Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.7544
Security update for the Linux Kernel
18 December 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-46862 CVE-2023-45871 CVE-2023-45863
CVE-2023-39198 CVE-2023-39197 CVE-2023-25775
CVE-2023-6176 CVE-2023-6039 CVE-2023-5717
CVE-2023-5158 CVE-2023-4244 CVE-2023-2006
Original Bulletin:
https://www.suse.com/support/update/announcement/2023/suse-su-20234810-1
Comment: CVSS (Max): 7.8 CVE-2023-6176 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4810-1
Rating: important
o bsc#1084909
o bsc#1210447
o bsc#1214286
o bsc#1214976
o bsc#1215124
o bsc#1215292
o bsc#1215420
o bsc#1215458
o bsc#1215710
o bsc#1216058
o bsc#1216105
o bsc#1216259
o bsc#1216584
o bsc#1216693
o bsc#1216759
o bsc#1216844
o bsc#1216861
o bsc#1216909
o bsc#1216959
o bsc#1216965
References: o bsc#1216976
o bsc#1217036
o bsc#1217068
o bsc#1217086
o bsc#1217124
o bsc#1217140
o bsc#1217195
o bsc#1217200
o bsc#1217205
o bsc#1217332
o bsc#1217366
o bsc#1217515
o bsc#1217598
o bsc#1217599
o bsc#1217609
o bsc#1217687
o bsc#1217731
o bsc#1217780
o jsc#PED-3184
o jsc#PED-5021
o jsc#PED-7237
o CVE-2023-2006
o CVE-2023-25775
o CVE-2023-39197
o CVE-2023-39198
o CVE-2023-4244
o CVE-2023-45863
Cross-References: o CVE-2023-45871
o CVE-2023-46862
o CVE-2023-5158
o CVE-2023-5717
o CVE-2023-6039
o CVE-2023-6176
o CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
/S:U/C:L/I:L/A:L
o CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/
S:U/C:L/I:L/A:L
o CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
/S:C/C:L/I:N/A:N
o CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
/S:C/C:H/I:H/A:H
o CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
/S:U/C:H/I:H/A:H
o CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N
CVSS scores: /S:U/C:N/I:N/A:H
o CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:C/C:N/I:N/A:H
o CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:C/C:N/I:N/A:H
o CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o Basesystem Module 15-SP4
o Development Tools Module 15-SP4
o Legacy Module 15-SP4
o openSUSE Leap 15.4
o openSUSE Leap Micro 5.3
o openSUSE Leap Micro 5.4
o SUSE Linux Enterprise Desktop 15 SP4
o SUSE Linux Enterprise High Availability Extension 15 SP4
o SUSE Linux Enterprise High Performance Computing 15 SP4
Affected o SUSE Linux Enterprise Live Patching 15-SP4
Products: o SUSE Linux Enterprise Micro 5.3
o SUSE Linux Enterprise Micro 5.4
o SUSE Linux Enterprise Micro for Rancher 5.3
o SUSE Linux Enterprise Micro for Rancher 5.4
o SUSE Linux Enterprise Real Time 15 SP4
o SUSE Linux Enterprise Server 15 SP4
o SUSE Linux Enterprise Server for SAP Applications 15 SP4
o SUSE Linux Enterprise Workstation Extension 15 SP4
o SUSE Manager Proxy 4.3
o SUSE Manager Retail Branch Server 4.3
o SUSE Manager Server 4.3
An update that solves 12 vulnerabilities, contains three features and has 26
security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
o CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#
1210447).
o CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
o CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
o CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/
usb/lan78xx.c (bsc#1217068).
o CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#
1216058).
o CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
o CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
o CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
o CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
o CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
o CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
The following non-security bugs were fixed:
o ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
o ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
o ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
o ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
(git-fixes).
o ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
o ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
o ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
o ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
o ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
o ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
o ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
o ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
o ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
(git-fixes).
o ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
(git-fixes).
o ALSA: info: Fix potential deadlock at disconnection (git-fixes).
o ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
o ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
o ASoC: ams-delta.c: use component after check (git-fixes).
o ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
o ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
o ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
o ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
o ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
described (git-fixes).
o ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
o ASoC: rt5650: fix the wrong result of key button (git-fixes).
o ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
o ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
o Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
o Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
(git-fixes).
o Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
(git-fixes).
o Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
o Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer()
(git-fixes).
o HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
(git-fixes).
o HID: hyperv: Replace one-element array with flexible-array member
(git-fixes).
o HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
o HID: hyperv: remove unused struct synthhid_msg (git-fixes).
o HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
o HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only
(git-fixes).
o HID: logitech-hidpp: Move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
o HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
o HID: logitech-hidpp: Revert "Do not restart communication if not necessary"
(git-fixes).
o Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
o Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
(git-fixes).
