Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.2227
Security update for the Linux Kernel
19 April 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-28466 CVE-2023-28464 CVE-2023-28327
CVE-2023-23001 CVE-2023-1838 CVE-2023-1652
CVE-2023-1637 CVE-2023-1611 CVE-2023-1582
CVE-2023-1513 CVE-2023-1281 CVE-2023-0394
CVE-2022-4744 CVE-2017-5753
Original Bulletin:
https://www.suse.com/support/update/announcement/2023/suse-su-20231897-1
Comment: CVSS (Max): 7.8 CVE-2023-28466 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:1897-1
Rating: important
o #1065729
o #1109158
o #1189998
o #1193629
o #1194869
o #1203200
o #1206552
o #1207168
o #1207185
o #1207574
o #1208602
o #1208815
o #1208829
o #1208902
o #1209052
o #1209118
o #1209256
o #1209290
o #1209292
References: o #1209366
o #1209532
o #1209547
o #1209556
o #1209572
o #1209600
o #1209634
o #1209635
o #1209636
o #1209681
o #1209684
o #1209687
o #1209779
o #1209788
o #1209798
o #1209799
o #1209804
o #1209805
o #1210050
o #1210203
o CVE-2017-5753
o CVE-2022-4744
o CVE-2023-0394
o CVE-2023-1281
o CVE-2023-1513
o CVE-2023-1582
o CVE-2023-1611
Cross-References: o CVE-2023-1637
o CVE-2023-1652
o CVE-2023-1838
o CVE-2023-23001
o CVE-2023-28327
o CVE-2023-28464
o CVE-2023-28466
o CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/
S:C/C:H/I:N/A:N
o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:C/C:H/I:N/A:N
o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/
S:C/C:H/I:N/A:N
o CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:L/I:N/A:N
o CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
CVSS scores: o CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:N/A:H
o CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/
S:U/C:L/I:L/A:L
o CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:N
o CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:H
o CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:H
o CVE-2023-23001 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-23001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R
/S:U/C:N/I:N/A:H
o CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:H
o CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o Basesystem Module 15-SP4
o Development Tools Module 15-SP4
o Legacy Module 15-SP4
o openSUSE Leap 15.4
o openSUSE Leap Micro 5.3
o SUSE Linux Enterprise Desktop 15 SP4
o SUSE Linux Enterprise High Availability Extension 15 SP4
o SUSE Linux Enterprise High Performance Computing 15 SP4
o SUSE Linux Enterprise Live Patching 15-SP4
Affected o SUSE Linux Enterprise Micro 5.3
Products: o SUSE Linux Enterprise Micro 5.4
o SUSE Linux Enterprise Micro for Rancher 5.3
o SUSE Linux Enterprise Micro for Rancher 5.4
o SUSE Linux Enterprise Real Time 15 SP4
o SUSE Linux Enterprise Server 15 SP4
o SUSE Linux Enterprise Server for SAP Applications 15 SP4
o SUSE Linux Enterprise Workstation Extension 15 SP4
o SUSE Manager Proxy 4.3
o SUSE Manager Retail Branch Server 4.3
o SUSE Manager Server 4.3
An update that solves 14 vulnerabilities and has 25 fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#
1209687).
o CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent.
This flaw could allow a local attacker to crash the system and lead to a
kernel information leak problem. (bsc#1210203).
o CVE-2023-0394: Fixed a null pointer dereference in the network
subcomponent. This flaw could cause system crashes (bsc#1207168).
o CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
structure that could be copied to userspace, causing an information leak
(bsc#1209532).
o CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
o CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
o CVE-2023-28464: Fixed user-after-free that could lead to privilege
escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
o CVE-2023-28466: Fixed race condition that could lead to use-after-free or
NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#
1209366).
o CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access
to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
o CVE-2023-1652: Fixed use-after-free that could lead to DoS and information
leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
o CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
escalation in TUN/TAP device driver functionality (bsc#1209635).
o CVE-2023-1281: Fixed use after free that could lead to privilege escalation
in tcindex (bsc#1209634).
o CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
o CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
o CVE-2023-23001: Fixed misinterpretation of regulator_get return value in
drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
The following non-security bugs were fixed:
o ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable
(git-fixes).
o alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
o ALSA: asihpi: check pao in control_message() (git-fixes).
o ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
o ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
o ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
o ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
o ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
o ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform
(git-fixes).
o ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
o ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
o ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
(git-fixes).
o ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
o ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
o ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
o arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
o ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
o ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
o arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
o arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
o arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
o arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
o arm64: dts: imx8mp: correct usb clocks (git-fixes)
o arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions
(git-fixes)
o arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
o arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent
(git-fixes).
o arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
o ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
o atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
o Bluetooth: btqcomsmd: Fix command timeout after setting BD address
(git-fixes).
o Bluetooth: btsdio: fix use after free bug in btsdio_remove due to
unfinished work (git-fixes).
o Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
o ca8210: fix mac_len negative array access (git-fixes).
o ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
(git-fixes).
o can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
o can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
(git-fixes).
o can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
(git-fixes).
o cifs: append path to open_enter trace event (bsc#1193629).
o cifs: avoid race conditions with parallel reconnects (bsc#1193629).
o cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
o cifs: check only tcon status on tcon related functions (bsc#1193629).
o cifs: do not poll server interfaces too regularly (bsc#1193629).
o cifs: double lock in cifs_reconnect_tcon() (git-fixes).
o cifs: dump pending mids for all channels in DebugData (bsc#1193629).
o cifs: empty interface list when server does not support query interfaces
(bsc#1193629).
o cifs: fix dentry lookups in directory handle cache (bsc#1193629).
o cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
o cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
o cifs: Fix smb2_set_path_size() (git-fixes).
o cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
o cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
o cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
o cifs: lock chan_lock outside match_session (bsc#1193629).
o cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
o cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
o cifs: print session id while listing open files (bsc#1193629).
o cifs: return DFS root session id in DebugData (bsc#1193629).
o cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
o cifs: use DFS root session instead of tcon ses (bsc#1193629).
o clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown
(git-fixes).
o debugfs: add debugfs_lookup_and_remove() (git-fixes).
o drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#
1208815).
o drivers/base: fix userspace break from using bin_attributes for cpumap and
cpulist (bsc#1208815).
o drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
(git-fixes).
o drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
(git-fixes).
o drm/amdkfd: Fix an illegal memory access (git-fixes).
o drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
(git-fixes).
o drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
o drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
o drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
o drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
o drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
o drm/i915/active: Fix missing debug object activation (git-fixes).
o drm/i915/active: Fix misuse of non-idle barriers as fence trackers
(git-fixes).
o drm/i915/display: clean up comments (git-fixes).
o drm/i915/display: Workaround cursor left overs with PSR2 selective fetch
enabled (git-fixes).
o drm/i915/display/psr: Handle plane and pipe restrictions at every page flip
(git-fixes).
o drm/i915/display/psr: Use drm damage helpers to calculate plane damaged
area (git-fixes).
o drm/i915/gt: perform uc late init after probe error injection (git-fixes).
o drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
o drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
o drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
o dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
o efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
o fbdev: au1200fb: Fix potential divide by zero (git-fixes).
o fbdev: intelfb: Fix potential divide by zero (git-fixes).
o fbdev: lxfb: Fix potential divide by zero (git-fixes).
o fbdev: nvidia: Fix potential divide by zero (git-fixes).
o fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
(git-fixes).
o fbdev: tgafb: Fix potential divide by zero (git-fixes).
o firmware: arm_scmi: Fix device node validation for mailbox transport
(git-fixes).
o fotg210-udc: Add missing completion handler (git-fixes).
o ftrace: Fix invalid address access in lookup_rec() when index is 0
(git-fixes).
o ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct
() (git-fixes).
o ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
o gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
o gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
o HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
(git-fixes).
o HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
(git-fixes).
o hwmon: fix potential sensor registration fail if of_node is missing
(git-fixes).
o i2c: hisi: Only use the completion interrupt to finish the transfer
(git-fixes).
o i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
o i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
(git-fixes).
o iio: adc: ad7791: fix IRQ flags (git-fixes).
o iio: adc: ti-ads7950: Set can_sleep flag for GPIO chip (git-fixes).
o iio: adis16480: select CONFIG_CRC32 (git-fixes).
o iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
o iio: light: cm32181: Unregister second I2C client if present (git-fixes).
o Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
o Input: focaltech - use explicitly signed char type (git-fixes).
o Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
(git-fixes).
o KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled
(Never, kabi).
