<div class="container">
<h1>Security update for the Linux Kernel</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:4035-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1152472">#1152472</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202845">#1202845</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206453">#1206453</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213808">#1213808</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214941">#1214941</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214942">#1214942</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214943">#1214943</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214944">#1214944</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214950">#1214950</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214951">#1214951</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214954">#1214954</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214957">#1214957</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214986">#1214986</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214992">#1214992</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214993">#1214993</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215322">#1215322</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215523">#1215523</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215877">#1215877</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215894">#1215894</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215895">#1215895</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215896">#1215896</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215911">#1215911</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215915">#1215915</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215916">#1215916</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1206.html">CVE-2023-1206</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-39192.html">CVE-2023-39192</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-39193.html">CVE-2023-39193</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-39194.html">CVE-2023-39194</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4155.html">CVE-2023-4155</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-42753.html">CVE-2023-42753</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-42754.html">CVE-2023-42754</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4389.html">CVE-2023-4389</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4622.html">CVE-2023-4622</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4623.html">CVE-2023-4623</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4921.html">CVE-2023-4921</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-5345.html">CVE-2023-5345</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1206</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1206</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.7</span>
<span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39192</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39192</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.7</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39193</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39193</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.1</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39194</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-39194</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">3.2</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4155</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4155</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-42753</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-42754</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-42754</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4389</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4389</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4622</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4622</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4623</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4623</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4921</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-4921</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-5345</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-5345</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap 15.5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Live Patching 15-SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Micro 5.5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Real Time Module 15-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 12 vulnerabilities and has 12 security fixes can now be installed.</p>
<h2>Description:</h2>
<p>The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.</p>
<p>The following security bugs were fixed:</p>
<ul>
<li>CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).</li>
<li>CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).</li>
<li>CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).</li>
<li>CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).</li>
<li>CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).</li>
<li>CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)</li>
<li>CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).</li>
<li>CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).</li>
<li>CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).</li>
<li>CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).</li>
<li>CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).</li>
<li>CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)</li>
</ul>
<p>The following non-security bugs were fixed:</p>
<ul>
<li>ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).</li>
<li>arm64: module-plts: inline linux/moduleloader.h (git-fixes)</li>
<li>arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)</li>
<li>arm64: sdei: abort running SDEI handlers during crash (git-fixes)</li>
<li>arm64: tegra: Update AHUB clock parent and rate (git-fixes)</li>
<li>arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)</li>
<li>ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).</li>
<li>ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).</li>
<li>ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).</li>
<li>ASoC: meson: spdifin: start hw on dai probe (git-fixes).</li>
<li>ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).</li>
<li>ASoC: rt5640: Fix sleep in atomic context (git-fixes).</li>
<li>ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes).</li>