o Input: xpad - add VID for Turtle Beach controllers (git-fixes).
o PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
o PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
o PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
o PCI: Extract ATS disabling to a helper function (bsc#1215458).
o PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
(git-fixes).
o PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
o PCI: Use FIELD_GET() to extract Link Width (git-fixes).
o PCI: exynos: Do not discard .remove() callback (git-fixes).
o PCI: keystone: Do not discard .probe() callback (git-fixes).
o PCI: keystone: Do not discard .remove() callback (git-fixes).
o PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
(git-fixes).
o PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
o PM: hibernate: Use __get_safe_page() rather than touching the list
(git-fixes).
o USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
o USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
o USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
o USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
o USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
o USB: serial: option: add Fibocom L7xx modules (git-fixes).
o USB: serial: option: add Luat Air72*U series products (git-fixes).
o USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
o USB: serial: option: fix FM101R-GL defines (git-fixes).
o USB: usbip: fix stub_dev hub disconnect (git-fixes).
o arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
o arm64: Add Cortex-A520 CPU part definition (git-fixes)
o arm64: allow kprobes on EL0 handlers (git-fixes)
o arm64: armv8_deprecated move emulation functions (git-fixes)
o arm64: armv8_deprecated: fix unused-function error (git-fixes)
o arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
o arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
o arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
o arm64: consistently pass ESR_ELx to die() (git-fixes)
o arm64: die(): pass 'err' as long (git-fixes)
o arm64: factor insn read out of call_undef_hook() (git-fixes)
o arm64: factor out EL1 SSBS emulation hook (git-fixes)
o arm64: report EL1 UNDEFs better (git-fixes)
o arm64: rework BTI exception handling (git-fixes)
o arm64: rework EL0 MRS emulation (git-fixes)
o arm64: rework FPAC exception handling (git-fixes)
o arm64: split EL0/EL1 UNDEF handlers (git-fixes)
o ata: pata_isapnp: Add missing error check for devm_ioport_map()
(git-fixes).
o atl1c: Work around the DMA RX overflow issue (git-fixes).
o atm: iphase: Do PCI error checks on own line (git-fixes).
o blk-mq: Do not clear driver tags own mapping (bsc#1217366).
o blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#
1217366).
o bluetooth: Add device 0bda:887b to device tables (git-fixes).
o bluetooth: Add device 13d3:3571 to device tables (git-fixes).
o can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
o can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
o can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
o can: isotp: add local echo tx processing for consecutive frames
(git-fixes).
o can: isotp: fix race between isotp_sendsmg() and isotp_release()
(git-fixes).
o can: isotp: fix tx state handling for echo tx processing (git-fixes).
o can: isotp: handle wait_event_interruptible() return values (git-fixes).
o can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
(git-fixes).
o can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
(git-fixes).
o can: isotp: remove re-binding of bound socket (git-fixes).
o can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
o can: isotp: set max PDU size to 64 kByte (git-fixes).
o can: isotp: split tx timer into transmission and timeout (git-fixes).
o can: sja1000: Fix comment (git-fixes).
o clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name (git-fixes).
o clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
o clk: imx: imx8mq: correct error handling path (git-fixes).
o clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
o clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
o clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
o clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
o clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
o clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
o clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
(git-fixes).
o clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
o clk: npcm7xx: Fix incorrect kfree (git-fixes).
o clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
(git-fixes).
o clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
o clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
o clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
(git-fixes).
o clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks
(git-fixes).
o clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
o clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
o clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
o clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
o clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name()
(git-fixes).
o clk: ti: change ti_clk_register _omap_hw API (git-fixes).
o clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
o crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
o crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
o crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
(git-fixes).
o dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
(git-fixes).
o dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
(git-fixes).
o dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
o dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
o docs: net: move the probe and open/close sections of driver.rst up (bsc#
1215458).
o docs: net: reformat driver.rst from a list to sections (bsc#1215458).
o docs: net: use C syntax highlight in driver.rst (bsc#1215458).
o drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
o drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
(git-fixes).
o drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
o drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
o drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
o drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
(git-fixes).
o drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
o drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
(git-fixes).
o drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
o drm/amdgpu: do not use ATRM for external devices (git-fixes).
o drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
o drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
o drm/amdkfd: Fix a race condition of vram buffer unref in svm code
(git-fixes).
o drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
o drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
o drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
o drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
o drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
o drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
o drm/bridge: lt8912b: Manually disable HPD only if it was enabled
(git-fixes).
o drm/bridge: lt8912b: Register and attach our DSI device at probe
(git-fixes).
o drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
o drm/bridge: lt9611uxc: Register and attach our DSI device at probe
(git-fixes).
o drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
o drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
o drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
o drm/bridge: tc358768: Fix bit updates (git-fixes).
o drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
o drm/gud: Use size_add() in call to struct_size() (git-fixes).
o drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
o drm/i915: Fix potential spectre vulnerability (git-fixes).
o drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
o drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
(git-fixes).
o drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
o drm/mipi-dsi: Create devm device attachment (git-fixes).
o drm/mipi-dsi: Create devm device registration (git-fixes).
o drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
o drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
(git-fixes).
o drm/panel: fix a possible null pointer dereference (git-fixes).
o drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
o drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
o drm/panel: st7703: Pick different reset sequence (git-fixes).
o drm/qxl: prevent memory leak (git-fixes).
o drm/radeon: possible buffer overflow (git-fixes).
o drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
(git-fixes).
o drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
(git-fixes).
o drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
o drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
(git-fixes).
o drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
(git-fixes).
o drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
o drm/vc4: fix typo (git-fixes).
o drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
o dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
o dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types
(git-fixes).
o fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
o fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
o fbdev: imsttfb: Release framebuffer and dealloc cmap on error path
(git-fixes).
o fbdev: imsttfb: fix a resource leak in probe (git-fixes).
o fbdev: imsttfb: fix double free in probe() (git-fixes).
o fbdev: omapfb: Drop unused remove function (git-fixes).
o firewire: core: fix possible memory leak in create_units() (git-fixes).
o firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
(git-fixes).
o gpio: mockup: fix kerneldoc (git-fixes).
o gpio: mockup: remove unused field (git-fixes).
o hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
o hv: simplify sysctl registration (git-fixes).
o hv_netvsc: Fix race of register_netdevice_notifier and VF register
(git-fixes).
o hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
o hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
o hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
o hwmon: (coretemp) Fix potentially truncated sysfs attribute name
(git-fixes).
o i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
o i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
o i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
(git-fixes).
o i2c: dev: copy userspace array safely (git-fixes).
o i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
(git-fixes).
o i2c: iproc: handle invalid slave state (git-fixes).
o i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
(git-fixes).
o i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
o i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
o i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
o i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
o i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
(git-fixes).
o i3c: master: cdns: Fix reading status register (git-fixes).
o i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data
(git-fixes).
o i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
(git-fixes).
o i3c: master: svc: fix check wrong status register in irq handler
(git-fixes).
o i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
o i3c: master: svc: fix race condition in ibi work thread (git-fixes).
o i3c: master: svc: fix wrong data return when IBI happen during start frame
(git-fixes).
o i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
(git-fixes).
o i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
o idpf: add RX splitq napi poll support (bsc#1215458).
o idpf: add SRIOV support and other ndo_ops (bsc#1215458).
o idpf: add TX splitq napi poll support (bsc#1215458).
o idpf: add controlq init and reset checks (bsc#1215458).
o idpf: add core init and interrupt request (bsc#1215458).
o idpf: add create vport and netdev configuration (bsc#1215458).
o idpf: add ethtool callbacks (bsc#1215458).
o idpf: add module register and probe functionality (bsc#1215458).
o idpf: add ptypes and MAC filter support (bsc#1215458).
o idpf: add singleq start_xmit and napi poll (bsc#1215458).
o idpf: add splitq start_xmit (bsc#1215458).
o idpf: cancel mailbox work in error path (bsc#1215458).
o idpf: configure resources for RX queues (bsc#1215458).
o idpf: configure resources for TX queues (bsc#1215458).
o idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
o idpf: initialize interrupts and enable vport (bsc#1215458).
o idpf: set scheduling mode for completion queue (bsc#1215458).
o iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale
(git-fixes).
o iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds
(git-fixes).
o iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
o irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
o leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
o leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
(git-fixes).
o leds: turris-omnia: Do not use SMBUS calls (git-fixes).
o lsm: fix default return value for inode_getsecctx (git-fixes).
o lsm: fix default return value for vm_enough_memory (git-fixes).
o media: bttv: fix use after free error due to btv->timeout timer
(git-fixes).
o media: ccs: Correctly initialise try compose rectangle (git-fixes).
o media: ccs: Fix driver quirk struct documentation (git-fixes).
o media: cedrus: Fix clock/reset sequence (git-fixes).
o media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
o media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
o media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
o media: imon: fix access to invalid resource for the second interface
(git-fixes).
o media: lirc: drop trailing space from scancode transmit (git-fixes).
o media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
o media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
o media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
o media: qcom: camss: Fix vfe_get() error jump (git-fixes).
o media: sharp: fix sharp encoding (git-fixes).
o media: siano: Drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
o media: venus: hfi: add checks to handle capabilities from firmware
(git-fixes).
