Security update for the Linux-RT Kernel

Announcement ID:	SUSE-SU-2023:0488-1
Rating:	important
References:	bsc#1166486 bsc#1185861 bsc#1185863 bsc#1186449 bsc#1191256 bsc#1192868 bsc#1193629 bsc#1194869 bsc#1195175 bsc#1195655 bsc#1196058 bsc#1199701 bsc#1203332 bsc#1204063 bsc#1204356 bsc#1204662 bsc#1205495 bsc#1206006 bsc#1206036 bsc#1206056 bsc#1206057 bsc#1206224 bsc#1206258 bsc#1206363 bsc#1206459 bsc#1206616 bsc#1206640 bsc#1206677 bsc#1206784 bsc#1206876 bsc#1206877 bsc#1206878 bsc#1206880 bsc#1206881 bsc#1206882 bsc#1206883 bsc#1206884 bsc#1206885 bsc#1206886 bsc#1206887 bsc#1206888 bsc#1206889 bsc#1206890 bsc#1206893 bsc#1206894 bsc#1207010 bsc#1207034 bsc#1207036 bsc#1207050 bsc#1207125 bsc#1207134 bsc#1207149 bsc#1207158 bsc#1207184 bsc#1207186 bsc#1207188 bsc#1207189 bsc#1207190 bsc#1207237 bsc#1207263 bsc#1207269 bsc#1207328 bsc#1207497 bsc#1207500 bsc#1207501 bsc#1207506 bsc#1207507 bsc#1207588 bsc#1207589 bsc#1207590 bsc#1207591 bsc#1207592 bsc#1207593 bsc#1207594 bsc#1207602 bsc#1207603 bsc#1207605 bsc#1207606 bsc#1207607 bsc#1207608 bsc#1207609 bsc#1207610 bsc#1207611 bsc#1207612 bsc#1207613 bsc#1207614 bsc#1207615 bsc#1207616 bsc#1207617 bsc#1207618 bsc#1207619 bsc#1207620 bsc#1207621 bsc#1207622 bsc#1207623 bsc#1207624 bsc#1207625 bsc#1207626 bsc#1207627 bsc#1207628 bsc#1207629 bsc#1207630 bsc#1207631 bsc#1207632 bsc#1207633 bsc#1207634 bsc#1207635 bsc#1207636 bsc#1207637 bsc#1207638 bsc#1207639 bsc#1207640 bsc#1207641 bsc#1207642 bsc#1207643 bsc#1207644 bsc#1207645 bsc#1207646 bsc#1207647 bsc#1207648 bsc#1207649 bsc#1207650 bsc#1207651 bsc#1207652 bsc#1207653 bsc#1207734 bsc#1207768 bsc#1207769 bsc#1207770 bsc#1207771 bsc#1207773 bsc#1207795 bsc#1207842 bsc#1207875 bsc#1207878 bsc#1207933 bsc#1208030 bsc#1208044 bsc#1208085 bsc#1208149 bsc#1208153 bsc#1208183 bsc#1208428 bsc#1208429 jsc#PED-3210 jsc#SLE-21132
Cross-References:	CVE-2020-24588 CVE-2022-36280 CVE-2022-4382 CVE-2022-47929 CVE-2023-0045 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455
CVSS scores:	CVE-2020-24588 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-24588 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H CVE-2022-4382 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4382 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0045 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 ( NVD ): 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.4 openSUSE Leap Micro 5.3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Live Patching 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Real Time Module 15-SP4

An update that solves 11 vulnerabilities, contains two features and has 133 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332).
CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773).
CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050).
CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).
CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).

The following non-security bugs were fixed:

ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
ACPI: PRM: Check whether EFI runtime is available (git-fixes).
ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
ALSA: pci: lx6464es: fix a debug loop (git-fixes).
ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
ARM: imx: add missing of_node_put() (git-fixes).
ASoC: Intel: boards: fix spelling in comments (git-fixes).
ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes).
ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes).
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
Fix page corruption caused by racy check in __free_pages (bsc#1208149).
HID: betop: check shape of output reports (git-fixes).
HID: betop: check shape of output reports (git-fixes, bsc#1207186).
HID: check empty report_list in bigben_probe() (git-fixes).
HID: check empty report_list in hid_validate_values() (git-fixes).
HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
HID: playstation: sanity check DualSense calibration data (git-fixes).
HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
IB/hfi1: Reserve user expected TIDs (git-fixes)
IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616).
Move upstreamed net patch into sorted section
PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269).
PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
RDMA/core: Fix ib block iterator counter overflow (git-fixes)
RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
RDMA/rxe: Prevent faulty rkey generation (git-fixes)
RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
Remove duplicate Git-commit tag in patch file
Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes).
Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes).
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes).
Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes).
Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes).
Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes).
SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
USB: gadget: Fix use-after-free during usb config switch (git-fixes).
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
USB: serial: option: add Quectel EC200U modem (git-fixes).
USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
USB: serial: option: add Quectel EM05CN modem (git-fixes).
arm64: Fix Freescale LPUART dependency (boo#1204063).
arm64: atomics: format whitespace consistently (git-fixes).
arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
bfq: fix waker_bfqq inconsistency crash (git-fixes).
blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
blk-throttle: prevent overflow while calculating wait time (git-fixes).
blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
block, bfq: do not move oom_bfqq (git-fixes).
block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes).
block/bfq_wf2q: correct weight to ioprio (git-fixes).
block/bio: remove duplicate append pages code (git-fixes).
block: check minor range in device_add_disk() (git-fixes).
block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
block: ensure iov_iter advances for added pages (git-fixes).
block: fix and cleanup bio_check_ro (git-fixes).
block: fix infinite loop for invalid zone append (git-fixes).
block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
block: use bdev_get_queue() in bio.c (git-fixes).
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes).
bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).
bnxt_en: fix the handling of PCIE-AER (git-fixes).
bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes).
bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
btrfs: avoid logging all directory changes during renames (bsc#1207263).
btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
btrfs: join running log transaction when logging new name (bsc#1207263).
btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263).
btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
btrfs: put initial index value of a directory in a constant (bsc#1207263).
btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
btrfs: remove useless path r