o kABI workaround for xhci (git-fixes).
o kABI: x86/msr: Remove .fixup usage (kabi).
o kconfig: Update config changed flag before calling callback (git-fixes).
o keys: Do not cache key in task struct if key is requested from kernel
thread (git-fixes).
o KVM: x86: fix sending PV IPI (git-fixes).
o KVM: x86: fix sending PV IPI (git-fixes).
o lan78xx: Add missing return code checks (git-fixes).
o lan78xx: Fix exception on link speed change (git-fixes).
o lan78xx: Fix memory allocation bug (git-fixes).
o lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
o lan78xx: Fix race condition in disconnect handling (git-fixes).
o lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
o lan78xx: Fix white space and style issues (git-fixes).
o lan78xx: Remove unused pause frame queue (git-fixes).
o lan78xx: Remove unused timer (git-fixes).
o lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
o lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
o locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998
(PREEMPT_RT prerequisite backports), bsc#1206552).
o mm: memcg: fix swapcached stat accounting (bsc#1209804).
o mm: mmap: remove newline at the end of the trace (git-fixes).
o mmc: atmel-mci: fix race between stop command and start of next command
(git-fixes).
o mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
o mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
o mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
o mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
(git-fixes).
o mtdblock: tolerate corrected bit-flips (git-fixes).
o net: asix: fix modprobe "sysfs: cannot create duplicate filename"
(git-fixes).
o net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
o net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
o net: phy: Ensure state transitions are processed from phy_stop()
(git-fixes).
o net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
o net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
(git-fixes).
o net: qcom/emac: Fix use after free bug in emac_remove due to race condition
(git-fixes).
o net: usb: asix: remove redundant assignment to variable reg (git-fixes).
o net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
o net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
o net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
o net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
o net: usb: smsc75xx: Move packet length check to prevent kernel panic in
skb_pull (git-fixes).
o net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
o net: usb: use eth_hw_addr_set() (git-fixes).
o NFS: Fix an Oops in nfs_d_automount() (git-fixes).
o NFS: fix disabling of swap (git-fixes).
o NFS4trace: fix state manager flag printing (git-fixes).
o NFSD: fix handling of readdir in v4root vs. mount upcall timeout
(git-fixes).
o NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
o NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
o NFSD: fix race to check ls_layouts (git-fixes).
o NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
o NFSD: Protect against filesystem freezing (git-fixes).
o NFSD: shut down the NFSv4 state objects before the filecache (git-fixes).
o NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
(git-fixes).
o NFSD: zero out pointers after putting nfsd_files on COPY setup error
(git-fixes).
o NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
o NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
(git-fixes).
o NFSv4: Fix hangs when recovering open state after a server reboot
(git-fixes).
o NFSv4: keep state manager thread active if swap is enabled (git-fixes).
o NFSv4: provide mount option to toggle trunking discovery (git-fixes).
o NFSv4: Fix initialisation of struct nfs4_label (git-fixes).
o NFSv4: Fail client initialisation if state manager thread can't run
(git-fixes).
o nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
o nilfs2: fix sysfs interface lifetime (git-fixes).
o nvme-tcp: always fail a request when sending it failed (bsc#1208902).
o PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
o PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#
1207185).
o PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#
1207185).
o PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#
1207185).
o PCI: hv: Use async probing to reduce boot time (bsc#1207185).
o PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
o pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
o pinctrl: at91-pio4: fix domain name assignment (git-fixes).
o pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
o platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
(git-fixes).
o platform/x86: think-lmi: add debug_cmd (bsc#1210050).
o platform/x86: think-lmi: add missing type attribute (git-fixes).
o platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
o platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
o platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
o platform/x86: think-lmi: Clean up display of current_value on Thinkstation
(git-fixes).
o platform/x86: think-lmi: Fix memory leak when showing current settings
(git-fixes).
o platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI
strings (git-fixes).
o platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth()
(bsc#1210050).
o platform/x86: think-lmi: only display possible_values if available
(git-fixes).
o platform/x86: think-lmi: Opcode support (bsc#1210050).
o platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
o platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#
1210050).
o platform/x86: think-lmi: use correct possible_values delimiters
(git-fixes).
o platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#
1210050).
o platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning
-ENODEV (bsc#1210050).
o platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of
laptops (bsc#1210050).
o platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
o platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#
1210050).
o platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper
(bsc#1210050).
o platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs
(bsc#1210050).
o platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc
#1210050).
o platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
o platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#
1210050).
o platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
o platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
o platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#
1210050).
o platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#
1210050).
o platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc
#1210050).
o platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
o platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#
1210050).
o platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#
1210050).
o platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc
#1210050).
o platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup
(bsc#1210050).
o platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#
1210050).
o platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
o platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err
variable (bsc#1210050).
o platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD
platforms (bsc#1210050).
o platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#
1210050).
o platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#
1210050).
o platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#
1210050).
o platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some
models (bsc#1210050).
o platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the
wrong place (bsc#1210050).
o platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#
1210050).
o platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255
(bsc#1210050).
o platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles
only once (bsc#1210050).
o platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead
of 1 (bsc#1210050).
o platform/x86: thinkpad_acpi: Properly indent code in
tpacpi_dytc_profile_init() (bsc#1210050).
o platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init
(bsc#1210050).
o platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc
#1210050).
o platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered
flag (bsc#1210050).
o platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and
hotkey_radio_sw sysfs-attr (bsc#1210050).
o platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
o platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#
1210050).
o platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes
not device attrs (bsc#1210050).
o platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
o platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
o platform/x86: thinkpad-acpi: Add support for automatic mode transitions
(bsc#1210050).
o platform/x86: thinkpad-acpi: Enable AMT by default on supported systems
(bsc#1210050).
o platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
o platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
o pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
o power: supply: da9150: Fix use after free bug in da9150_charger_remove due
to race condition (git-fixes).
o powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
o powerpc/64s/interrupt: Fix interrupt exit race with security mitigation
switch (bsc#1194869).
o powerpc/btext: add missing of_node_put (bsc#1065729).
o powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
o powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#
1194869).
o powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
o powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#
1194869).
o powerpc/kexec_file: fix implicit decl error (bsc#1194869).
o powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
o powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#
1065729).
o powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158
ltc#169177 git-fixes).
o powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#
1065729).
o powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
o powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
o powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
o powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#
1194869).
o powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
o ppc64le: HWPOISON_INJECT=m (bsc#1209572).
o pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
o pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
o r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
o rcu: Fix rcu_torture_read ftrace event (git-fixes).
o regulator: Handle deferred clk (git-fixes).
o ring-buffer: Fix race while reader and writer are on the same page
(git-fixes).
o ring-buffer: Handle race between rb_move_tail and rb_check_pages
(git-fixes).
o ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
o rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and
the build fails recently on SLE15-SP4/5.
o s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
o s390/dasd: fix no record found for raw_track_access (bsc#1207574).
o s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
o sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
o sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
o scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#
1209684 bsc#1209556).
o sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#
1208602, git-fixes).
o serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
(git-fixes).
o serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED
(git-fixes).
o serial: fsl_lpuart: Fix comment typo (git-fixes).
o smb3: fix unusable share after force unmount failure (bsc#1193629).
o smb3: lower default deferred close timeout to address perf regression (bsc#
1193629).
o struct dwc3: mask new member (git-fixes).
o SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
o SUNRPC: Fix a server shutdown leak (git-fixes).
o SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
o thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
o thunderbolt: Call tb_check_quirks() after initializing adapters
(git-fixes).
o thunderbolt: Disable interrupt auto clear for rings (git-fixes).
o thunderbolt: Rename shadowed variables bit to interrupt_bit and
auto_clear_bit (git-fixes).
o thunderbolt: Use const qualifier for ring_interrupt_index (git-fixes).
o thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
o timers: Prevent union confusion from unexpected (git-fixes)
o trace/hwlat: Do not start per-cpu thread if it is already running
(git-fixes).
o trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
o trace/hwlat: make use of the helper function kthread_run_on_cpu()
(git-fixes).
o tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
(git-fixes).
o tracing: Add trace_array_puts() to write into instance (git-fixes).
o tracing: Check field value in hist_field_name() (git-fixes).
o tracing: Do not let histogram values have some modifiers (git-fixes).
o tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
o tracing: Free error logs of tracing instances (git-fixes).
o tracing: Have tracing_snapshot_instance_cond() write errors to the
appropriate instance (git-fixes).