o media: venus: hfi: add checks to perform sanity on queue pointers
(git-fixes).
o media: venus: hfi: fix the check to handle session buffer requirement
(git-fixes).
o media: venus: hfi_parser: Add check to keep the number of codecs within
range (git-fixes).
o media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
o media: vidtv: psi: Add check for kstrdup (git-fixes).
o media: vivid: avoid integer overflow (git-fixes).
o mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs
(git-fixes).
o mfd: core: Ensure disabled devices are skipped without aborting
(git-fixes).
o mfd: dln2: Fix double put in dln2_probe (git-fixes).
o misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
o misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
(git-fixes).
o mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237,
git-fixes).
o mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
o mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
o mmc: block: Retry commands in CQE error recovery (git-fixes).
o mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
o mmc: cqhci: Increase recovery halt timeout (git-fixes).
o mmc: cqhci: Warn of halt or task clear failure (git-fixes).
o mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
o mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
(git-fixes).
o mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
(git-fixes).
o mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
o mmc: vub300: fix an error code (git-fixes).
o modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
o mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
o mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
o mtd: rawnand: arasan: Include ECC syndrome along with in-band data while
checking for ECC failure (git-fixes).
o net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
o net: Avoid address overwrite in kernel_connect (bsc#1216861).
o net: add macro netif_subqueue_completed_wake (bsc#1215458).
o net: fix use-after-free in tw_timer_handler (bsc#1217195).
o net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
o net: mana: Fix return type of mana_start_xmit() (git-fixes).
o net: piggy back on the memory barrier in bql when waking queues (bsc#
1215458).
o net: provide macros for commonly copied lockless queue stop/wake code (bsc#
1215458).
o net: usb: ax88179_178a: fix failed operations during ax88179_reset
(git-fixes).
o net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
(git-fixes).
o nvme: update firmware version after commit (bsc#1215292).
o pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
o pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
o pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
o pinctrl: avoid reload of p state in list iteration (git-fixes).
o platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
(git-fixes).
o platform/x86: wmi: Fix opening of char device (git-fixes).
o platform/x86: wmi: Fix probe failure when failing to register WMI devices
(git-fixes).
o platform/x86: wmi: remove unnecessary initializations (git-fixes).
o powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#
1217780).
o pwm: Fix double shift bug (git-fixes).
o pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
o pwm: sti: Reduce number of allocations and drop usage of chip_data
(git-fixes).
o r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
o r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
o r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
o r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
o r8152: Release firmware if we have an error in probe (git-fixes).
o r8152: Run the unload routine if we have errors during probe (git-fixes).
o regmap: Ensure range selector registers are updated after cache sync
(git-fixes).
o regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
o regmap: prevent noinc writes from clobbering cache (git-fixes).
o s390/ap: fix AP bus crash on early config change callback invocation
(git-fixes bsc#1217687).
o s390/cio: unregister device when the only path is gone (git-fixes bsc#
1217609).
o s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
o s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997
bsc#1217086).
o s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc
#1217086).
o s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
o s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629
bsc#1215124).
o s390/dasd: protect device queue against concurrent access (git-fixes bsc#
1217515).
o s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#
1217598).
o s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#
1214976 git-fixes).
o s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#
203997 bsc#1217086).
o s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#
203997 bsc#1217086).
o s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
o s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#
1217599).
o sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
o scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
o scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#
1217731).
o scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss
() (bsc#1217731).
o scsi: lpfc: Enhance driver logging for selected discovery events (bsc#
1217731).
o scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc
#1217731).
o scsi: lpfc: Fix possible file string name overflow when updating firmware
(bsc#1217731).
o scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
o scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#
1217731).
o scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV
ports (bsc#1217124).
o scsi: lpfc: Remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
o scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
o scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci
offline (bsc#1217124).
o scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
o scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
o scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
o scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
o scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
(git-fixes).
o selftests/efivarfs: create-read: fix a resource leak (git-fixes).
o selftests/pidfd: Fix ksft print formats (git-fixes).
o selftests/resctrl: Ensure the benchmark commands fits to its array
(git-fixes).
o selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
(git-fixes).
o selftests/resctrl: Remove duplicate feature check from CMT test
(git-fixes).
o seq_buf: fix a misleading comment (git-fixes).
o serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial
cards" (git-fixes).
o serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
o soc: qcom: llcc: Handle a second device without data corruption
(git-fixes).
o spi: nxp-fspi: use the correct ioremap function (git-fixes).
o spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
o spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
o staging: media: ipu3: remove ftrace-like logging (git-fixes).
o string.h: add array-wrappers for (v)memdup_user() (git-fixes).
o supported.conf: marked idpf supported
o thermal: core: prevent potential string overflow (git-fixes).
