157</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214380">#1214380</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214386">#1214386</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214586">#1214586</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214940">#1214940</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214943">#1214943</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214945">#1214945</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214946">#1214946</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214948">#1214948</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214949">#1214949</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214950">#1214950</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214952">#1214952</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214953">#1214953</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214961">#1214961</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214962">#1214962</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214964">#1214964</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214965">#1214965</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214966">#1214966</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214967">#1214967</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215115">#1215115</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215117">#1215117</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215121">#1215121</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215122">#1215122</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215136">#1215136</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215149">#1215149</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215152">#1215152</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215162">#1215162</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215164">#1215164</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215165">#1215165</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215207">#1215207</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215221">#1215221</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215275">#1215275</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215299">#1215299</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215467">#1215467</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215607">#1215607</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215634">#1215634</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215858">#1215858</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215860">#1215860</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215861">#1215861</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215877">#1215877</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215897">#1215897</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215898">#1215898</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215954">#1215954</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-36766.html">CVE-2020-36766</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1192.html">CVE-2023-1192</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1206.html">CVE-2023-1206</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1859.html">CVE-2023-1859</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-39192.html">CVE-2023-39192</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-39193.html">CVE-2023-39193</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-39194.html">CVE-2023-39194</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-42754.html">CVE-2023-42754</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4622.html">CVE-2023-4622</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4623.html">CVE-2023-4623</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4881.html">CVE-2023-4881</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4921.html">CVE-2023-4921</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-36766</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">2.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-36766</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">3.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1192</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1206</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1206</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.7</span>
<span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1859</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">1.9</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1859</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39192</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39192</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39193</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39193</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39194</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39194</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">3.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-42754</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-42754</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4622</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4622</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4623</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4623</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4881</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4881</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4921</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4921</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 12 vulnerabilities and has 39 security fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).</li>
<li>CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).</li>
<li>CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).</li>
<li>CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).</li>
<li>CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).</li>
<li>CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).</li>