<li>ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).</li>
<li>ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).</li>
<li>ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).</li>
<li>blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).</li>
<li>blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).</li>
<li>block/mq-deadline: use correct way to throttling write requests (bsc#1214993).</li>
<li>bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).</li>
<li>clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).</li>
<li>drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).</li>
<li>Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).</li>
<li>Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).</li>
<li>Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).</li>
<li>drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private</li>
<li>drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes</li>
<li>drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).</li>
<li>drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).</li>
<li>drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).</li>
<li>drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).</li>
<li>ext4: avoid potential data overflow in next_linear_group (bsc#1214951).</li>
<li>ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).</li>
<li>ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).</li>
<li>ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).</li>
<li>ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).</li>
<li>ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).</li>
<li>ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).</li>
<li>ext4: Remove ext4 locking of moved directory (bsc#1214957).</li>
<li>ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).</li>
<li>fs: Establish locking order for unrelated directories (bsc#1214958).</li>
<li>fs: Lock moved directories (bsc#1214959).</li>
<li>fs: lockd: avoid possible wrong NULL parameter (git-fixes).</li>
<li>fs: no need to check source (bsc#1215752).</li>
<li>fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).</li>
<li>gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).</li>
<li>gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).</li>
<li>gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).</li>
<li>gve: Changes to add new TX queues (bsc#1214479).</li>
<li>gve: Control path for DQO-QPL (bsc#1214479).</li>
<li>gve: fix frag_list chaining (bsc#1214479).</li>
<li>gve: Fix gve interrupt names (bsc#1214479).</li>
<li>gve: RX path for DQO-QPL (bsc#1214479).</li>
<li>gve: trivial spell fix Recive to Receive (bsc#1214479).</li>
<li>gve: Tx path for DQO-QPL (bsc#1214479).</li>
<li>gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).</li>
<li>gve: use vmalloc_array and vcalloc (bsc#1214479).</li>
<li>gve: XDP support GQI-QPL: helper function changes (bsc#1214479).</li>
<li>hwrng: virtio - add an internal buffer (git-fixes).</li>
<li>hwrng: virtio - always add a pending request (git-fixes).</li>
<li>hwrng: virtio - do not wait on cleanup (git-fixes).</li>
<li>hwrng: virtio - do not waste entropy (git-fixes).</li>
<li>hwrng: virtio - Fix race on data_avail and actual data (git-fixes).</li>
<li>i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).</li>
<li>iommu/virtio: Detach domain on endpoint release (git-fixes).</li>
<li>iommu/virtio: Return size mapped for a detached domain (git-fixes).</li>
<li>jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).</li>
<li>jbd2: correct the end of the journal recovery scan range (bsc#1214955).</li>
<li>jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).</li>
<li>jbd2: fix checkpoint cleanup performance regression (bsc#1214952).</li>
<li>jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).</li>
<li>jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).</li>
<li>jbd2: remove journal_clean_one_cp_list() (bsc#1214947).</li>
<li>jbd2: remove t_checkpoint_io_list (bsc#1214946).</li>
<li>jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).</li>
<li>kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.</li>
<li>kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.</li>
<li>KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).</li>
<li>KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).</li>
<li>KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).</li>
<li>KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).</li>
<li>KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).</li>
<li>KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).</li>
<li>KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).</li>
<li>KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).</li>
<li>loop: Fix use-after-free issues (bsc#1214991).</li>
<li>loop: loop_set_status_from_info() check before assignment (bsc#1214990).</li>
<li>module: Expose module_init_layout_section() (git-fixes)</li>
<li>net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).</li>
<li>net: mana: Add page pool for RX buffers (bsc#1214040).</li>
<li>net: mana: Configure hwc timeout from hardware (bsc#1214037).</li>
<li>net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).</li>
<li>NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).</li>
<li>nfs/blocklayout: Use the passed in gfp flags (git-fixes).</li>
<li>NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).</li>
<li>NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).</li>
<li>nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).</li>
<li>nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).</li>
<li>NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).</li>
<li>NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).</li>
<li>NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).</li>
<li>NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).</li>
<li>NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).</li>
<li>nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).</li>
<li>nvme-tcp: add recovery_delay to sysfs (bsc#1201284).</li>
<li>nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).</li>
<li>nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).</li>
<li>nvme-tcp: make 'err_work' a delayed work (bsc#1201284).</li>
<li>platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).</li>
<li>platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).</li>
<li>platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).</li>
<li>platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).</li>
<li>pNFS: Fix assignment of xprtdata.cred (git-fixes).</li>
<li>powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).</li>
<li>printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).</li>
