Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:2501-1
Rating:	important
References:	bsc#1065729 bsc#1118212 bsc#1129770 bsc#1154048 bsc#1204405 bsc#1205756 bsc#1205758 bsc#1205760 bsc#1205762 bsc#1205803 bsc#1206878 bsc#1209287 bsc#1209366 bsc#1209857 bsc#1210544 bsc#1210629 bsc#1210715 bsc#1210783 bsc#1210806 bsc#1210940 bsc#1211037 bsc#1211044 bsc#1211105 bsc#1211186 bsc#1211275 bsc#1211360 bsc#1211361 bsc#1211362 bsc#1211363 bsc#1211364 bsc#1211365 bsc#1211366 bsc#1211466 bsc#1211592 bsc#1211622 bsc#1211801 bsc#1211816 bsc#1211960
Cross-References:	CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2269 CVE-2023-2483 CVE-2023-2513 CVE-2023-28466 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269
CVSS scores:	CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Real Time 12 SP5 SUSE Linux Enterprise Server 12 SP5

An update that solves 16 vulnerabilities and has 22 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
• CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
• CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
• CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
• CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
• CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
• CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
• CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
• CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
• CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
• CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
• CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
• CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
• CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
• CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
• CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).

The following non-security bugs were fixed:

• ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
• Documentation: Document sysfs interfaces purr, spurr, idle_purr, idle_spurr (PED-3947 bsc#1210544 ltc#202303).
• Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
• IB/hfi1: Assign npages earlier (git-fixes)
• IB/iser: bound protection_sg size by data_sg size (git-fixes)
• IB/mlx4: Fix memory leaks (git-fixes)
• IB/mlx4: Increase the timeout for CM cache (git-fixes)
• IB/mlx5: Fix initializing CQ fragments buffer (git-fixes)
• IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
• IB/usnic: Fix potential deadlock (git-fixes)
• KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (git-fixes).
• KVM: x86: Update the exit_qualification access bits while walking an address (git-fixes).
• KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (git-fixes).
• KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
• KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
• KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
• KVM: x86: fix empty-body warnings (git-fixes).
• KVM: x86: fix incorrect comparison in trace event (git-fixes).
• KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (git-fixes).
• Move upstreamed media fixes into sorted section
• PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
• PCI: Call Max Payload Size-related fixup quirks early (git-fixes).
• PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
• PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
• PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes).
• PCI: aardvark: Configure PCIe resources from 'ranges' DT property (git-fixes).
• PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes).
• PCI: aardvark: Fix checking for PIO status (git-fixes).
• PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
• PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
• PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
• RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes)
• RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes)
• RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes)
• RDMA/core: Do not access cm_id after its destruction (git-fixes)
• RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes)
• RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
• RDMA/hns: Bugfix for querying qkey (git-fixes)
• RDMA/i40iw: Fix potential use after free (git-fixes)
• RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes)
• RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes)
• RDMA/mlx5: Block delay drop to unprivileged users (git-fixes)
• RDMA/rxe: Fix error type of mmap_offset (git-fixes)
• RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
• RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git-fixes)
• RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
• RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
• RDS: IB: Fix null pointer issue (git-fixes).
• USB: core: Add routines for endpoint checks in old drivers (git-fixes).
• USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
• USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
• USB: sisusbvga: Add endpoint checks (git-fixes).
• Update patch reference for libata fix (bsc#1118212).
• adm8211: fix error return code in adm8211_probe() (git-fixes).
• backlight: lm3630a: Fix return code of .update_status() callback (bsc#1129770)
