Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:0975-1
Rating:	important
References:	bsc#1050549 bsc#1186484 bsc#1200599 bsc#1212514 bsc#1213456 bsc#1217987 bsc#1217988 bsc#1217989 bsc#1218450 bsc#1218527 bsc#1218915 bsc#1219127 bsc#1219146 bsc#1219295 bsc#1219653 bsc#1219827 bsc#1219835 bsc#1220187 bsc#1220238 bsc#1220240 bsc#1220241 bsc#1220250 bsc#1220330 bsc#1220340 bsc#1220344 bsc#1220409 bsc#1220421 bsc#1220436 bsc#1220444 bsc#1220459 bsc#1220468 bsc#1220482 bsc#1220526 bsc#1220570 bsc#1220575 bsc#1220599 bsc#1220607 bsc#1220613 bsc#1220638 bsc#1220641 bsc#1220649 bsc#1220700 bsc#1220735 bsc#1220767 bsc#1220796 bsc#1220825 bsc#1220831 bsc#1220845 bsc#1220860 bsc#1220861 bsc#1220863 bsc#1220870 bsc#1220930 bsc#1220931 bsc#1220932 bsc#1220957 bsc#1221039 bsc#1221040 bsc#1221287
Cross-References:	CVE-2019-25162 CVE-2020-36777 CVE-2020-36784 CVE-2021-33200 CVE-2021-46906 CVE-2021-46915 CVE-2021-46921 CVE-2021-46924 CVE-2021-46929 CVE-2021-46932 CVE-2021-46953 CVE-2021-46974 CVE-2021-46991 CVE-2021-46992 CVE-2021-47013 CVE-2021-47054 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2022-20154 CVE-2022-48627 CVE-2023-28746 CVE-2023-35827 CVE-2023-46343 CVE-2023-52340 CVE-2023-52429 CVE-2023-52443 CVE-2023-52445 CVE-2023-52449 CVE-2023-52451 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-52482 CVE-2023-52502 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52574 CVE-2023-52597 CVE-2023-52605 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2024-0607 CVE-2024-1151 CVE-2024-23849 CVE-2024-23851 CVE-2024-26585 CVE-2024-26595 CVE-2024-26600 CVE-2024-26622
CVSS scores:	CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-33200 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33200 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47054 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52443 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52445 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52449 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H CVE-2023-52451 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 52 vulnerabilities and has seven security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-26600: Fixed NULL pointer dereference for SRP (bsc#1220340).
• CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
• CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
• CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
• CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
• CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
• CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
• CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
• CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
• CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
• CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
• CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
• CVE-2021-33200: Fixed a leakage of uninitialized bpf stack under speculation. (bsc#1186484)
• CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
• CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
• CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
• CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
• CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
• CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
• CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
• CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
• CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
• CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
• CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe failure (bsc#1220599).
• CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
• CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
• CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
• CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
• CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
• CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767).
• CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
• CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
• CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421).
• CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
• CVE-2020-36777: Fixed a memory leak in dvb_media_device_free (bsc#1220526).
• CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
• CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
• CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
• CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
• CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
• CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
• CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
• CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
• CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).

The following non-security bugs were fixed:

• ASN.1: Fix check for strdup() success (git-fixes).
• audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
• Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
• bnx2x: Fix PF-VF communication over multi-cos queues (git-fixes).
• doc/README.KSYMS: Add to repo.
• e1000: fix memory leaks (git-fixes).
• gve: Fix skb truesize underestimation (git-fixes).
• igb: clean up in all error paths when enabling SR-IOV (git-fixes).
• igb: Fix constant media auto sense switching when no cable is connected (git-fixes).
• ipv6: Fix handling of LLA with VRF and sockets bound to VRF (git-fixes).
• ipv6: fix typos in __ip6_finish_output() (git-fixes).
• ixgbe: protect TX timestamping from API misuse (git-fixes).
• kcm: Call strp_stop before strp_done in kcm_attach (git-fixes).
• kcm: fix strp_init() order and cleanup (git-fixes).
• KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613).
• KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
• KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
• KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
• KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
• KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
• KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
• locking/barriers: Introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549).
• md: bypass block throttle for superblock update (git-fixes).