<li>quota: add new helper dquot_active() (bsc#1214998).</li>
<li>quota: factor out dquot_write_dquot() (bsc#1214995).</li>
<li>quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).</li>
<li>quota: fix warning in dqgrab() (bsc#1214962).</li>
<li>quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).</li>
<li>quota: rename dquot_active() to inode_quota_active() (bsc#1214997).</li>
<li>RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)</li>
<li>scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).</li>
<li>scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).</li>
<li>scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).</li>
<li>scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).</li>
<li>scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).</li>
<li>scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).</li>
<li>scsi: storvsc: Handle additional SRB status values (git-fixes).</li>
<li>scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).</li>
<li>selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).</li>
<li>spi: Add TPM HW flow flag (bsc#1213534)</li>
<li>spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)</li>
<li>spi: tegra210-quad: set half duplex flag (bsc#1213534)</li>
<li>SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).</li>
<li>tpm_tis_spi: Add hardware wait polling (bsc#1213534)</li>
<li>uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).</li>
<li>udf: Fix extension of the last extent in the file (bsc#1214964).</li>
<li>udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).</li>
<li>udf: Fix off-by-one error when discarding preallocation (bsc#1214966).</li>
<li>udf: Fix uninitialized array access for some pathnames (bsc#1214967).</li>
<li>Update metadata</li>
<li>usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).</li>
<li>usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).</li>
<li>vhost_vdpa: fix the crash in unmap a large memory (git-fixes).</li>
<li>vhost-scsi: unbreak any layout for response (git-fixes).</li>
<li>vhost: allow batching hint without size (git-fixes).</li>
<li>vhost: allow batching hint without size (git-fixes).</li>
<li>vhost: fix hung thread due to erroneous iotlb entries (git-fixes).</li>
<li>vhost: handle error while adding split ranges to iotlb (git-fixes).</li>
<li>virtio_net: add checking sq is full inside xdp xmit (git-fixes).</li>
<li>virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).</li>
<li>virtio_net: reorder some funcs (git-fixes).</li>
<li>virtio_net: separate the logic of checking whether sq is full (git-fixes).</li>
<li>virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).</li>
<li>virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).</li>
<li>virtio-mmio: do not break lifecycle of vm_dev (git-fixes).</li>
<li>virtio-net: fix race between set queues and probe (git-fixes).</li>
<li>virtio-net: set queues after driver_ok (git-fixes).</li>
<li>virtio-rng: make device ready before making request (git-fixes).</li>
<li>virtio: acknowledge all features before access (git-fixes).</li>
<li>vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).</li>
<li>x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).</li>
<li>x86/coco: Export cc_vendor (bsc#1206453).</li>
<li>x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).</li>
<li>x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).</li>
<li>x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).</li>
<li>x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)</li>
<li>x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).</li>
<li>x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).</li>
<li>x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).</li>
<li>x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).</li>
<li>x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).</li>
<li>x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).</li>
<li>x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).</li>
<li>x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).</li>
<li>x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).</li>
<li>x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).</li>
<li>x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).</li>
<li>x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).</li>
<li>x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).</li>
<li>x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).</li>
<li>x86/srso: Do not probe microcode in a guest (git-fixes).</li>
<li>x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).</li>
<li>x86/srso: Fix srso_show_state() side effect (git-fixes).</li>
<li>x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).</li>
<li>xen: remove a confusing comment on auto-translated guest I/O (git-fixes).</li>
<li>xprtrdma: Remap Receive buffers after a reconnect (git-fixes).</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
<li>Please reboot the system after installing this update.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch SUSE-2023-4035=1 openSUSE-SLE-15.5-2023-4035=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Micro 5.5
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-5.5-2023-4035=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Live Patching 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4035=1</code>
</li>
<li class="list-group-item">
SUSE Real Time Module 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4035=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.5 (noarch)
<ul>
<li>kernel-source-rt-5.14.21-150500.13.21.1</li>
<li>kernel-devel-rt-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (x86_64)
<ul>
<li>ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>reiserfs-kmp-rt-5.14.21-150500.13.21.1</li>
<li>reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-vdso-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-devel-5.14.21-150500.13.21.1</li>
<li>ocfs2-kmp-rt-5.14.21-150500.13.21.1</li>
<li>kernel-rt-extra-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-1-150500.11.3.1</li>
<li>gfs2-kmp-rt-5.14.21-150500.13.21.1</li>
<li>kselftests-kmp-rt-5.14.21-150500.13.21.1</li>
<li>kernel-rt-devel-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-debugsource-5.14.21-150500.13.21.1</li>
<li>kernel-syms-rt-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1</li>
<li>kernel-rt-optional-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1</li>
<li>kernel-rt-livepatch-devel-5.14.21-150500.13.21.1</li>
<li>kernel-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kselftests-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>dlm-kmp-rt-5.14.21-150500.13.21.1</li>
