Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                   Security update for the Linux Kernel
                               20 March 2023


        AusCERT Security Bulletin Summary

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-26545 CVE-2023-25012 CVE-2023-23559
                   CVE-2023-23006 CVE-2023-23004 CVE-2023-23000
                   CVE-2023-22998 CVE-2023-22995 CVE-2023-1195
                   CVE-2023-1118 CVE-2023-1095 CVE-2023-1076
                   CVE-2023-0597 CVE-2023-0590 CVE-2023-0266
                   CVE-2023-0179 CVE-2023-0045 CVE-2022-47929
                   CVE-2022-38096 CVE-2022-36280 CVE-2022-3606

Original Bulletin: 

Comment: CVSS (Max):  7.8 CVE-2023-0266 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for the Linux Kernel

Announcement ID:  SUSE-SU-2023:0779-1
     Rating:      important
                    o #1186449
                    o #1203331
                    o #1203332
                    o #1203693
                    o #1204502
                    o #1204760
                    o #1205149
                    o #1206351
                    o #1206677
                    o #1206784
                    o #1207034
                    o #1207051
                    o #1207134
                    o #1207186
                    o #1207237
                    o #1207497
   References:      o #1207508
                    o #1207560
                    o #1207773
                    o #1207795
                    o #1207845
                    o #1207875
                    o #1207878
                    o #1208212
                    o #1208599
                    o #1208700
                    o #1208741
                    o #1208776
                    o #1208816
                    o #1208837
                    o #1208845
                    o #1208971
                    o #1209008

                    o CVE-2022-3606
                    o CVE-2022-36280
                    o CVE-2022-38096
                    o CVE-2022-47929
                    o CVE-2023-0045
                    o CVE-2023-0179
                    o CVE-2023-0266
                    o CVE-2023-0590
                    o CVE-2023-0597
                    o CVE-2023-1076
Cross-References:   o CVE-2023-1095
                    o CVE-2023-1118
                    o CVE-2023-1195
                    o CVE-2023-22995
                    o CVE-2023-22998
                    o CVE-2023-23000
                    o CVE-2023-23004
                    o CVE-2023-23006
                    o CVE-2023-23559
                    o CVE-2023-25012
                    o CVE-2023-26545

                    o CVE-2022-3606 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2022-3606 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R
                    o CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/
                    o CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0266 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/
                    o CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
  CVSS scores:        S:U/C:H/I:H/A:H
                    o CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1195 ( SUSE ): 2.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/
                    o CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N
                    o CVE-2023-23000 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R
                    o CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N
                    o CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
                    o CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N
                    o CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/
                    o CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
                    o CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/

                    o SUSE Linux Enterprise Micro 5.1
    Affected        o SUSE Linux Enterprise Micro 5.2
    Products:       o SUSE Linux Enterprise Micro for Rancher 5.2
                    o SUSE Linux Enterprise Real Time 15 SP3
                    o SUSE Real Time Module 15-SP3

An update that solves 21 vulnerabilities and has 12 fixes can now be installed.


The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  o CVE-2022-3606: Fixed a null pointer dereference inside the function
    find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component
    BPF (bsc#1204502).
  o CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in
    vmwgfx driver (bsc#1203332).
  o CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#
  o CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control
    subsystem (bsc#1207237).
  o CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
  o CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits
  o CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
    package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could
    have been used in a use-after-free that could have resulted in a priviledge
    escalation to gain ring0 access from the system user (bsc#1207134).
  o CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
  o CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm
  o CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open()
  o CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables
  o CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in
    media/rc (bsc#1208837).
  o CVE-2023-1195: Fixed a use-after-free caused by invalid pointer hostname in
    cifs (bsc#1208971).
  o CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in
    drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
  o CVE-2023-22998: Fixed NULL vs IS_ERR checking in
    virtio_gpu_object_shmem_init (bsc#1208776).
  o CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function
    phy/tegra (bsc#1208816).
  o CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843).
  o CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources
  o CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer
    overflow (bsc#1207051).
  o CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#
  o CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation
    failure (bsc#1208700).

