Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                   Security update for the Linux Kernel
                               12 April 2023


        AusCERT Security Bulletin Summary

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-28466 CVE-2023-28464 CVE-2023-28327
                   CVE-2023-1652 CVE-2023-1637 CVE-2023-1582
                   CVE-2023-1513 CVE-2023-1281 CVE-2023-0394
                   CVE-2022-4744 CVE-2017-5753 

Original Bulletin: 

Comment: CVSS (Max):  7.8 CVE-2023-28466 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: [SUSE], Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for the Linux Kernel

Announcement ID:  SUSE-SU-2023:1802-1
     Rating:      important
                    o #1065729
                    o #1109158
                    o #1189998
                    o #1193629
                    o #1194869
                    o #1198400
                    o #1203200
                    o #1206552
                    o #1207168
                    o #1207185
                    o #1207574
                    o #1208602
                    o #1208815
                    o #1208902
                    o #1209052
                    o #1209118
                    o #1209256
                    o #1209290
   References:      o #1209292
                    o #1209366
                    o #1209532
                    o #1209547
                    o #1209556
                    o #1209600
                    o #1209634
                    o #1209635
                    o #1209636
                    o #1209681
                    o #1209684
                    o #1209779
                    o #1209788
                    o #1209798
                    o #1209799
                    o #1209804
                    o #1209805
                    o #1210050

                    o CVE-2017-5753
                    o CVE-2022-4744
                    o CVE-2023-0394
                    o CVE-2023-1281
                    o CVE-2023-1513
Cross-References:   o CVE-2023-1582
                    o CVE-2023-1637
                    o CVE-2023-1652
                    o CVE-2023-28327
                    o CVE-2023-28464
                    o CVE-2023-28466

                    o CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/
                    o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/
                    o CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
  CVSS scores:      o CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/
                    o CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R
                    o CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/

                    o openSUSE Leap 15.4
                    o Public Cloud Module 15-SP4
                    o SUSE Linux Enterprise High Performance Computing 15 SP4
    Affected        o SUSE Linux Enterprise Server 15 SP4
    Products:       o SUSE Linux Enterprise Server for SAP Applications 15 SP4
                    o SUSE Manager Proxy 4.3
                    o SUSE Manager Retail Branch Server 4.3
                    o SUSE Manager Server 4.3

An update that solves 11 vulnerabilities and has 25 fixes can now be installed.


The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  o CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
  o CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  o CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
    escalation in TUN/TAP device driver functionality (bsc#1209635).
  o CVE-2023-0394: Fixed NULL pointer dereference that could lead to a system
    crash in rawv6_push_pending_frames in net/ipv6/raw.c (bsc#1207168).
  o CVE-2023-1281: Fixed use after free that could lead to privilege escalation
    in tcindex (bsc#1209634).
  o CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
    structure that could be copied to userspace, causing an information leak
  o CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
  o CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access
    to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
  o CVE-2023-1652: Fixed use-after-free that could lead to DoS and information
    leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
  o CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
  o CVE-2023-28464: Fixed user-after-free that could lead to privilege
    escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
  o CVE-2023-28466: Fixed race condition that could lead to use-after-free or
    NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#

The following non-security bugs were fixed:

  o ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable
  o ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
  o ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
  o ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
  o ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
  o ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
  o ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
  o ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
  o ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
  o ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
  o ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
  o ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
  o Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
  o Bluetooth: btqcomsmd: Fix command timeout after setting BD address
  o Bluetooth: btsdio: fix use after free bug in btsdio_remove due to
    unfinished work (git-fixes).
  o Fix error path in pci-hyperv to unlock the mutex state_lock
  o HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
  o HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
  o Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
  o KVM: x86: fix sending PV IPI (git-fixes).
  o Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
  o NFSv4: Fix hangs when recovering open state after a server reboot
  o PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
  o PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
  o PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#
  o PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#
  o PCI: hv: Use async probing to reduce boot time (bsc#1207185).
  o PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#
  o Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#
  o Revert "PCI: hv: Fix a timing issue which causes kdump to fail
    occasionally" (bsc#1207185).
  o Revert "Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments"
  o Revert "Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)
  o Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)
  o USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
  o USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
  o USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver
  o USB: chipdea: core: fix return -EINVAL if request role is the same with
    current role (git-fixes).
  o USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
  o USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
  o USB: dwc3: Fix a typo in field name (git-fixes).
  o USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC
  o USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
  o USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
  o USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
  o USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()
  o USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
  o USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
  o USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
  o USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
  o USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
  o USB: typec: tcpm: fix warning when handle discover_identity message
  o USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
  o USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
  o arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
  o arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
  o arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
  o arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
  o arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
  o arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
  o arm64: dts: imx8mp: correct usb clocks (git-fixes)
  o arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions
  o arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
  o arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent
  o atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
  o ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
  o ca8210: fix mac_len negative array access (git-fixes).
  o can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
  o cifs: Fix smb2_set_path_size() (git-fixes).
  o cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
  o cifs: append path to open_enter trace event (bsc#1193629).
  o cifs: avoid race conditions with parallel reconnects (bsc#1193629).
  o cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
  o cifs: check only tcon status on tcon related functions (bsc#1193629).
  o cifs: do not poll server interfaces too regularly (bsc#1193629).
  o cifs: dump pending mids for all channels in DebugData (bsc#1193629).
  o cifs: empty interface list when server does not support query interfaces
  o cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
  o cifs: fix dentry lookups in directory handle cache (bsc#1193629).
  o cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
  o cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
  o cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
  o cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
  o cifs: lock chan_lock outside match_session (bsc#1193629).
  o cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
  o cifs: print session id while listing open files (bsc#1193629).
  o cifs: return DFS root session id in DebugData (bsc#1193629).
  o cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
  o cifs: use DFS root session instead of tcon ses (bsc#1193629).
  o drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#
  o drivers/base: fix userspace break from using bin_attributes for cpumap and
    cpulist (bsc#1208815).
  o drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
  o drm/amdkfd: Fix an illegal memory access (git-fixes).
  o drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
  o drm/i915/active: Fix missing debug object activation (git-fixes).
  o drm/i915/active: Fix misuse of non-idle barriers as fence trackers
  o drm/i915/display/psr: Handle plane and pipe restrictions at every page flip
  o drm/i915/display/psr: Use drm damage helpers to calculate plane damaged
    area (git-fixes).
  o drm/i915/display: Workaround cursor left overs with PSR2 selective fetch
    enabled (git-fixes).
  o drm/i915/display: clean up comments (git-fixes).
  o drm/i915/gt: perform uc late init after probe error injection (git-fixes).
  o drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
  o drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
  o drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
  o drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
  o drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
  o drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
  o efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
  o fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
  o firmware: arm_scmi: Fix device node validation for mailbox transport
  o hwmon: fix potential sensor registration fail if of_node is missing
  o i2c: hisi: Only use the completion interrupt to finish the transfer
  o i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
  o i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
  o kABI: x86/msr: Remove .fixup usage (kabi).
  o kconfig: Update config changed flag before calling callback (git-fixes).
  o lan78xx: Add missing return code checks (git-fixes).
  o lan78xx: Fix exception on link speed change (git-fixes).
  o lan78xx: Fix memory allocation bug (git-fixes).
  o lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
  o lan78xx: Fix race condition in disconnect handling (git-fixes).
  o lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
  o lan78xx: Fix white space and style issues (git-fixes).
  o lan78xx: Remove unused pause frame queue (git-fixes).
  o lan78xx: Remove unused timer (git-fixes).
  o lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
  o lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
  o locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998
    (PREEMPT_RT prerequisite backports), bsc#1206552).
  o mm: memcg: fix swapcached stat accounting (bsc#1209804).
  o mmc: atmel-mci: fix race between stop command and start of next command
  o mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
  o net: asix: fix modprobe "sysfs: cannot create duplicate filename"
  o net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
  o net: phy: Ensure state transitions are processed from phy_stop()
  o net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
  o net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
  o net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
  o net: qcom/emac: Fix use after free bug in emac_remove due to race condition
  o net: usb: asix: remove redundant assignment to variable reg (git-fixes).
  o net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
  o net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
  o net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
  o net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
  o net: usb: use eth_hw_addr_set() (git-fixes).