<li>cluster-md-kmp-rt-5.14.21-150500.13.21.1</li>
<li>kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-1-150500.11.3.1</li>
<li>dlm-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-optional-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-devel-debuginfo-5.14.21-150500.13.21.1</li>
<li>gfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-vdso-5.14.21-150500.13.21.1</li>
<li>kernel-rt-extra-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-livepatch-5.14.21-150500.13.21.1</li>
<li>cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-vdso-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-debugsource-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (nosrc x86_64)
<ul>
<li>kernel-rt_debug-5.14.21-150500.13.21.1</li>
<li>kernel-rt-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
<ul>
<li>kernel-rt-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Micro 5.5 (x86_64)
<ul>
<li>kernel-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-debugsource-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
<ul>
<li>kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1</li>
<li>kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-1-150500.11.3.1</li>
<li>kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-1-150500.11.3.1</li>
</ul>
</li>
<li>
SUSE Real Time Module 15-SP5 (x86_64)
<ul>
<li>ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-vdso-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-devel-5.14.21-150500.13.21.1</li>
<li>ocfs2-kmp-rt-5.14.21-150500.13.21.1</li>
<li>gfs2-kmp-rt-5.14.21-150500.13.21.1</li>
<li>kernel-rt-vdso-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-devel-5.14.21-150500.13.21.1</li>
<li>kernel-syms-rt-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>dlm-kmp-rt-5.14.21-150500.13.21.1</li>
<li>cluster-md-kmp-rt-5.14.21-150500.13.21.1</li>
<li>dlm-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-devel-debuginfo-5.14.21-150500.13.21.1</li>
<li>gfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt-vdso-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-debuginfo-5.14.21-150500.13.21.1</li>
<li>cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.21.1</li>
<li>kernel-rt_debug-debugsource-5.14.21-150500.13.21.1</li>
<li>kernel-rt-debugsource-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
SUSE Real Time Module 15-SP5 (noarch)
<ul>
<li>kernel-source-rt-5.14.21-150500.13.21.1</li>
<li>kernel-devel-rt-5.14.21-150500.13.21.1</li>
</ul>
</li>
<li>
SUSE Real Time Module 15-SP5 (nosrc x86_64)
<ul>
<li>kernel-rt_debug-5.14.21-150500.13.21.1</li>
<li>kernel-rt-5.14.21-150500.13.21.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1206.html">https://www.suse.com/security/cve/CVE-2023-1206.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-39192.html">https://www.suse.com/security/cve/CVE-2023-39192.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-39193.html">https://www.suse.com/security/cve/CVE-2023-39193.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-39194.html">https://www.suse.com/security/cve/CVE-2023-39194.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4155.html">https://www.suse.com/security/cve/CVE-2023-4155.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-42753.html">https://www.suse.com/security/cve/CVE-2023-42753.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-42754.html">https://www.suse.com/security/cve/CVE-2023-42754.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4389.html">https://www.suse.com/security/cve/CVE-2023-4389.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4622.html">https://www.suse.com/security/cve/CVE-2023-4622.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4623.html">https://www.suse.com/security/cve/CVE-2023-4623.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4921.html">https://www.suse.com/security/cve/CVE-2023-4921.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-5345.html">https://www.suse.com/security/cve/CVE-2023-5345.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1152472">https://bugzilla.suse.com/show_bug.cgi?id=1152472</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1202845">https://bugzilla.suse.com/show_bug.cgi?id=1202845</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206453">https://bugzilla.suse.com/show_bug.cgi?id=1206453</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213808">https://bugzilla.suse.com/show_bug.cgi?id=1213808</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214941">https://bugzilla.suse.com/show_bug.cgi?id=1214941</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214942">https://bugzilla.suse.com/show_bug.cgi?id=1214942</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214943">https://bugzilla.suse.com/show_bug.cgi?id=1214943</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214944">https://bugzilla.suse.com/show_bug.cgi?id=1214944</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214950">https://bugzilla.suse.com/show_bug.cgi?id=1214950</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214951">https://bugzilla.suse.com/show_bug.cgi?id=1214951</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214954">https://bugzilla.suse.com/show_bug.cgi?id=1214954</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214957">https://bugzilla.suse.com/show_bug.cgi?id=1214957</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214986">https://bugzilla.suse.com/show_bug.cgi?id=1214986</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214992">https://bugzilla.suse.com/show_bug.cgi?id=1214992</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214993">https://bugzilla.suse.com/show_bug.cgi?id=1214993</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215322">https://bugzilla.suse.com/show_bug.cgi?id=1215322</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215523">https://bugzilla.suse.com/show_bug.cgi?id=1215523</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215877">https://bugzilla.suse.com/show_bug.cgi?id=1215877</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215894">https://bugzilla.suse.com/show_bug.cgi?id=1215894</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215895">https://bugzilla.suse.com/show_bug.cgi?id=1215895</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215896">https://bugzilla.suse.com/show_bug.cgi?id=1215896</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215911">https://bugzilla.suse.com/show_bug.cgi?id=1215911</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215915">https://bugzilla.suse.com/show_bug.cgi?id=1215915</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215916">https://bugzilla.suse.com/show_bug.cgi?id=1215916</a>
</li>
</ul>
</div>