• media: coda: constify platform_device_id (git-fixes).
• media: coda: explicitly request exclusive reset control (git-fixes).
• media: coda: reduce iram size to leave space for suspend to ram (git-fixes).
• media: coda: reuse coda_s_fmt_vid_cap to propagate format in coda_s_fmt_vid_out (git-fixes).
• media: coda: set min_buffers_needed (git-fixes).
• media: coda: wake up capture queue on encoder stop after output streamoff (git-fixes).
• media: dvb-usb: Add memory free on error path in dw2102_probe() (git-fixes).
• media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
• media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
• media: dw2102: Fix memleak on sequence of probes (git-fixes).
• media: dw2102: Fix use after free (git-fixes).
• media: dw2102: make dvb_usb_device_description structures const (git-fixes).
• media: m920x: do not use stack on USB reads (git-fixes).
• media: rc: do not remove first bit if leader pulse is present (git-fixes).
• media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote (git-fixes).
• media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
• media: uvcvideo: Set capability in s_param (git-fixes).
• net: bonding: debug: avoid printing debug logs when bond is not notifying peers (git-fixes).
• net: fec: add missed clk_disable_unprepare in remove (git-fixes).
• net: fec: Better handle pm_runtime_get() failing in .remove() (git-fixes).
• net: fec: fix clock count mis-match (git-fixes).
• net: fec: fix use-after-free in fec_drv_remove (git-fixes).
• net: hisilicon: Fix dma_map_single failed on arm64 (git-fixes).
• net: hisilicon: fix hip04-xmit never return TX_BUSY (git-fixes).
• net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (git-fixes).
• net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes).
• net: hns3: add compatible handling for MAC VLAN switch parameter configuration (git-fixes).
• net: hns3: not allow SSU loopback while execute ethtool -t dev (git-fixes).
• net: lpc-enet: fix printk format strings (git-fixes).
• net: nfc: llcp: Add lock when modifying device list (git-fixes).
• net: phy: dp83867: enable robust auto-mdix (git-fixes).
• net: phy: initialise phydev speed and duplex sanely (git-fixes).
• net: sfp: add mutex to prevent concurrent state checks (git-fixes).
• net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context (git-fixes).
• net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
• net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (git-fixes).
• net/sched: tcindex: search key must be 16 bits (git-fixes).
• nfsd: Do not refuse to serve out of cache (bsc#1220957).
• PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
• s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607).
• stmmac: fix potential division by 0 (git-fixes).
• tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
• usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
• usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
• usb: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (bsc#1218527).
• usb: musb: dsps: Fix the probe error path (git-fixes).
• usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
• usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
• usb: typec: tcpci: clear the fault status bit (git-fixes).
• wcn36xx: Fix (QoS) null data frame bitrate/modulation (git-fixes).
• wcn36xx: Fix discarded frames due to wrong sequence number (git-fixes).
• wcn36xx: fix RX BD rate mapping for 5GHz legacy rates (git-fixes).
• x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
• x86/bugs: Add asm helpers for executing VERW (bsc#1213456).
• x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add mds_user_clear to kABI severity as it's used purely for mitigation so it's low risk.
• x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
• x86/entry_32: Add VERW just before userspace transition (git-fixes).