o treewide: Spelling fix in comment (git-fixes).
o tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
o tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
o tty: 8250: Add support for Brainboxes UP cards (git-fixes).
o tty: 8250: Add support for Intashield IS-100 (git-fixes).
o tty: 8250: Add support for Intashield IX cards (git-fixes).
o tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
o tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
o tty: 8250: Fix port count of PX-257 (git-fixes).
o tty: 8250: Fix up PX-803/PX-857 (git-fixes).
o tty: 8250: Remove UC-257 and UC-431 (git-fixes).
o tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
o tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
o tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
o tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
o tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
o usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
o usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
o usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
o usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency (git-fixes).
o usb: dwc3: Fix default mode initialization (git-fixes).
o usb: dwc3: set the dma max_seg_size (git-fixes).
o usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
o usb: raw-gadget: properly handle interrupted requests (git-fixes).
o usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility (git-fixes).
o usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
(git-fixes).
o usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
o virtchnl: add virtchnl version 2 ops (bsc#1215458).
o wifi: ath10k: Do not touch the CE interrupt registers after power up
(git-fixes).
o wifi: ath10k: fix clang-specific fortify warning (git-fixes).
o wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
o wifi: ath11k: fix dfs radar event locking (git-fixes).
o wifi: ath11k: fix htt pktlog locking (git-fixes).
o wifi: ath11k: fix temperature event locking (git-fixes).
o wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
o wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
o wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues
(git-fixes).
o wifi: iwlwifi: empty overflow queue during flush (git-fixes).
o wifi: iwlwifi: honor the enable_ini value (git-fixes).
o wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
o wifi: mac80211: do not return unset power in ieee80211_get_tx_power()
(git-fixes).
o wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
o wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
o wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
o wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
(git-fixes).
o x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
o x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
o x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
(git-fixes).
o x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
o x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
o x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
o x86/hyperv: fix a warning in mshyperv.h (git-fixes).
o x86/sev: Do not try to parse for the CC blob on non-AMD hardware
(git-fixes).
o x86/sev: Fix calculation of end address based on number of pages
(git-fixes).
o x86/sev: Use the GHCB protocol when available for SNP CPUID requests
(git-fixes).
o x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
o xfs: add attr state machine tracepoints (git-fixes).
o xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
o xfs: constify btree function parameters that are not modified (git-fixes).
o xfs: convert AGF log flags to unsigned (git-fixes).
o xfs: convert AGI log flags to unsigned (git-fixes).
o xfs: convert attr type flags to unsigned (git-fixes).
o xfs: convert bmap extent type flags to unsigned (git-fixes).
o xfs: convert bmapi flags to unsigned (git-fixes).
o xfs: convert btree buffer log flags to unsigned (git-fixes).
o xfs: convert buffer flags to unsigned (git-fixes).
o xfs: convert buffer log item flags to unsigned (git-fixes).
o xfs: convert da btree operations flags to unsigned (git-fixes).
o xfs: convert dquot flags to unsigned (git-fixes).
o xfs: convert inode lock flags to unsigned (git-fixes).
o xfs: convert log item tracepoint flags to unsigned (git-fixes).
o xfs: convert log ticket and iclog flags to unsigned (git-fixes).
o xfs: convert quota options flags to unsigned (git-fixes).
o xfs: convert scrub type flags to unsigned (git-fixes).
o xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
o xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
o xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
o xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
o xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
o xfs: make the key parameters to all btree query range functions const
(git-fixes).
o xfs: make the keys and records passed to btree inorder functions const
(git-fixes).
o xfs: make the pointer passed to btree set_root functions const (git-fixes).
o xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
o xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
o xfs: mark the record passed into btree init_key functions as const
(git-fixes).
o xfs: mark the record passed into xchk_btree functions as const (git-fixes).
o xfs: remove xfs_btree_cur_t typedef (git-fixes).
o xfs: rename i_disk_size fields in ftrace output (git-fixes).
o xfs: resolve fork names in trace output (git-fixes).
o xfs: standardize AG block number formatting in ftrace output (git-fixes).
o xfs: standardize AG number formatting in ftrace output (git-fixes).
o xfs: standardize daddr formatting in ftrace output (git-fixes).
o xfs: standardize inode generation formatting in ftrace output (git-fixes).
o xfs: standardize inode number formatting in ftrace output (git-fixes).
o xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
o xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
o xhci: Enable RPM on controllers that support low-power states (git-fixes).
o xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
Special Instructions and Notes:
o Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4810=1 openSUSE-SLE-15.4-2023-4810=1
o openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4810=1
o openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4810=1
o SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1
o SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4810=1
o SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1
o SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4810=1
o Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4810=1
o Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4810=1
o Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4810=1
o SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4810=1
Please note that this is the initial kernel livepatch without fixes itself,
this package is later updated by separate standalone kernel livepatch
updates.
o SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4810=1
o SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4810=1
Package List:
o openSUSE Leap 15.4 (noarch nosrc)
? kernel-docs-5.14.21-150400.24.100.1
o openSUSE Leap 15.4 (noarch)
? kernel-devel-5.14.21-150400.24.100.2
? kernel-docs-html-5.14.21-150400.24.100.1
? kernel-macros-5.14.21-150400.24.100.2
? kernel-source-vanilla-5.14.21-150400.24.100.2
? kernel-source-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (nosrc ppc64le x86_64)
? kernel-debug-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (ppc64le x86_64)
? kernel-debug-devel-debuginfo-5.14.21-150400.24.100.2
? kernel-debug-livepatch-devel-5.14.21-150400.24.100.2
? kernel-debug-debuginfo-5.14.21-150400.24.100.2
? kernel-debug-debugsource-5.14.21-150400.24.100.2
? kernel-debug-devel-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
? kernel-default-base-rebuild-5.14.21-150400.24.100.2.150400.24.46.2
? kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.100.2
? kernel-kvmsmall-devel-5.14.21-150400.24.100.2
? kernel-kvmsmall-debuginfo-5.14.21-150400.24.100.2
? kernel-kvmsmall-debugsource-5.14.21-150400.24.100.2
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
? kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
? gfs2-kmp-default-5.14.21-150400.24.100.2
? dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
? cluster-md-kmp-default-5.14.21-150400.24.100.2
? kernel-obs-build-debugsource-5.14.21-150400.24.100.2
? kernel-obs-build-5.14.21-150400.24.100.2
? kernel-default-optional-debuginfo-5.14.21-150400.24.100.2
? kernel-obs-qa-5.14.21-150400.24.100.1
? ocfs2-kmp-default-5.14.21-150400.24.100.2
? kselftests-kmp-default-5.14.21-150400.24.100.2
? kernel-default-optional-5.14.21-150400.24.100.2
? kernel-default-extra-debuginfo-5.14.21-150400.24.100.2
? kernel-default-extra-5.14.21-150400.24.100.2
? kernel-default-livepatch-5.14.21-150400.24.100.2
? kernel-syms-5.14.21-150400.24.100.1
? kselftests-kmp-default-debuginfo-5.14.21-150400.24.100.2
? gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
? cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-devel-debuginfo-5.14.21-150400.24.100.2
? ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-devel-5.14.21-150400.24.100.2
? kernel-default-livepatch-devel-5.14.21-150400.24.100.2
? reiserfs-kmp-default-5.14.21-150400.24.100.2
? reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2
? dlm-kmp-default-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
? kernel-default-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
? kernel-kvmsmall-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (ppc64le s390x x86_64)
? kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2
? kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2
? kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2
o openSUSE Leap 15.4 (nosrc s390x)
? kernel-zfcpdump-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (s390x)
? kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2
? kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (nosrc)
? dtb-aarch64-5.14.21-150400.24.100.1
o openSUSE Leap 15.4 (aarch64)
? dtb-cavium-5.14.21-150400.24.100.1
? dtb-amd-5.14.21-150400.24.100.1
? dtb-xilinx-5.14.21-150400.24.100.1
? dtb-freescale-5.14.21-150400.24.100.1
? dtb-amlogic-5.14.21-150400.24.100.1
? kselftests-kmp-64kb-5.14.21-150400.24.100.2
? ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
? gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
? dtb-qcom-5.14.21-150400.24.100.1
? dtb-exynos-5.14.21-150400.24.100.1
? kernel-64kb-extra-5.14.21-150400.24.100.2
? dtb-arm-5.14.21-150400.24.100.1
? dtb-lg-5.14.21-150400.24.100.1
? dlm-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
? kernel-64kb-devel-5.14.21-150400.24.100.2
? kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2
? dtb-sprd-5.14.21-150400.24.100.1
? cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
? gfs2-kmp-64kb-5.14.21-150400.24.100.2
? kernel-64kb-debugsource-5.14.21-150400.24.100.2