  o nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
  o nvme-tcp: always fail a request when sending it failed (bsc#1208902).
  o pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
  o pinctrl: at91-pio4: fix domain name assignment (git-fixes).
  o pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
  o platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
  o platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
  o platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
  o platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
  o platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth()
  o platform/x86: think-lmi: Opcode support (bsc#1210050).
  o platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
  o platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#
  o platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#
  o platform/x86: think-lmi: add debug_cmd (bsc#1210050).
  o platform/x86: think-lmi: add missing type attribute (git-fixes).
  o platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
  o platform/x86: think-lmi: only display possible_values if available
  o platform/x86: think-lmi: use correct possible_values delimiters
  o platform/x86: thinkpad-acpi: Add support for automatic mode transitions
  o platform/x86: thinkpad-acpi: Enable AMT by default on supported systems
  o platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
  o platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning
    -ENODEV (bsc#1210050).
  o platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs
  o platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
  o platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of
    laptops (bsc#1210050).
  o platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
  o platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#
  o platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper
  o platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc
  o platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#
  o platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
  o platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#
  o platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc
  o platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
  o platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#
  o platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc
  o platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup
  o platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#
  o platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
  o platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err
    variable (bsc#1210050).
  o platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD
    platforms (bsc#1210050).
  o platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#
  o platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#
  o platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#
  o platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some
    models (bsc#1210050).
  o platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the
    wrong place (bsc#1210050).
  o platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#
  o platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255
  o platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles
    only once (bsc#1210050).
  o platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead
    of 1 (bsc#1210050).
  o platform/x86: thinkpad_acpi: Properly indent code in
    tpacpi_dytc_profile_init() (bsc#1210050).
  o platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init
  o platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc
  o platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered
    flag (bsc#1210050).
  o platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and
    hotkey_radio_sw sysfs-attr (bsc#1210050).
  o platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
  o platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#
  o platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
  o platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
  o platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#
  o platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#
  o platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes
    not device attrs (bsc#1210050).
  o platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
  o power: supply: da9150: Fix use after free bug in da9150_charger_remove due
    to race condition (git-fixes).
  o powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
    switch (bsc#1194869).
  o powerpc/btext: add missing of_node_put (bsc#1065729).
  o powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
  o powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#
  o powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
  o powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#
  o powerpc/kexec_file: fix implicit decl error (bsc#1194869).
  o powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#
  o powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
  o powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158
    ltc#169177 git-fixes).
  o powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#
  o powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
  o powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
  o powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
  o powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#
  o powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
  o powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
  o r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
  o regulator: Handle deferred clk (git-fixes).
  o remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185).
  o rpm/config.sh: Disable DT build. This setting has been ignored for
    non-default variants so far.
  o rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and
    the build fails recently on SLE15-SP4/5.
  o s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
  o s390/dasd: fix no record found for raw_track_access (bsc#1207574).
  o s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
  o sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
  o sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
  o scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#
    1209684 bsc#1209556).
  o sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#
    1208602, git-fixes).
  o serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
  o serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED
  o serial: fsl_lpuart: Fix comment typo (git-fixes).
  o smb3: fix unusable share after force unmount failure (bsc#1193629).
  o smb3: lower default deferred close timeout to address perf regression (bsc#
  o thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
  o thunderbolt: Call tb_check_quirks() after initializing adapters
  o thunderbolt: Disable interrupt auto clear for rings (git-fixes).
  o thunderbolt: Rename shadowed variables bit to interrupt_bit and
    auto_clear_bit (git-fixes).
  o thunderbolt: Use const qualifier for ring_interrupt_index (git-fixes).
  o thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
  o tty: serial: fsl_lpuart: skip waiting for transmission complete when
    UARTCTRL_SBK is asserted (git-fixes).
  o uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
  o vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
  o wifi: mac80211: fix qos on mesh interfaces (git-fixes).
  o x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
  o x86/fpu/xsave: Handle compacted offsets correctly with supervisor states
  o x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  o x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  o x86/fpu: Cache xfeature flags from CPUID (git-fixes).
  o x86/fpu: Remove unused supervisor only offsets (git-fixes).
  o x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
  o x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
  o x86/mce: Allow instrumentation during task work queueing (git-fixes).
  o x86/mce: Mark mce_end() noinstr (git-fixes).
  o x86/mce: Mark mce_panic() noinstr (git-fixes).
  o x86/mce: Mark mce_read_aux() noinstr (git-fixes).
  o x86/mm: Flush global TLB when switching to trampoline page-table
  o x86/msr: Remove .fixup usage (git-fixes).
  o x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
  o x86/sgx: Silence softlockup detection when releasing large enclaves
  o x86/uaccess: Move variable into switch case statement (git-fixes).
  o x86: Annotate call_on_stack() (git-fixes).
  o x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#
  o xfs: convert ptag flags to unsigned (git-fixes).
  o xfs: do not assert fail on perag references on teardown (git-fixes).
  o xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
  o xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
  o xfs: remove xfs_setattr_time() declaration (git-fixes).
  o xfs: zero inode fork buffer at allocation (git-fixes).
  o xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).