• x86/entry_64: Add VERW just before userspace transition (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-975=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-975=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-975=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.173.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • kernel-azure-base-4.12.14-16.173.1
  • kernel-azure-base-debuginfo-4.12.14-16.173.1
  • kernel-azure-debugsource-4.12.14-16.173.1
  • kernel-azure-debuginfo-4.12.14-16.173.1
  • kernel-azure-devel-4.12.14-16.173.1
  • kernel-syms-azure-4.12.14-16.173.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.173.1
  • kernel-devel-azure-4.12.14-16.173.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.173.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • kernel-azure-base-4.12.14-16.173.1
  • kernel-azure-base-debuginfo-4.12.14-16.173.1
  • kernel-azure-debugsource-4.12.14-16.173.1
  • kernel-azure-debuginfo-4.12.14-16.173.1
  • kernel-azure-devel-4.12.14-16.173.1
  • kernel-syms-azure-4.12.14-16.173.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.173.1
  • kernel-devel-azure-4.12.14-16.173.1
• SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.173.1
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • kernel-azure-base-4.12.14-16.173.1
  • kernel-azure-base-debuginfo-4.12.14-16.173.1
  • kernel-azure-debugsource-4.12.14-16.173.1
  • kernel-azure-debuginfo-4.12.14-16.173.1
  • kernel-azure-devel-4.12.14-16.173.1
  • kernel-syms-azure-4.12.14-16.173.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.173.1
  • kernel-devel-azure-4.12.14-16.173.1

References:

• https://www.suse.com/security/cve/CVE-2019-25162.html
• https://www.suse.com/security/cve/CVE-2020-36777.html
• https://www.suse.com/security/cve/CVE-2020-36784.html
• https://www.suse.com/security/cve/CVE-2021-33200.html
• https://www.suse.com/security/cve/CVE-2021-46906.html
• https://www.suse.com/security/cve/CVE-2021-46915.html
• https://www.suse.com/security/cve/CVE-2021-46921.html
• https://www.suse.com/security/cve/CVE-2021-46924.html
• https://www.suse.com/security/cve/CVE-2021-46929.html
• https://www.suse.com/security/cve/CVE-2021-46932.html
• https://www.suse.com/security/cve/CVE-2021-46953.html
• https://www.suse.com/security/cve/CVE-2021-46974.html
• https://www.suse.com/security/cve/CVE-2021-46991.html
• https://www.suse.com/security/cve/CVE-2021-46992.html
• https://www.suse.com/security/cve/CVE-2021-47013.html
• https://www.suse.com/security/cve/CVE-2021-47054.html
• https://www.suse.com/security/cve/CVE-2021-47076.html
• https://www.suse.com/security/cve/CVE-2021-47077.html
• https://www.suse.com/security/cve/CVE-2021-47078.html
• https://www.suse.com/security/cve/CVE-2022-20154.html
• https://www.suse.com/security/cve/CVE-2022-48627.html
• https://www.suse.com/security/cve/CVE-2023-28746.html
• https://www.suse.com/security/cve/CVE-2023-35827.html
• https://www.suse.com/security/cve/CVE-2023-46343.html
• https://www.suse.com/security/cve/CVE-2023-52340.html
• https://www.suse.com/security/cve/CVE-2023-52429.html
• https://www.suse.com/security/cve/CVE-2023-52443.html
• https://www.suse.com/security/cve/CVE-2023-52445.html
• https://www.suse.com/security/cve/CVE-2023-52449.html
• https://www.suse.com/security/cve/CVE-2023-52451.html
• https://www.suse.com/security/cve/CVE-2023-52464.html
• https://www.suse.com/security/cve/CVE-2023-52475.html
• https://www.suse.com/security/cve/CVE-2023-52478.html
• https://www.suse.com/security/cve/CVE-2023-52482.html
• https://www.suse.com/security/cve/CVE-2023-52502.html
• https://www.suse.com/security/cve/CVE-2023-52530.html
• https://www.suse.com/security/cve/CVE-2023-52531.html
• https://www.suse.com/security/cve/CVE-2023-52532.html
• https://www.suse.com/security/cve/CVE-2023-52574.html