? dtb-socionext-5.14.21-150400.24.100.1
? dtb-marvell-5.14.21-150400.24.100.1
? dtb-allwinner-5.14.21-150400.24.100.1
? kernel-64kb-extra-debuginfo-5.14.21-150400.24.100.2
? dtb-rockchip-5.14.21-150400.24.100.1
? dtb-renesas-5.14.21-150400.24.100.1
? cluster-md-kmp-64kb-5.14.21-150400.24.100.2
? dlm-kmp-64kb-5.14.21-150400.24.100.2
? kernel-64kb-optional-5.14.21-150400.24.100.2
? kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
? ocfs2-kmp-64kb-5.14.21-150400.24.100.2
? kernel-64kb-debuginfo-5.14.21-150400.24.100.2
? reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.100.2
? dtb-amazon-5.14.21-150400.24.100.1
? dtb-apm-5.14.21-150400.24.100.1
? dtb-broadcom-5.14.21-150400.24.100.1
? dtb-hisilicon-5.14.21-150400.24.100.1
? dtb-nvidia-5.14.21-150400.24.100.1
? kernel-64kb-optional-debuginfo-5.14.21-150400.24.100.2
? dtb-altera-5.14.21-150400.24.100.1
? reiserfs-kmp-64kb-5.14.21-150400.24.100.2
? dtb-apple-5.14.21-150400.24.100.1
? dtb-mediatek-5.14.21-150400.24.100.1
? kernel-64kb-livepatch-devel-5.14.21-150400.24.100.2
o openSUSE Leap 15.4 (aarch64 nosrc)
? kernel-64kb-5.14.21-150400.24.100.2
o openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
? kernel-default-5.14.21-150400.24.100.2
o openSUSE Leap Micro 5.3 (aarch64 x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
o openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
? kernel-default-5.14.21-150400.24.100.2
o openSUSE Leap Micro 5.4 (aarch64 x86_64)
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
o openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
o SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
o SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (aarch64 nosrc)
? kernel-64kb-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (aarch64)
? kernel-64kb-devel-debuginfo-5.14.21-150400.24.100.2
? kernel-64kb-debuginfo-5.14.21-150400.24.100.2
? kernel-64kb-debugsource-5.14.21-150400.24.100.2
? kernel-64kb-devel-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
? kernel-default-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
? kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2
o Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
? kernel-default-devel-debuginfo-5.14.21-150400.24.100.2
? kernel-default-devel-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (noarch)
? kernel-macros-5.14.21-150400.24.100.2
? kernel-devel-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (nosrc s390x)
? kernel-zfcpdump-5.14.21-150400.24.100.2
o Basesystem Module 15-SP4 (s390x)
? kernel-zfcpdump-debuginfo-5.14.21-150400.24.100.2
? kernel-zfcpdump-debugsource-5.14.21-150400.24.100.2
o Development Tools Module 15-SP4 (noarch nosrc)
? kernel-docs-5.14.21-150400.24.100.1
o Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
? kernel-obs-build-debugsource-5.14.21-150400.24.100.2
? kernel-obs-build-5.14.21-150400.24.100.2
? kernel-syms-5.14.21-150400.24.100.1
o Development Tools Module 15-SP4 (noarch)
? kernel-source-5.14.21-150400.24.100.2
o Legacy Module 15-SP4 (nosrc)
? kernel-default-5.14.21-150400.24.100.2
o Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
? reiserfs-kmp-default-5.14.21-150400.24.100.2
? reiserfs-kmp-default-debuginfo-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
? kernel-default-livepatch-5.14.21-150400.24.100.2
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
? kernel-default-livepatch-devel-5.14.21-150400.24.100.2
? kernel-livepatch-5_14_21-150400_24_100-default-1-150400.9.3.2
? kernel-livepatch-5_14_21-150400_24_100-default-debuginfo-1-150400.9.3.2
? kernel-livepatch-SLE15-SP4_Update_21-debugsource-1-150400.9.3.2
o SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
? gfs2-kmp-default-5.14.21-150400.24.100.2
? ocfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
? dlm-kmp-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
? cluster-md-kmp-default-5.14.21-150400.24.100.2
? ocfs2-kmp-default-5.14.21-150400.24.100.2
? gfs2-kmp-default-debuginfo-5.14.21-150400.24.100.2