<li>CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).</li>
<li>CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).</li>
<li>CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).</li>
<li>CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).</li>
<li>CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).</li>
<li>CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).</li>
<li>Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).</li>
<li>Input: psmouse - fix OOB access in Elantech protocol (git-fixes).</li>
<li>Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).</li>
<li>Input: xpad - add constants for GIP interface numbers (git-fixes).</li>
<li>Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).</li>
<li>KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).</li>
<li>KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).</li>
<li>NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).</li>
<li>NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).</li>
<li>USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).</li>
<li>USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).</li>
<li>VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).</li>
<li>arm64: insn: Fix ldadd instruction encoding (git-fixes)</li>
<li>arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)</li>
<li>blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)</li>
<li>blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).</li>
<li>blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1214586).</li>
<li>blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).</li>
<li>btrfs: output extra information on failure (bsc#1215136).</li>
<li>check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380)</li>
<li>direct-io: allow direct writes to empty inodes (bsc#1215164).</li>
<li>drm/ast: Fix DRAM init on AST2200 (bsc#1152446)</li>
<li>drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes</li>
<li>drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms()</li>
<li>drm/virtio: Fix GEM handle creation UAF (git-fixes).</li>
<li>drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).</li>
<li>ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).</li>
<li>ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).</li>
<li>ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).</li>
<li>ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).</li>
<li>fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).</li>
<li>fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)</li>
<li>fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)</li>
<li>fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)</li>
<li>fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).</li>
<li>firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).</li>
<li>firmware: raspberrypi: Keep count of all consumers (git-fixes).</li>
<li>firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).</li>
<li>fs: avoid softlockups in s_inodes iterators (bsc#1215165).</li>
<li>fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).</li>
<li>hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).</li>
<li>idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).</li>
<li>jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).</li>
<li>jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).</li>
<li>jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).</li>
<li>jbd2: fix checkpoint cleanup performance regression (bsc#1214952).</li>
<li>jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).</li>
<li>jbd2: remove t_checkpoint_io_list (bsc#1214946).</li>
<li>jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).</li>
<li>jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).</li>
<li>jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).</li>
<li>kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.</li>
<li>kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.</li>
<li>media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).</li>
<li>media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).</li>
<li>media: cec: copy sequence field for the reply (git-fixes).</li>
<li>media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).</li>
<li>media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).</li>
<li>media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes).</li>
<li>media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).</li>
<li>media: s5p_cec: decrement usage count if disabled (git-fixes).</li>
<li>media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).</li>
<li>mkspec: Allow unsupported KMPs (bsc#1214386)</li>
<li>net/mlx5: Fix size field in bufferx_reg struct (git-fixes).</li>
<li>net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).</li>
<li>net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes).</li>
<li>net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).</li>
<li>net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).</li>
<li>net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).</li>
<li>net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).</li>
<li>net: virtio_vsock: Enhance connection semantics (git-fixes).</li>
<li>nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).</li>
<li>old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.</li>
<li>powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).</li>
<li>powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).</li>
<li>powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).</li>
<li>quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).</li>
<li>quota: fix warning in dqgrab() (bsc#1214962).</li>
<li>remoteproc: Add missing '\n' in log messages (git-fixes).</li>
<li>remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).</li>
<li>s390/dasd: fix hanging device after request requeue (bsc#1215121).</li>
<li>s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152).</li>
<li>s390: add z16 elf platform (bsc#1215954).</li>
<li>scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).</li>
<li>scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).</li>