• blacklist.conf: workqueue: Cosmetic change. Not worth backporting (bsc#1211275)
• ceph: force updating the msg pointer in non-split case (bsc#1211801).
• cpuidle/powernv: avoid double irq enable coming out of idle (PED-3947 bsc#1210544 ltc#202303).
• cpuidle: powerpc: cpuidle set polling before enabling irqs (PED-3947 bsc#1210544 ltc#202303).
• cpuidle: powerpc: no memory barrier after break from idle (PED-3947 bsc#1210544 ltc#202303).
• cpuidle: powerpc: read mostly for common globals (PED-3947 bsc#1210544 ltc#202303).
• ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
• f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
• fbcon: Check font dimension limits (bsc#1154048)
• fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1154048)
• fix kcm_clone() (git-fixes).
• fotg210-udc: Add missing completion handler (git-fixes).
• ip6_tunnel: allow ip6gre dev mtu to be set below 1280 (git-fixes).
• ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes).
• ipoib: correcly show a VF hardware address (git-fixes)
• ipv4: ipv4_default_advmss() should use route mtu (git-fixes).
• ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT (git-fixes).
• ipv6: icmp6: Allow icmp messages to be looped back (git-fixes).
• ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
• kcm: Check if sk_user_data already set in kcm_attach (git-fixes).
• kvm: mmu: Do not read PDPTEs when paging is not enabled (git-fixes).
• l2tp: remove configurable payload offset (git-fixes).
• l2tp: remove l2specific_len dependency in l2tp_core (git-fixes).
• libata: add horkage for ASMedia 1092 (git-fixes).
• mac80211: choose first enabled channel for monitor (git-fixes).
• mac80211: drop multicast fragments (git-fixes).
• mac80211: fix fast-rx encryption check (git-fixes).
• mac80211: pause TX while changing interface type (git-fixes).
• media: radio-shark: Add endpoint checks (git-fixes).
• mlx4: Use snprintf instead of complicated strcpy (git-fixes)
• mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
• net/iucv: Fix size of interrupt data (bsc#1211466).
• net/tcp/illinois: replace broken algorithm reference link (git-fixes).
• net: Extra '_get' in declaration of arch_get_platform_mac_address (git-fixes).
• net: amd: add missing of_node_put() (git-fixes).
• net: arc_emac: fix arc_emac_rx() error paths (git-fixes).
• net: broadcom: fix return type of ndo_start_xmit function (git-fixes).
• net: davinci_emac: match the mdio device against its compatible if possible (git-fixes).
• net: dsa: b53: Add BCM5389 support (git-fixes).
• net: dsa: mt7530: fix module autoloading for OF platform drivers (git-fixes).
• net: dsa: qca8k: Add support for QCA8334 switch (git-fixes).
• net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes).
• net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value (git-fixes).
• net: faraday: fix return type of ndo_start_xmit function (git-fixes).
• net: hns3: fix return type of ndo_start_xmit function (git-fixes).
• net: ipv6: send NS for DAD when link operationally up (git-fixes).
• net: mediatek: setup proper state for disabled GMAC on the default (git-fixes).
• net: micrel: fix return type of ndo_start_xmit function (git-fixes).
• net: mvneta: fix enable of all initialized RXQs (git-fixes).
• net: propagate dev_get_valid_name return code (git-fixes).
• net: qca_spi: Fix log level if probe fails (git-fixes).
• net: qcom/emac: Use proper free methods during TX (git-fixes).
• net: qla3xxx: Remove overflowing shift statement (git-fixes).
• net: smsc: fix return type of ndo_start_xmit function (git-fixes).
• net: sun: fix return type of ndo_start_xmit function (git-fixes).
• net: toshiba: fix return type of ndo_start_xmit function (git-fixes).
• net: xfrm: allow clearing socket xfrm policies (git-fixes).
• net: xilinx: fix return type of ndo_start_xmit function (git-fixes).
• netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes).
• netfilter: ipt_CLUSTERIP: put config instead of freeing it (git-fixes).
• netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount (git-fixes).
• nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (git-fixes).
• nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
• nvme-pci: unquiesce admin queue on shutdown (git-fixes).
• nvme-pci: use the same attributes when freeing host_mem_desc_bufs (git-fixes).
• nvme: Fix u32 overflow in the number of namespace list calculation (git-fixes).
• nvme: free sq/cq dbbuf pointers when dbbuf set fails (git-fixes).
• nvme: refine the Qemu Identify CNS quirk (git-fixes).
• nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes).
• platform/x86: alienware-wmi: Adjust instance of wmi_evaluate_method calls to 0 (git-fixes).
• platform/x86: alienware-wmi: constify attribute_group structures (git-fixes).
• platform/x86: alienware-wmi: fix format string overflow warning (git-fixes).
• platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer (git-fixes).
• platform/x86: dell-laptop: fix rfkill functionality.
• platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
• platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
• powerpc/idle: Store PURR snapshot in a per-cpu global variable (PED-3947 bsc#1210544 ltc#202303).
• powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947 bsc#1210544 ltc#202303).
• powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
• powerpc/sysfs: Show idle_purr and idle_spurr for every CPU (PED-3947 bsc#1210544 ltc#202303).
• powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
• powerpc: Move idle_loop_prolog()/epilog() functions to header file (PED-3947 bsc#1210544 ltc#202303).
• powerpc: Squash lines for simple wrapper functions (bsc#1065729).
• rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (git-fixes).
• ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
• ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
• rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes)
• s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes bsc#1211362).
• s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes bsc#1211363).
• s390/kasan: fix early pgm check handler execution (git-fixes bsc#1211360).
• s390/pci: fix sleeping in atomic during hotplug (git-fixes bsc#1211364).
• s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes bsc#1211365).
• s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes bsc#1211366).
• s390/uaccess: add missing earlyclobber annotations to __clear_user() (LTC#202116 bsc#1209857 git-fixes).
• s390: ctcm: fix ctcm_new_device error return code (git-fixes bsc#1211361).
• scsi: qla2xxx: Declare SCSI host template const (bsc#1211960).
• scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
• scsi: qla2xxx: Fix hang in task management (bsc#1211960).
• scsi: qla2xxx: Fix hang in task management (bsc#1211960).
• scsi: qla2xxx: Fix mem access after free (bsc#1211960).
• scsi: qla2xxx: Fix mem access after free (bsc#1211960).
• scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
• scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
• scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
• scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
• scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
• scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
• scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
• scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
• scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
• scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
• scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
• scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
• scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
• scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
• scsi: storvsc: Parameterize number hardware queues (bsc#1211622).
• sctp: avoid flushing unsent queue when doing asoc reset (git-fixes).
• sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes).
• sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege (git-fixes).
• sctp: make use of pre-calculated len (git-fixes).
• seccomp: Set PF_SUPERPRIV when checking capability (git-fixes bsc#1211816).
• sit: fix IFLA_MTU ignored on NEWLINK (git-fixes).
• stmmac: fix valid numbers of unicast filter entries (git-fixes).
• sunvnet: does not support GSO for sctp (git-fixes).
• usb: chipidea: fix missing goto in ci_hdrc_probe (git-fixes).
• usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
• usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
• wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
• wcn36xx: Add ieee80211 rx status rate information (git-fixes).
• wcn36xx: Channel list update before hardware scan (git-fixes).
• wcn36xx: Disable bmps when encryption is disabled (git-fixes).
• wcn36xx: Ensure finish scan is not requested before start scan (git-fixes).
• wcn36xx: Fix TX data path (git-fixes).
• wcn36xx: Fix multiple AMPDU sessions support (git-fixes).
• wcn36xx: Fix software-driven scan (git-fix).
• wcn36xx: Fix warning due to bad rate_idx (git-fixes).
• wcn36xx: Increase number of TX retries (git-fixes).
• wcn36xx: Specify ieee80211_rx_status.nss (git-fixes).
• wcn36xx: Use kmemdup instead of duplicating it in wcn36xx_smd_process_ptt_msg_rsp (git-fixes).
• wcn36xx: Use sequence number allocated by mac80211 (git-fixes).
• wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes).
• wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes).
• wcn36xx: fix spelling mistake "to" -> "too" (git-fixes).
• wcn36xx: fix typo (git-fixes).
• wcn36xx: remove unecessary return (git-fixes).
• wcn36xx: use dma_zalloc_coherent instead of allocator/memset (git-fixes).
• workqueue: Fix hung time report of worker pools (bsc#1211044).
• workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
• workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
• workqueue: Warn when a new worker could not be created (bsc#1211044).
• workqueue: Warn when a rescuer could not be created (bsc#1211044).
• x86/kvm/vmx: fix old-style function declaration (git-fixes).
• x86/kvm: Do not call kvm_spurious_fault() from .fixup (git-fixes).
• x86: kvm: avoid constant-conversion warning (git-fixes).
• xen/netback: do not do grant copy across page boundary (git-fixes).
• xen/netback: use same error messages for same errors (git-fixes).
• xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time 12 SP5
  zypper in -t patch SUSE-SLE-RT-12-SP5-2023-2501=1