o tracing: Make splice_read available again (git-fixes).
o tracing: Make tracepoint lockdep check actually test something (git-fixes).
o tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
(git-fixes).
o tty: serial: fsl_lpuart: avoid checking for transfer complete when
UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
o tty: serial: fsl_lpuart: skip waiting for transmission complete when
UARTCTRL_SBK is asserted (git-fixes).
o tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
o tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
o uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
o USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
o USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver
(git-fixes).
o USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
o USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
o USB: chipdea: core: fix return -EINVAL if request role is the same with
current role (git-fixes).
o USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
o USB: dwc3: Fix a typo in field name (git-fixes).
o USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC
(git-fixes).
o USB: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
(git-fixes).
o USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
(git-fixes).
o USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()
(git-fixes).
o USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
(git-fixes).
o USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()
(git-fixes).
o USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
o USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: typec: altmodes/displayport: Fix configure initial pin assignment
(git-fixes).
o USB: typec: tcpm: fix warning when handle discover_identity message
(git-fixes).
o USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
o USB: ucsi: Fix ucsi->connector race (git-fixes).
o USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
o USB: xhci: tegra: fix sleep in atomic call (git-fixes).
o vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
(git-fixes).
o wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
sta (git-fixes).
o wifi: mac80211: fix qos on mesh interfaces (git-fixes).
o wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
o x86: Annotate call_on_stack() (git-fixes).
o x86: Annotate call_on_stack() (git-fixes).
o x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#
1203200).
o x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
o x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
o x86/fpu: Cache xfeature flags from CPUID (git-fixes).
o x86/fpu: Remove unused supervisor only offsets (git-fixes).
o x86/fpu: Remove unused supervisor only offsets (git-fixes).
o x86/fpu/xsave: Handle compacted offsets correctly with supervisor states
(git-fixes).
o x86/fpu/xsave: Handle compacted offsets correctly with supervisor states
(git-fixes).
o x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
o x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
o x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
o x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
o x86/mce: Allow instrumentation during task work queueing (git-fixes).
o x86/mce: Allow instrumentation during task work queueing (git-fixes).
o x86/mce: Mark mce_end() noinstr (git-fixes).
o x86/mce: Mark mce_end() noinstr (git-fixes).
o x86/mce: Mark mce_panic() noinstr (git-fixes).
o x86/mce: Mark mce_panic() noinstr (git-fixes).
o x86/mce: Mark mce_read_aux() noinstr (git-fixes).
o x86/mce: Mark mce_read_aux() noinstr (git-fixes).
o x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
o x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
o x86/mm: Flush global TLB when switching to trampoline page-table
(git-fixes).
o x86/mm: Flush global TLB when switching to trampoline page-table
(git-fixes).
o x86/msr: Remove .fixup usage (git-fixes).
o x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
o x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
o x86/sgx: Silence softlockup detection when releasing large enclaves
(git-fixes).
o x86/sgx: Silence softlockup detection when releasing large enclaves
(git-fixes).
o x86/uaccess: Move variable into switch case statement (git-fixes).
o x86/uaccess: Move variable into switch case statement (git-fixes).
o xfs: convert ptag flags to unsigned (git-fixes).
o xfs: do not assert fail on perag references on teardown (git-fixes).
o xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
o xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
o xfs: remove xfs_setattr_time() declaration (git-fixes).
o xfs: zero inode fork buffer at allocation (git-fixes).
o xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
(git-fixes).
o xhci: Free the command allocated for setting LPM if we return early
(git-fixes).
o xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
o xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
Special Instructions and Notes:
o Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1897=1
o openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-1897=1
o SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-1897=1
o SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-1897=1
o SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-1897=1
o SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-1897=1
o Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1897=1
o Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1897=1
o Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-1897=1
o SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1897=1
Please note that this is the initial kernel livepatch without fixes itself,
this package is later updated by separate standalone kernel livepatch
updates.
o SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1897=1
o SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1897=1
Package List:
o openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
kernel-default-5.14.21-150400.24.60.1
o openSUSE Leap Micro 5.3 (aarch64 x86_64)
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-default-debuginfo-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
kernel-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-devel-debuginfo-5.14.21-150400.24.60.1
kselftests-kmp-default-5.14.21-150400.24.60.1
reiserfs-kmp-default-5.14.21-150400.24.60.1
kernel-default-livepatch-5.14.21-150400.24.60.1
kernel-syms-5.14.21-150400.24.60.1
gfs2-kmp-default-5.14.21-150400.24.60.1
kernel-default-livepatch-devel-5.14.21-150400.24.60.1
dlm-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-devel-5.14.21-150400.24.60.1
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-obs-build-5.14.21-150400.24.60.1
kselftests-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-optional-debuginfo-5.14.21-150400.24.60.1
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-obs-qa-5.14.21-150400.24.60.1
kernel-default-extra-debuginfo-5.14.21-150400.24.60.1
gfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-obs-build-debugsource-5.14.21-150400.24.60.1
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-extra-5.14.21-150400.24.60.1
dlm-kmp-default-5.14.21-150400.24.60.1
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.60.1
ocfs2-kmp-default-5.14.21-150400.24.60.1
kernel-default-base-rebuild-5.14.21-150400.24.60.1.150400.24.24.3
cluster-md-kmp-default-5.14.21-150400.24.60.1
kernel-default-optional-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (nosrc ppc64le x86_64)
kernel-debug-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (ppc64le x86_64)
kernel-debug-devel-debuginfo-5.14.21-150400.24.60.1
kernel-debug-debuginfo-5.14.21-150400.24.60.1
kernel-debug-livepatch-devel-5.14.21-150400.24.60.1
kernel-debug-devel-5.14.21-150400.24.60.1
kernel-debug-debugsource-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
kernel-default-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (noarch)
kernel-devel-5.14.21-150400.24.60.1
kernel-source-vanilla-5.14.21-150400.24.60.1
kernel-source-5.14.21-150400.24.60.1
kernel-macros-5.14.21-150400.24.60.1
kernel-docs-html-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (noarch nosrc)
kernel-docs-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
kernel-kvmsmall-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.60.1
kernel-kvmsmall-debuginfo-5.14.21-150400.24.60.1
kernel-kvmsmall-devel-5.14.21-150400.24.60.1
kernel-kvmsmall-debugsource-5.14.21-150400.24.60.1
kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (nosrc s390x)
kernel-zfcpdump-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (s390x)
kernel-zfcpdump-debuginfo-5.14.21-150400.24.60.1
kernel-zfcpdump-debugsource-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (aarch64)
kernel-64kb-extra-debuginfo-5.14.21-150400.24.60.1
kernel-64kb-livepatch-devel-5.14.21-150400.24.60.1
dtb-cavium-5.14.21-150400.24.60.1
dtb-amd-5.14.21-150400.24.60.1
dtb-broadcom-5.14.21-150400.24.60.1
ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
dtb-amazon-5.14.21-150400.24.60.1
kernel-64kb-optional-5.14.21-150400.24.60.1
dtb-hisilicon-5.14.21-150400.24.60.1
dtb-apple-5.14.21-150400.24.60.1
dlm-kmp-64kb-5.14.21-150400.24.60.1
dtb-amlogic-5.14.21-150400.24.60.1
dtb-apm-5.14.21-150400.24.60.1
dtb-rockchip-5.14.21-150400.24.60.1
dtb-mediatek-5.14.21-150400.24.60.1
kernel-64kb-devel-debuginfo-5.14.21-150400.24.60.1
kernel-64kb-devel-5.14.21-150400.24.60.1
dtb-exynos-5.14.21-150400.24.60.1
dtb-renesas-5.14.21-150400.24.60.1
dtb-sprd-5.14.21-150400.24.60.1
cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