<li>scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).</li>
<li>tools/virtio: fix the vringh test for virtio ring changes (git-fixes).</li>
<li>tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634).</li>
<li>udf: Fix extension of the last extent in the file (bsc#1214964).</li>
<li>udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).</li>
<li>udf: Fix off-by-one error when discarding preallocation (bsc#1214966).</li>
<li>udf: Fix uninitialized array access for some pathnames (bsc#1214967).</li>
<li>usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).</li>
<li>usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).</li>
<li>vhost/net: Clear the pending messages when the backend is removed (git-fixes).</li>
<li>vhost/test: stop device before reset (git-fixes).</li>
<li>vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).</li>
<li>vhost: Do not call access_ok() when using IOTLB (git-fixes).</li>
<li>vhost: Fix vhost_vq_reset() (git-fixes).</li>
<li>vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).</li>
<li>vhost: fix range used in translate_desc() (git-fixes).</li>
<li>vhost: introduce helpers to get the size of metadata area (git-fixes).</li>
<li>vhost: missing __user tags (git-fixes).</li>
<li>vhost: vsock: kick send_pkt worker once device is started (git-fixes).</li>
<li>vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).</li>
<li>virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).</li>
<li>virtio-gpu: fix possible memory allocation failure (git-fixes).</li>
<li>virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).</li>
<li>virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).</li>
<li>virtio-net: fix race between set queues and probe (git-fixes).</li>
<li>virtio-net: fix the race between refill work and close (git-fixes).</li>
<li>virtio-net: set queues after driver_ok (git-fixes).</li>
<li>virtio-rng: make device ready before making request (git-fixes).</li>
<li>virtio: acknowledge all features before access (git-fixes).</li>
<li>virtio_balloon: prevent pfn array overflow (git-fixes).</li>
<li>virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).</li>
<li>virtio_mmio: Restore guest page size on resume (git-fixes).</li>
<li>virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).</li>
<li>virtio_net: Remove BUG() to avoid machine dead (git-fixes).</li>
<li>virtio_net: add checking sq is full inside xdp xmit (git-fixes).</li>
<li>virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).</li>
<li>virtio_net: reorder some funcs (git-fixes).</li>
<li>virtio_net: separate the logic of checking whether sq is full (git-fixes).</li>
<li>virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).</li>
<li>virtio_pci: Support surprise removal of virtio pci device (git-fixes).</li>
<li>virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).</li>
<li>virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).</li>
<li>vringh: Fix loop descriptors check in the indirect cases (git-fixes).</li>
<li>vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).</li>
<li>vsock/virtio: enable VQs early on probe (git-fixes).</li>
<li>vsock/virtio: free queued packets when closing socket (git-fixes).</li>
<li>vsock/virtio: update credit only if socket is not closed (git-fixes).</li>
<li>word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).</li>
<li>x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).</li>
<li>x86/srso: Do not probe microcode in a guest (git-fixes).</li>
<li>x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).</li>
<li>x86/srso: Fix srso_show_state() side effect (git-fixes).</li>
<li>x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).</li>
<li>xen: remove a confusing comment on auto-translated guest I/O (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Real Time 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-RT-12-SP5-2023-4033=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
<ul>
<li>kernel-rt-debugsource-4.12.14-10.144.1</li>
<li>ocfs2-kmp-rt-4.12.14-10.144.1</li>
<li>kernel-rt-devel-debuginfo-4.12.14-10.144.1</li>
<li>kernel-rt_debug-debuginfo-4.12.14-10.144.1</li>
<li>kernel-syms-rt-4.12.14-10.144.1</li>
<li>cluster-md-kmp-rt-debuginfo-4.12.14-10.144.1</li>
<li>kernel-rt-devel-4.12.14-10.144.1</li>
<li>gfs2-kmp-rt-debuginfo-4.12.14-10.144.1</li>
<li>ocfs2-kmp-rt-debuginfo-4.12.14-10.144.1</li>
<li>gfs2-kmp-rt-4.12.14-10.144.1</li>
<li>kernel-rt_debug-debugsource-4.12.14-10.144.1</li>
<li>kernel-rt-base-debuginfo-4.12.14-10.144.1</li>
<li>kernel-rt_debug-devel-debuginfo-4.12.14-10.144.1</li>
<li>dlm-kmp-rt-debuginfo-4.12.14-10.144.1</li>
<li>cluster-md-kmp-rt-4.12.14-10.144.1</li>
<li>kernel-rt-base-4.12.14-10.144.1</li>
<li>kernel-rt-debuginfo-4.12.14-10.144.1</li>
<li>kernel-rt_debug-devel-4.12.14-10.144.1</li>
<li>dlm-kmp-rt-4.12.14-10.144.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Real Time 12 SP5 (noarch)
<ul>
<li>kernel-devel-rt-4.12.14-10.144.1</li>
<li>kernel-source-rt-4.12.14-10.144.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
<ul>
<li>kernel-rt-4.12.14-10.144.1</li>
<li>kernel-rt_debug-4.12.14-10.144.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2020-36766.html">https://www.suse.com/security/cve/CVE-2020-36766.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1192.html">https://www.suse.com/security/cve/CVE-2023-1192.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1206.html">https://www.suse.com/security/cve/CVE-2023-1206.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1859.html">https://www.suse.com/security/cve/CVE-2023-1859.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-39192.html">https://www.suse.com/security/cve/CVE-2023-39192.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-39193.html">https://www.suse.com/security/cve/CVE-2023-39193.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-39194.html">https://www.suse.com/security/cve/CVE-2023-39194.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-42754.html">https://www.suse.com/security/cve/CVE-2023-42754.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4622.html">https://www.suse.com/security/cve/CVE-2023-4622.