? cluster-md-kmp-default-debuginfo-5.14.21-150400.24.100.2
? dlm-kmp-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
? kernel-default-5.14.21-150400.24.100.2
o SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
? kernel-default-debuginfo-5.14.21-150400.24.100.2
? kernel-default-debugsource-5.14.21-150400.24.100.2
? kernel-default-extra-5.14.21-150400.24.100.2
? kernel-default-extra-debuginfo-5.14.21-150400.24.100.2
References:
o https://www.suse.com/security/cve/CVE-2023-2006.html
o https://www.suse.com/security/cve/CVE-2023-25775.html
o https://www.suse.com/security/cve/CVE-2023-39197.html
o https://www.suse.com/security/cve/CVE-2023-39198.html
o https://www.suse.com/security/cve/CVE-2023-4244.html
o https://www.suse.com/security/cve/CVE-2023-45863.html
o https://www.suse.com/security/cve/CVE-2023-45871.html
o https://www.suse.com/security/cve/CVE-2023-46862.html
o https://www.suse.com/security/cve/CVE-2023-5158.html
o https://www.suse.com/security/cve/CVE-2023-5717.html
o https://www.suse.com/security/cve/CVE-2023-6039.html
o https://www.suse.com/security/cve/CVE-2023-6176.html
o https://bugzilla.suse.com/show_bug.cgi?id=1084909
o https://bugzilla.suse.com/show_bug.cgi?id=1210447
o https://bugzilla.suse.com/show_bug.cgi?id=1214286
o https://bugzilla.suse.com/show_bug.cgi?id=1214976
o https://bugzilla.suse.com/show_bug.cgi?id=1215124
o https://bugzilla.suse.com/show_bug.cgi?id=1215292
o https://bugzilla.suse.com/show_bug.cgi?id=1215420
o https://bugzilla.suse.com/show_bug.cgi?id=1215458
o https://bugzilla.suse.com/show_bug.cgi?id=1215710
o https://bugzilla.suse.com/show_bug.cgi?id=1216058
o https://bugzilla.suse.com/show_bug.cgi?id=1216105
o https://bugzilla.suse.com/show_bug.cgi?id=1216259
o https://bugzilla.suse.com/show_bug.cgi?id=1216584
o https://bugzilla.suse.com/show_bug.cgi?id=1216693
o https://bugzilla.suse.com/show_bug.cgi?id=1216759
o https://bugzilla.suse.com/show_bug.cgi?id=1216844
o https://bugzilla.suse.com/show_bug.cgi?id=1216861
o https://bugzilla.suse.com/show_bug.cgi?id=1216909
o https://bugzilla.suse.com/show_bug.cgi?id=1216959
o https://bugzilla.suse.com/show_bug.cgi?id=1216965
o https://bugzilla.suse.com/show_bug.cgi?id=1216976
o https://bugzilla.suse.com/show_bug.cgi?id=1217036
o https://bugzilla.suse.com/show_bug.cgi?id=1217068
o https://bugzilla.suse.com/show_bug.cgi?id=1217086
o https://bugzilla.suse.com/show_bug.cgi?id=1217124
o https://bugzilla.suse.com/show_bug.cgi?id=1217140
o https://bugzilla.suse.com/show_bug.cgi?id=1217195
o https://bugzilla.suse.com/show_bug.cgi?id=1217200
o https://bugzilla.suse.com/show_bug.cgi?id=1217205
o https://bugzilla.suse.com/show_bug.cgi?id=1217332
o https://bugzilla.suse.com/show_bug.cgi?id=1217366
o https://bugzilla.suse.com/show_bug.cgi?id=1217515
o https://bugzilla.suse.com/show_bug.cgi?id=1217598
o https://bugzilla.suse.com/show_bug.cgi?id=1217599
o https://bugzilla.suse.com/show_bug.cgi?id=1217609
o https://bugzilla.suse.com/show_bug.cgi?id=1217687
o https://bugzilla.suse.com/show_bug.cgi?id=1217731
o https://bugzilla.suse.com/show_bug.cgi?id=1217780
o https://jira.suse.com/browse/PED-3184
o https://jira.suse.com/browse/PED-5021
o https://jira.suse.com/browse/PED-7237
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZX+p4ckNZI30y1K9AQg4UQ/+JfktdZ/dvHxVj3eMlOaxJCXiLlRvgzh5
wZC2EyZHl+1F+e0hYItQSb8+8IygGPZEK4GEumIcwc4yDpbu5aeEEFgBrtmvOkIB
Mw3RPctm+lJWAqCv+LyV+jlpM3NlfCWuukPAxwZToq+XZHViF4XL2c/DKJ8QkttN
i1Wl6k6SNAxDto76I/4LhrhqeV32tsIPsZgEFSbFlW1MhuSNJlYcdhMGheGLKKO6
aPinf0PUK/XSY+l6vhDkeMWFA3LOSYxSza9kTiYxixVS+26tw/rCWSHVVdhatVqN
cDtOGE4VpzXanJPwyoU77t/SOdihmfmivJs0vVskhPwwvJuHhCvR6nXT/Uhlrx2R
INaBtCzR/Amc9/Eod55Hyo9qcQmXDcy5jax/Eha9J6CrH+cXmgI4tzCi6TH+Nh3N
KzwNl9KBjk8GATJ3NhI4HtQc19dI4W0Q5OlCG81pE/qX7WFtaMZ5UuWFZxFDB9X3
uKKCEIiWhjXc99761V68R67qYRZq/nxJamA30ShAc5ibd+/5eLoqE/Xx3ZcMAA1V
W0BOrbrQALK2EixTJLetUl/DNomHF/dcbO3wTDQSsI2TelOWD7l+3C99KhQCFEKr
7NjybQ5a3McWy4C3iDwoeroEiTHRrAJyJYnToYrwUZPrbXmjf8hRspet7wMb5ImY
/n/pSsJ13vQ=
=qso0
-----END PGP SIGNATURE-----