The following non-security bugs were fixed:

  o add support for enabling livepatching related packages on -RT (jsc#
  o add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
  o bcache: fix set_at_max_writeback_rate() for multiple attached devices
  o blktrace: Fix output non-blktrace event when blk_classic option enabled
  o blktrace: ensure our debugfs dir exists (git-fixes).
  o ceph: avoid putting the realm twice when decoding snaps fails (bsc#
  o ceph: do not update snapshot context when there is no new snapshot (bsc#
  o config.conf: Drop armv7l, Leap 15.3 is EOL.
  o constraints: increase disk space for all architectures References: bsc#
    1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it
    is very close to the limit.
  o delete config/armv7hl/default.
  o delete config/armv7hl/lpae.
  o dm btree: add a defensive bounds check to insert_at() (git-fixes).
  o dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
  o dm cache: Fix UAF in destroy() (git-fixes).
  o dm cache: set needs_check flag after aborting metadata (git-fixes).
  o dm clone: Fix UAF in clone_dtr() (git-fixes).
  o dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
  o dm integrity: fix flush with external metadata device (git-fixes).
  o dm integrity: flush the journal on suspend (git-fixes).
  o dm integrity: select CRYPTO_SKCIPHER (git-fixes).
  o dm ioctl: fix misbehavior if list_versions races with module loading
  o dm ioctl: prevent potential spectre v1 gadget (git-fixes).
  o dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
  o dm space maps: do not reset space map allocation cursor when committing
  o dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
  o dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
  o dm thin: Fix UAF in run_timer_softirq() (git-fixes).
  o dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
  o dm thin: resume even if in FAIL mode (git-fixes).
  o dm verity: fix require_signatures module_param permissions (git-fixes).
  o dm verity: skip verity work if I/O error when system is shutting down
  o do not sign the vanilla kernel (bsc#1209008).
  o drivers:md:fix a potential use-after-free bug (git-fixes).
  o ext4: Fixup pages without buffers (bsc#1205495).
  o genirq: Provide new interfaces for affinity hints (bsc#1208153).
  o hid: betop: check shape of output reports (git-fixes, bsc#1207186).
  o hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
  o hid: check empty report_list in hid_validate_values() (git-fixes, bsc#
  o kabi/severities: add mlx5 internal symbols
  o kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
    When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which
    sets the variable for a simple command. However, the script is no longer a
    simple command. Export the variable instead.
  o kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508).
  o loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
  o loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
  o md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
  o md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
  o md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
  o md: protect md_unregister_thread from reentrancy (git-fixes).
  o mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
  o mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
  o mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
  o module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#
    1204356, bsc#1204662).
  o nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
  o nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
  o nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add
  o nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
  o nbd: fix io hung while disconnecting device (git-fixes).
  o nbd: fix max value for 'first_minor' (git-fixes).
  o nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
  o nbd: make the config put is called before the notifying the waiter
  o nbd: restore default timeout when setting it to zero (git-fixes).
  o net/mlx5: Allocate individual capability (bsc#119175).
  o net/mlx5: Dynamically resize flow counters query buffer (bsc#119175).
  o net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
  o net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175).
  o net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#
  o net/mlx5: Use order-0 allocations for EQs (bsc#119175).
  o net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
  o net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
  o net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
  o null_blk: fix ida error handling in null_add_dev() (git-fixes).
  o rbd: work around -Wuninitialized warning (git-fixes).
  o rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
  o refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351).
  o revert "constraints: increase disk space for all architectures" (bsc#
  o rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc
    pretends to support -mrecord-mcount option but actual gcc on ppc64le does
    not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable
    FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check
    failure. As we already have FTRACE_MCOUNT_USE_CC and
    FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a
    general pattern. And add OBJTOOL as well.
  o rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
    This new form was added in commit b8c86872d1dc (riscv: fix detection of
    toolchain Zicbom support).
  o rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to
  o rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the
    source file location provided with -L is either prefixed or postfixed with
    forward slash, the script get stuck in a infinite loop inside calc_dirs()
    where $path is an empty string. user@localhost:/tmp> perl "$HOME/
    group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/
    linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/
    Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation
    path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path =
    path = path = ... # Stuck in an infinite loop This workarounds the issue by
    breaking out the loop once path is an empty string. For a proper fix we'd
    want something that filesystem-aware, but this workaround should be enough
    for the rare occation that this script is ran manually. Link: http://
  o rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree
    KMPs This makes in-tree KMPs more consistent with externally built KMPs and
    silences several rpmlint warnings.
  o rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
  o s390/kexec: fix ipl report address for kdump (bsc#1207575).
  o scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
  o scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
  o scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
  o scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes).
  o scsi: advansys: Fix kernel pointer leak (git-fixes).
  o scsi: aha152x: Fix aha152x_setup() __setup handler return value
  o scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
  o scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
  o scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
  o scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
  o scsi: bnx2fc: Return failure if io_req is already in ABTS processing
  o scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
  o scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
  o scsi: core: Do not start concurrent async scan on same host (git-fixes).
  o scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