Package List:

• SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
  • kernel-rt-debuginfo-4.12.14-10.127.1
  • kernel-rt_debug-debugsource-4.12.14-10.127.1
  • kernel-rt-devel-4.12.14-10.127.1
  • cluster-md-kmp-rt-4.12.14-10.127.1
  • cluster-md-kmp-rt-debuginfo-4.12.14-10.127.1
  • kernel-syms-rt-4.12.14-10.127.1
  • kernel-rt-base-debuginfo-4.12.14-10.127.1
  • ocfs2-kmp-rt-4.12.14-10.127.1
  • kernel-rt_debug-devel-4.12.14-10.127.1
  • kernel-rt-devel-debuginfo-4.12.14-10.127.1
  • gfs2-kmp-rt-4.12.14-10.127.1
  • dlm-kmp-rt-debuginfo-4.12.14-10.127.1
  • kernel-rt-debugsource-4.12.14-10.127.1
  • kernel-rt-base-4.12.14-10.127.1
  • kernel-rt_debug-debuginfo-4.12.14-10.127.1
  • kernel-rt_debug-devel-debuginfo-4.12.14-10.127.1
  • dlm-kmp-rt-4.12.14-10.127.1
  • ocfs2-kmp-rt-debuginfo-4.12.14-10.127.1
  • gfs2-kmp-rt-debuginfo-4.12.14-10.127.1
• SUSE Linux Enterprise Real Time 12 SP5 (noarch)
  • kernel-source-rt-4.12.14-10.127.1
  • kernel-devel-rt-4.12.14-10.127.1
• SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
  • kernel-rt_debug-4.12.14-10.127.1
  • kernel-rt-4.12.14-10.127.1

References:

• https://www.suse.com/security/cve/CVE-2022-3566.html
• https://www.suse.com/security/cve/CVE-2022-45884.html
• https://www.suse.com/security/cve/CVE-2022-45885.html
• https://www.suse.com/security/cve/CVE-2022-45886.html
• https://www.suse.com/security/cve/CVE-2022-45887.html
• https://www.suse.com/security/cve/CVE-2022-45919.html
• https://www.suse.com/security/cve/CVE-2023-1380.html
• https://www.suse.com/security/cve/CVE-2023-2176.html
• https://www.suse.com/security/cve/CVE-2023-2194.html
• https://www.suse.com/security/cve/CVE-2023-2269.html
• https://www.suse.com/security/cve/CVE-2023-2483.html
• https://www.suse.com/security/cve/CVE-2023-2513.html
• https://www.suse.com/security/cve/CVE-2023-28466.html
• https://www.suse.com/security/cve/CVE-2023-31084.html
• https://www.suse.com/security/cve/CVE-2023-31436.html
• https://www.suse.com/security/cve/CVE-2023-32269.html
• https://bugzilla.suse.com/show_bug.cgi?id=1065729
• https://bugzilla.suse.com/show_bug.cgi?id=1118212
• https://bugzilla.suse.com/show_bug.cgi?id=1129770
• https://bugzilla.suse.com/show_bug.cgi?id=1154048
• https://bugzilla.suse.com/show_bug.cgi?id=1204405
• https://bugzilla.suse.com/show_bug.cgi?id=1205756
• https://bugzilla.suse.com/show_bug.cgi?id=1205758
• https://bugzilla.suse.com/show_bug.cgi?id=1205760
• https://bugzilla.suse.com/show_bug.cgi?id=1205762
• https://bugzilla.suse.com/show_bug.cgi?id=1205803
• https://bugzilla.suse.com/show_bug.cgi?id=1206878
• https://bugzilla.suse.com/show_bug.cgi?id=1209287
• https://bugzilla.suse.com/show_bug.cgi?id=1209366
• https://bugzilla.suse.com/show_bug.cgi?id=1209857
• https://bugzilla.suse.com/show_bug.cgi?id=1210544
• https://bugzilla.suse.com/show_bug.cgi?id=1210629
• https://bugzilla.suse.com/show_bug.cgi?id=1210715
• https://bugzilla.suse.com/show_bug.cgi?id=1210783
• https://bugzilla.suse.com/show_bug.cgi?id=1210806
• https://bugzilla.suse.com/show_bug.cgi?id=1210940
• https://bugzilla.suse.com/show_bug.cgi?id=1211037
• https://bugzilla.suse.com/show_bug.cgi?id=1211044