• https://www.suse.com/security/cve/CVE-2023-52597.html
• https://www.suse.com/security/cve/CVE-2023-52605.html
• https://www.suse.com/security/cve/CVE-2023-6356.html
• https://www.suse.com/security/cve/CVE-2023-6535.html
• https://www.suse.com/security/cve/CVE-2023-6536.html
• https://www.suse.com/security/cve/CVE-2024-0607.html
• https://www.suse.com/security/cve/CVE-2024-1151.html
• https://www.suse.com/security/cve/CVE-2024-23849.html
• https://www.suse.com/security/cve/CVE-2024-23851.html
• https://www.suse.com/security/cve/CVE-2024-26585.html
• https://www.suse.com/security/cve/CVE-2024-26595.html
• https://www.suse.com/security/cve/CVE-2024-26600.html
• https://www.suse.com/security/cve/CVE-2024-26622.html
• https://bugzilla.suse.com/show_bug.cgi?id=1050549
• https://bugzilla.suse.com/show_bug.cgi?id=1186484
• https://bugzilla.suse.com/show_bug.cgi?id=1200599
• https://bugzilla.suse.com/show_bug.cgi?id=1212514
• https://bugzilla.suse.com/show_bug.cgi?id=1213456
• https://bugzilla.suse.com/show_bug.cgi?id=1217987
• https://bugzilla.suse.com/show_bug.cgi?id=1217988
• https://bugzilla.suse.com/show_bug.cgi?id=1217989
• https://bugzilla.suse.com/show_bug.cgi?id=1218450
• https://bugzilla.suse.com/show_bug.cgi?id=1218527
• https://bugzilla.suse.com/show_bug.cgi?id=1218915
• https://bugzilla.suse.com/show_bug.cgi?id=1219127
• https://bugzilla.suse.com/show_bug.cgi?id=1219146
• https://bugzilla.suse.com/show_bug.cgi?id=1219295
• https://bugzilla.suse.com/show_bug.cgi?id=1219653
• https://bugzilla.suse.com/show_bug.cgi?id=1219827
• https://bugzilla.suse.com/show_bug.cgi?id=1219835
• https://bugzilla.suse.com/show_bug.cgi?id=1220187
• https://bugzilla.suse.com/show_bug.cgi?id=1220238
• https://bugzilla.suse.com/show_bug.cgi?id=1220240
• https://bugzilla.suse.com/show_bug.cgi?id=1220241
• https://bugzilla.suse.com/show_bug.cgi?id=1220250
• https://bugzilla.suse.com/show_bug.cgi?id=1220330
• https://bugzilla.suse.com/show_bug.cgi?id=1220340
• https://bugzilla.suse.com/show_bug.cgi?id=1220344
• https://bugzilla.suse.com/show_bug.cgi?id=1220409
• https://bugzilla.suse.com/show_bug.cgi?id=1220421
• https://bugzilla.suse.com/show_bug.cgi?id=1220436
• https://bugzilla.suse.com/show_bug.cgi?id=1220444
• https://bugzilla.suse.com/show_bug.cgi?id=1220459
• https://bugzilla.suse.com/show_bug.cgi?id=1220468
• https://bugzilla.suse.com/show_bug.cgi?id=1220482
• https://bugzilla.suse.com/show_bug.cgi?id=1220526
• https://bugzilla.suse.com/show_bug.cgi?id=1220570
• https://bugzilla.suse.com/show_bug.cgi?id=1220575
• https://bugzilla.suse.com/show_bug.cgi?id=1220599
• https://bugzilla.suse.com/show_bug.cgi?id=1220607
• https://bugzilla.suse.com/show_bug.cgi?id=1220613
• https://bugzilla.suse.com/show_bug.cgi?id=1220638
• https://bugzilla.suse.com/show_bug.cgi?id=1220641
• https://bugzilla.suse.com/show_bug.cgi?id=1220649
• https://bugzilla.suse.com/show_bug.cgi?id=1220700
• https://bugzilla.suse.com/show_bug.cgi?id=1220735
• https://bugzilla.suse.com/show_bug.cgi?id=1220767
• https://bugzilla.suse.com/show_bug.cgi?id=1220796
• https://bugzilla.suse.com/show_bug.cgi?id=1220825
• https://bugzilla.suse.com/show_bug.cgi?id=1220831
• https://bugzilla.suse.com/show_bug.cgi?id=1220845
• https://bugzilla.suse.com/show_bug.cgi?id=1220860
• https://bugzilla.suse.com/show_bug.cgi?id=1220861
• https://bugzilla.suse.com/show_bug.cgi?id=1220863
• https://bugzilla.suse.com/show_bug.cgi?id=1220870
• https://bugzilla.suse.com/show_bug.cgi?id=1220930
• https://bugzilla.suse.com/show_bug.cgi?id=1220931
• https://bugzilla.suse.com/show_bug.cgi?id=1220932
• https://bugzilla.suse.com/show_bug.cgi?id=1220957
• https://bugzilla.suse.com/show_bug.cgi?id=1221039
• https://bugzilla.suse.com/show_bug.cgi?id=1221040
• https://bugzilla.suse.com/show_bug.cgi?id=1221287