  o scsi: core: Fix capacity set to zero after offlinining device (git-fixes).
  o scsi: core: Fix hang of freezing queue between blocking and running device
  o scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
  o scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
  o scsi: core: free sgtables in case command setup fails (git-fixes).
  o scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).
  o scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
  o scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
  o scsi: fcoe: Fix possible name leak when device_register() fails
  o scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
  o scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
  o scsi: fnic: fix use after free (git-fixes).
  o scsi: hisi_sas: Check sas_port before using it (git-fixes).
  o scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails
  o scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
  o scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
  o scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
  o scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec()
  o scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
  o scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
  o scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
  o scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
  o scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
  o scsi: ipr: Fix missing/incorrect resource cleanup in error case
  o scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
  o scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
  o scsi: iscsi: Do not destroy session if there are outstanding connections
  o scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
  o scsi: iscsi: Do not send data to unbound connection (git-fixes).
  o scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
  o scsi: iscsi: Fix shost->max_id use (git-fixes).
  o scsi: iscsi: Report unbind session event when the target has been removed
  o scsi: iscsi: Unblock session then wake up error handler (git-fixes).
  o scsi: libfc: Fix a format specifier (git-fixes).
  o scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
  o scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
  o scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
  o scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
  o scsi: megaraid: Fix error check return value of register_chrdev()
  o scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
  o scsi: megaraid_sas: Early detection of VD deletion through RaidMap update
  o scsi: megaraid_sas: Fix double kfree() (git-fixes).
  o scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).
  o scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs
  o scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
  o scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
  o scsi: mpt3sas: Block PCI config access from userspace during reset
  o scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
  o scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
  o scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
  o scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
  o scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
  o scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
  o scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
  o scsi: myrs: Fix crash in error case (git-fixes).
  o scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
  o scsi: pm: Balance pm_only counter of request queue during system resume
  o scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
  o scsi: qedf: Add check to synchronize abort and flush (git-fixes).
  o scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
  o scsi: qedf: Fix refcount issue when LOGO is received during TMF
  o scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
  o scsi: qedi: Fix failed disconnect handling (git-fixes).
  o scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).
  o scsi: qedi: Fix null ref during abort handling (git-fixes).
  o scsi: qedi: Protect active command list to avoid list corruption
  o scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#
  o scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
  o scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
  o scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper()
  o scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
  o scsi: scsi_dh_alua: Check for negative result value (git-fixes).
  o scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
  o scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
  o scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
  o scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
  o scsi: scsi_transport_spi: Set RQF_PM for domain validation commands
  o scsi: sd: Free scsi_disk device via put_device() (git-fixes).
  o scsi: sd: Suppress spurious errors when WRITE SAME is being disabled
  o scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
  o scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
  o scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
  o scsi: sr: Do not use GFP_DMA (git-fixes).
  o scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
  o scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
  o scsi: sr: Return correct event when media event code is 3 (git-fixes).
  o scsi: st: Fix a use after free in st_open() (git-fixes).
  o scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk
    ->poweroff() (git-fixes).
  o scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
  o scsi: ufs: Clean up completed request without interrupt notification
  o scsi: ufs: Fix a race condition in the tracing code (git-fixes).
  o scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
  o scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
  o scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
  o scsi: ufs: Fix irq return code (git-fixes).
  o scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
  o scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
  o scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold()
  o scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
  o scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
  o scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
  o scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
  o scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
  o scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes).
  o scsi: ufs: fix potential bug which ends in system hang (git-fixes).
  o scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config
    () (git-fixes).
  o scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
  o scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
  o scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
  o scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
  o sctp: fail if no bound addresses can be used for a given scope (bsc#
  o sctp: sysctl: make extra pointers netns aware (bsc#1204760).
  o update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
  o update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff
  o update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#
  o update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size
  o update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities
  o update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175).
    Fixed bugzilla reference.
  o vmxnet3: move rss code block under eop descriptor (bsc#1208212).
  o watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#
  o watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).