Special Instructions and Notes:

  o Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2023-1802=1
  o Public Cloud Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1802=1

Package List:

  o openSUSE Leap 15.4 (aarch64 x86_64)
  o openSUSE Leap 15.4 (aarch64 nosrc x86_64)
  o openSUSE Leap 15.4 (noarch)
  o Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
  o Public Cloud Module 15-SP4 (aarch64 x86_64)
  o Public Cloud Module 15-SP4 (noarch)


  o https://www.suse.com/security/cve/CVE-2017-5753.html
  o https://www.suse.com/security/cve/CVE-2022-4744.html
  o https://www.suse.com/security/cve/CVE-2023-0394.html
  o https://www.suse.com/security/cve/CVE-2023-1281.html
  o https://www.suse.com/security/cve/CVE-2023-1513.html
  o https://www.suse.com/security/cve/CVE-2023-1582.html
  o https://www.suse.com/security/cve/CVE-2023-1637.html
  o https://www.suse.com/security/cve/CVE-2023-1652.html
  o https://www.suse.com/security/cve/CVE-2023-28327.html
  o https://www.suse.com/security/cve/CVE-2023-28464.html
  o https://www.suse.com/security/cve/CVE-2023-28466.html
  o https://bugzilla.suse.com/show_bug.cgiid=1065729
  o https://bugzilla.suse.com/show_bug.cgiid=1109158
  o https://bugzilla.suse.com/show_bug.cgiid=1189998
  o https://bugzilla.suse.com/show_bug.cgiid=1193629
  o https://bugzilla.suse.com/show_bug.cgiid=1194869
  o https://bugzilla.suse.com/show_bug.cgiid=1198400
  o https://bugzilla.suse.com/show_bug.cgiid=1203200
  o https://bugzilla.suse.com/show_bug.cgiid=1206552
  o https://bugzilla.suse.com/show_bug.cgiid=1207168
  o https://bugzilla.suse.com/show_bug.cgiid=1207185
  o https://bugzilla.suse.com/show_bug.cgiid=1207574
  o https://bugzilla.suse.com/show_bug.cgiid=1208602
  o https://bugzilla.suse.com/show_bug.cgiid=1208815
  o https://bugzilla.suse.com/show_bug.cgiid=1208902
  o https://bugzilla.suse.com/show_bug.cgiid=1209052
  o https://bugzilla.suse.com/show_bug.cgiid=1209118
  o https://bugzilla.suse.com/show_bug.cgiid=1209256
  o https://bugzilla.suse.com/show_bug.cgiid=1209290
  o https://bugzilla.suse.com/show_bug.cgiid=1209292
  o https://bugzilla.suse.com/show_bug.cgiid=1209366
  o https://bugzilla.suse.com/show_bug.cgiid=1209532
  o https://bugzilla.suse.com/show_bug.cgiid=1209547
  o https://bugzilla.suse.com/show_bug.cgiid=1209556
  o https://bugzilla.suse.com/show_bug.cgiid=1209600
  o https://bugzilla.suse.com/show_bug.cgiid=1209634
  o https://bugzilla.suse.com/show_bug.cgiid=1209635
  o https://bugzilla.suse.com/show_bug.cgiid=1209636
  o https://bugzilla.suse.com/show_bug.cgiid=1209681
  o https://bugzilla.suse.com/show_bug.cgiid=1209684
  o https://bugzilla.suse.com/show_bug.cgiid=1209779
  o https://bugzilla.suse.com/show_bug.cgiid=1209788
  o https://bugzilla.suse.com/show_bug.cgiid=1209798
  o https://bugzilla.suse.com/show_bug.cgiid=1209799
  o https://bugzilla.suse.com/show_bug.cgiid=1209804
  o https://bugzilla.suse.com/show_bug.cgiid=1209805
  o https://bugzilla.suse.com/show_bug.cgiid=1210050

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/