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4623.html">https://www.suse.com/security/cve/CVE-2023-4623.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4881.html">https://www.suse.com/security/cve/CVE-2023-4881.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4921.html">https://www.suse.com/security/cve/CVE-2023-4921.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1065729">https://bugzilla.suse.com/show_bug.cgi?id=1065729</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1109837">https://bugzilla.suse.com/show_bug.cgi?id=1109837</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1152446">https://bugzilla.suse.com/show_bug.cgi?id=1152446</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1154048">https://bugzilla.suse.com/show_bug.cgi?id=1154048</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208995">https://bugzilla.suse.com/show_bug.cgi?id=1208995</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210169">https://bugzilla.suse.com/show_bug.cgi?id=1210169</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212703">https://bugzilla.suse.com/show_bug.cgi?id=1212703</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213016">https://bugzilla.suse.com/show_bug.cgi?id=1213016</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214157">https://bugzilla.suse.com/show_bug.cgi?id=1214157</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214380">https://bugzilla.suse.com/show_bug.cgi?id=1214380</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214386">https://bugzilla.suse.com/show_bug.cgi?id=1214386</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214586">https://bugzilla.suse.com/show_bug.cgi?id=1214586</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214940">https://bugzilla.suse.com/show_bug.cgi?id=1214940</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214943">https://bugzilla.suse.com/show_bug.cgi?id=1214943</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214945">https://bugzilla.suse.com/show_bug.cgi?id=1214945</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214946">https://bugzilla.suse.com/show_bug.cgi?id=1214946</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214948">https://bugzilla.suse.com/show_bug.cgi?id=1214948</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214949">https://bugzilla.suse.com/show_bug.cgi?id=1214949</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214950">https://bugzilla.suse.com/show_bug.cgi?id=1214950</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214952">https://bugzilla.suse.com/show_bug.cgi?id=1214952</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214953">https://bugzilla.suse.com/show_bug.cgi?id=1214953</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214961">https://bugzilla.suse.com/show_bug.cgi?id=1214961</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214962">https://bugzilla.suse.com/show_bug.cgi?id=1214962</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214964">https://bugzilla.suse.com/show_bug.cgi?id=1214964</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214965">https://bugzilla.suse.com/show_bug.cgi?id=1214965</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214966">https://bugzilla.suse.com/show_bug.cgi?id=1214966</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214967">https://bugzilla.suse.com/show_bug.cgi?id=1214967</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215115">https://bugzilla.suse.com/show_bug.cgi?id=1215115</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215117">https://bugzilla.suse.com/show_bug.cgi?id=1215117</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215121">https://bugzilla.suse.com/show_bug.cgi?id=1215121</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215122">https://bugzilla.suse.com/show_bug.cgi?id=1215122</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215136">https://bugzilla.suse.com/show_bug.cgi?id=1215136</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215149">https://bugzilla.suse.com/show_bug.cgi?id=1215149</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215152">https://bugzilla.suse.com/show_bug.cgi?id=1215152</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215162">https://bugzilla.suse.com/show_bug.cgi?id=1215162</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215164">https://bugzilla.suse.com/show_bug.cgi?id=1215164</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215165">https://bugzilla.suse.com/show_bug.cgi?id=1215165</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215207">https://bugzilla.suse.com/show_bug.cgi?id=1215207</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215221">https://bugzilla.suse.com/show_bug.cgi?id=1215221</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215275">https://bugzilla.suse.com/show_bug.cgi?id=1215275</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215299">https://bugzilla.suse.com/show_bug.cgi?id=1215299</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215467">https://bugzilla.suse.com/show_bug.cgi?id=1215467</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215607">https://bugzilla.suse.com/show_bug.cgi?id=1215607</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215634">https://bugzilla.suse.com/show_bug.cgi?id=1215634</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215858">https://bugzilla.suse.com/show_bug.cgi?id=1215858</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215860">https://bugzilla.suse.com/show_bug.cgi?id=1215860</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215861">https://bugzilla.suse.com/show_bug.cgi?id=1215861</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215877">https://bugzilla.suse.com/show_bug.cgi?id=1215877</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215897">https://bugzilla.suse.com/show_bug.cgi?id=1215897</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215898">https://bugzilla.suse.com/show_bug.cgi?id=1215898</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215954">https://bugzilla.suse.com/show_bug.cgi?id=1215954</a>
</li>
</ul>
</div>