Special Instructions and Notes:

  o Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Real Time Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-779=1
  o SUSE Linux Enterprise Micro 5.1
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-779=1
  o SUSE Linux Enterprise Micro 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-779=1
  o SUSE Linux Enterprise Micro for Rancher 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-779=1

Package List:

  o SUSE Real Time Module 15-SP3 (x86_64)
  o SUSE Real Time Module 15-SP3 (noarch)
  o SUSE Real Time Module 15-SP3 (nosrc x86_64)
  o SUSE Real Time Module 15-SP3 (nosrc)
  o SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
  o SUSE Linux Enterprise Micro 5.1 (x86_64)
  o SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
  o SUSE Linux Enterprise Micro 5.2 (x86_64)
  o SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
  o SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)


  o https://www.suse.com/security/cve/CVE-2022-3606.html
  o https://www.suse.com/security/cve/CVE-2022-36280.html
  o https://www.suse.com/security/cve/CVE-2022-38096.html
  o https://www.suse.com/security/cve/CVE-2022-47929.html
  o https://www.suse.com/security/cve/CVE-2023-0045.html
  o https://www.suse.com/security/cve/CVE-2023-0179.html
  o https://www.suse.com/security/cve/CVE-2023-0266.html
  o https://www.suse.com/security/cve/CVE-2023-0590.html
  o https://www.suse.com/security/cve/CVE-2023-0597.html
  o https://www.suse.com/security/cve/CVE-2023-1076.html
  o https://www.suse.com/security/cve/CVE-2023-1095.html
  o https://www.suse.com/security/cve/CVE-2023-1118.html
  o https://www.suse.com/security/cve/CVE-2023-1195.html
  o https://www.suse.com/security/cve/CVE-2023-22995.html
  o https://www.suse.com/security/cve/CVE-2023-22998.html
  o https://www.suse.com/security/cve/CVE-2023-23000.html
  o https://www.suse.com/security/cve/CVE-2023-23004.html
  o https://www.suse.com/security/cve/CVE-2023-23006.html
  o https://www.suse.com/security/cve/CVE-2023-23559.html
  o https://www.suse.com/security/cve/CVE-2023-25012.html
  o https://www.suse.com/security/cve/CVE-2023-26545.html
  o https://bugzilla.suse.com/show_bug.cgiid=1186449
  o https://bugzilla.suse.com/show_bug.cgiid=1203331
  o https://bugzilla.suse.com/show_bug.cgiid=1203332
  o https://bugzilla.suse.com/show_bug.cgiid=1203693
  o https://bugzilla.suse.com/show_bug.cgiid=1204502
  o https://bugzilla.suse.com/show_bug.cgiid=1204760
  o https://bugzilla.suse.com/show_bug.cgiid=1205149
  o https://bugzilla.suse.com/show_bug.cgiid=1206351
  o https://bugzilla.suse.com/show_bug.cgiid=1206677
  o https://bugzilla.suse.com/show_bug.cgiid=1206784
  o https://bugzilla.suse.com/show_bug.cgiid=1207034
  o https://bugzilla.suse.com/show_bug.cgiid=1207051
  o https://bugzilla.suse.com/show_bug.cgiid=1207134
  o https://bugzilla.suse.com/show_bug.cgiid=1207186
  o https://bugzilla.suse.com/show_bug.cgiid=1207237
  o https://bugzilla.suse.com/show_bug.cgiid=1207497
  o https://bugzilla.suse.com/show_bug.cgiid=1207508
  o https://bugzilla.suse.com/show_bug.cgiid=1207560
  o https://bugzilla.suse.com/show_bug.cgiid=1207773
  o https://bugzilla.suse.com/show_bug.cgiid=1207795
  o https://bugzilla.suse.com/show_bug.cgiid=1207845
  o https://bugzilla.suse.com/show_bug.cgiid=1207875
  o https://bugzilla.suse.com/show_bug.cgiid=1207878
  o https://bugzilla.suse.com/show_bug.cgiid=1208212
  o https://bugzilla.suse.com/show_bug.cgiid=1208599
  o https://bugzilla.suse.com/show_bug.cgiid=1208700
  o https://bugzilla.suse.com/show_bug.cgiid=1208741
  o https://bugzilla.suse.com/show_bug.cgiid=1208776
  o https://bugzilla.suse.com/show_bug.cgiid=1208816
  o https://bugzilla.suse.com/show_bug.cgiid=1208837
  o https://bugzilla.suse.com/show_bug.cgiid=1208845
  o https://bugzilla.suse.com/show_bug.cgiid=1208971
  o https://bugzilla.suse.com/show_bug.cgiid=1209008

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/