dtb-arm-5.14.21-150400.24.60.1
dtb-socionext-5.14.21-150400.24.60.1
ocfs2-kmp-64kb-5.14.21-150400.24.60.1
dtb-nvidia-5.14.21-150400.24.60.1
dlm-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
cluster-md-kmp-64kb-5.14.21-150400.24.60.1
kernel-64kb-optional-debuginfo-5.14.21-150400.24.60.1
reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
dtb-marvell-5.14.21-150400.24.60.1
gfs2-kmp-64kb-5.14.21-150400.24.60.1
kernel-64kb-extra-5.14.21-150400.24.60.1
reiserfs-kmp-64kb-5.14.21-150400.24.60.1
dtb-lg-5.14.21-150400.24.60.1
dtb-altera-5.14.21-150400.24.60.1
dtb-qcom-5.14.21-150400.24.60.1
gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.60.1
dtb-allwinner-5.14.21-150400.24.60.1
kselftests-kmp-64kb-5.14.21-150400.24.60.1
kernel-64kb-debuginfo-5.14.21-150400.24.60.1
kernel-64kb-debugsource-5.14.21-150400.24.60.1
dtb-freescale-5.14.21-150400.24.60.1
dtb-xilinx-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (nosrc)
dtb-aarch64-5.14.21-150400.24.60.1
o openSUSE Leap 15.4 (aarch64 nosrc)
kernel-64kb-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-default-debuginfo-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-default-debuginfo-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-default-debuginfo-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-default-debuginfo-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (aarch64 nosrc)
kernel-64kb-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (aarch64)
kernel-64kb-debuginfo-5.14.21-150400.24.60.1
kernel-64kb-devel-debuginfo-5.14.21-150400.24.60.1
kernel-64kb-devel-5.14.21-150400.24.60.1
kernel-64kb-debugsource-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
kernel-default-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
kernel-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
kernel-default-devel-5.14.21-150400.24.60.1
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-devel-debuginfo-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (noarch)
kernel-macros-5.14.21-150400.24.60.1
kernel-devel-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (nosrc s390x)
kernel-zfcpdump-5.14.21-150400.24.60.1
o Basesystem Module 15-SP4 (s390x)
kernel-zfcpdump-debuginfo-5.14.21-150400.24.60.1
kernel-zfcpdump-debugsource-5.14.21-150400.24.60.1
o Development Tools Module 15-SP4 (noarch nosrc)
kernel-docs-5.14.21-150400.24.60.1
o Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
kernel-obs-build-debugsource-5.14.21-150400.24.60.1
kernel-syms-5.14.21-150400.24.60.1
kernel-obs-build-5.14.21-150400.24.60.1
o Development Tools Module 15-SP4 (noarch)
kernel-source-5.14.21-150400.24.60.1
o Legacy Module 15-SP4 (nosrc)
kernel-default-5.14.21-150400.24.60.1
o Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-debuginfo-5.14.21-150400.24.60.1
reiserfs-kmp-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-1-150400.9.3.2
kernel-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-livepatch-devel-5.14.21-150400.24.60.1
kernel-livepatch-SLE15-SP4_Update_11-debugsource-1-150400.9.3.2
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-livepatch-5.14.21-150400.24.60.1
kernel-livepatch-5_14_21-150400_24_60-default-1-150400.9.3.2
o SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-debuginfo-5.14.21-150400.24.60.1
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
dlm-kmp-default-debuginfo-5.14.21-150400.24.60.1
ocfs2-kmp-default-5.14.21-150400.24.60.1
kernel-default-debugsource-5.14.21-150400.24.60.1
gfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1
cluster-md-kmp-default-5.14.21-150400.24.60.1
gfs2-kmp-default-5.14.21-150400.24.60.1
dlm-kmp-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
kernel-default-5.14.21-150400.24.60.1
o SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
kernel-default-extra-debuginfo-5.14.21-150400.24.60.1
kernel-default-debugsource-5.14.21-150400.24.60.1
kernel-default-debuginfo-5.14.21-150400.24.60.1
kernel-default-extra-5.14.21-150400.24.60.1
References:
o https://www.suse.com/security/cve/CVE-2017-5753.html
o https://www.suse.com/security/cve/CVE-2022-4744.html
o https://www.suse.com/security/cve/CVE-2023-0394.html
o https://www.suse.com/security/cve/CVE-2023-1281.html
o https://www.suse.com/security/cve/CVE-2023-1513.html
o https://www.suse.com/security/cve/CVE-2023-1582.html
o https://www.suse.com/security/cve/CVE-2023-1611.html
o https://www.suse.com/security/cve/CVE-2023-1637.html
o https://www.suse.com/security/cve/CVE-2023-1652.html
o https://www.suse.com/security/cve/CVE-2023-1838.html
o https://www.suse.com/security/cve/CVE-2023-23001.html
o https://www.suse.com/security/cve/CVE-2023-28327.html
o https://www.suse.com/security/cve/CVE-2023-28464.html
o https://www.suse.com/security/cve/CVE-2023-28466.html
o https://bugzilla.suse.com/show_bug.cgiid=1065729
o https://bugzilla.suse.com/show_bug.cgiid=1109158
o https://bugzilla.suse.com/show_bug.cgiid=1189998
o https://bugzilla.suse.com/show_bug.cgiid=1193629
o https://bugzilla.suse.com/show_bug.cgiid=1194869
o https://bugzilla.suse.com/show_bug.cgiid=1203200
o https://bugzilla.suse.com/show_bug.cgiid=1206552
o https://bugzilla.suse.com/show_bug.cgiid=1207168
o https://bugzilla.suse.com/show_bug.cgiid=1207185
o https://bugzilla.suse.com/show_bug.cgiid=1207574
o https://bugzilla.suse.com/show_bug.cgiid=1208602
o https://bugzilla.suse.com/show_bug.cgiid=1208815
o https://bugzilla.suse.com/show_bug.cgiid=1208829
o https://bugzilla.suse.com/show_bug.cgiid=1208902
o https://bugzilla.suse.com/show_bug.cgiid=1209052
o https://bugzilla.suse.com/show_bug.cgiid=1209118
o https://bugzilla.suse.com/show_bug.cgiid=1209256
o https://bugzilla.suse.com/show_bug.cgiid=1209290
o https://bugzilla.suse.com/show_bug.cgiid=1209292
o https://bugzilla.suse.com/show_bug.cgiid=1209366
o https://bugzilla.suse.com/show_bug.cgiid=1209532
o https://bugzilla.suse.com/show_bug.cgiid=1209547
o https://bugzilla.suse.com/show_bug.cgiid=1209556
o https://bugzilla.suse.com/show_bug.cgiid=1209572
o https://bugzilla.suse.com/show_bug.cgiid=1209600
o https://bugzilla.suse.com/show_bug.cgiid=1209634
o https://bugzilla.suse.com/show_bug.cgiid=1209635
o https://bugzilla.suse.com/show_bug.cgiid=1209636
o https://bugzilla.suse.com/show_bug.cgiid=1209681
o https://bugzilla.suse.com/show_bug.cgiid=1209684
o https://bugzilla.suse.com/show_bug.cgiid=1209687
o https://bugzilla.suse.com/show_bug.cgiid=1209779
o https://bugzilla.suse.com/show_bug.cgiid=1209788
o https://bugzilla.suse.com/show_bug.cgiid=1209798
o https://bugzilla.suse.com/show_bug.cgiid=1209799
o https://bugzilla.suse.com/show_bug.cgiid=1209804
o https://bugzilla.suse.com/show_bug.cgiid=1209805
o https://bugzilla.suse.com/show_bug.cgiid=1210050
o https://bugzilla.suse.com/show_bug.cgiid=1210203
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZD8x+MkNZI30y1K9AQgWuw/8C8OwKmi25DImUAG6Syt4d1g3svNTmkmH
nm7/Qz3hDYoh9nHGRZsyONmJeYRJibXAt/2ZXAMTFMMDKbD2u7GmyfNzu2QDL2yZ
6zyq73/1i4V0oSC/MboVCM4q0hHgI2bBPKT7Nizkug3g8aa/snMTEuFyX8EB3RXD
ydYZ2L210TFM1DAAtpl8EpX4sqlXU7bL+7x3aizpwnWr3QHtlxAZG0TRvjHx0cFP
LLzAuP0FUPEONpF7bWFY6K4+8UsXG4orSvRkChA7s5PppLzwJa+mGRdZBKDX/qBv
OrvILCWv0G3v+NDEf1gP8U7FmzKRD6DPHg36EAUHfQu8bf027TLO+wnAoIe8KGoV
2pjXC1Id+6RdKN7mwbgnRCIwZPEof2845jDgfO7Rr0VjS3QtuGU46KrkDdil3VCW
nC18vPwhBHc9DvrJ2Run93bQ4vZSDp+YiJviW4VTJWlhAPPAKIwPzb6vVktyAgxT
nhdOl2oEu+V0KFFkleQ0ICK0/SmdNBUoYbkSmCPexgAMq5k8iFHPLYRpRut9FoLQ
oKynwBkl+DrFkeO3r4WkDInzsdey/zWJGKD75YMPEvuERP0LUnqEWA3zQSj9UIMT
Hu5itQ9vunRQme7rr+SfutB6wH+I9qjnGRtiVO+g0UzW+1yeoPHnRkss8EERR5gs
ZtEIpdJuDUQ=
=hRY5
-----END PGP SIGNATURE-----