# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:3180-1  
Rating: important  
References:

  * #1150305
  * #1193629
  * #1194869
  * #1207894
  * #1208788
  * #1211243
  * #1211867
  * #1212256
  * #1212301
  * #1212525
  * #1212846
  * #1212905
  * #1213059
  * #1213061
  * #1213205
  * #1213206
  * #1213226
  * #1213233
  * #1213245
  * #1213247
  * #1213252
  * #1213258
  * #1213259
  * #1213263
  * #1213264
  * #1213286
  * #1213311
  * #1213493
  * #1213523
  * #1213524
  * #1213533
  * #1213543
  * #1213705

  
Cross-References:

  * CVE-2023-20593
  * CVE-2023-2985
  * CVE-2023-3117
  * CVE-2023-31248
  * CVE-2023-3390
  * CVE-2023-35001
  * CVE-2023-3812

  
CVSS scores:

  * CVE-2023-20593 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20593 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-2985 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2985 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-3117 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3117 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31248 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31248 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3390 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3390 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-35001 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-35001 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3812 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3812 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.5
  * Public Cloud Module 15-SP5
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5

  
  
An update that solves seven vulnerabilities, contains two features and has 26
fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
    device driver functionality that could allow a local user to crash or
    potentially escalate their privileges on the system (bsc#1213543).
  * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
    that could allow a local attacker to escalate their privilege (bsc#1213059).
  * CVE-2023-31248: Fixed an use-after-free vulnerability in
    nft_chain_lookup_byid that could allow a local attacker to escalate their
    privilege (bsc#1213061).
  * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
    subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
    with user access to cause a privilege escalation issue (bsc#1212846).
  * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
    subsystem when processing named and anonymous sets in batch requests that
    could allow a local user with CAP_NET_ADMIN capability to crash or
    potentially escalate their privileges on the system (bsc#1213245).
  * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
    attacker to potentially access sensitive information (bsc#1213286).
  * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
    fs/hfsplus/super.c that could allow a local user to cause a denial of
    service (bsc#1211867).

The following non-security bugs were fixed:

  * Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758).
  * Support sub-NUMA clustering on UV (jsc#PED-4718).
  * Fixed multipath not supported error (bsc#1213311).
  * Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-
    fixes)
  * Revert "drm/i915: Disable DSB usage for now" (git-fixes).
  * acpi: Fix suspend with Xen PV (git-fixes).
  * adreno: Shutdown the GPU properly (git-fixes).
  * arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
  * arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-
    fixes)
  * arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
  * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
  * asoc: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-
    fixes).
  * asoc: SOF: topology: Fix logic for copying tuples (git-fixes).
  * bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-
    fixes).
  * bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes).
  * bluetooth: ISO: fix iso_conn related locking and validity issues (git-
    fixes).
  * bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes).
  * bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
  * bluetooth: fix use-bdaddr-property quirk (git-fixes).
  * bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
  * bluetooth: hci_event: call disconnect callback before deleting conn (git-
    fixes).
  * bluetooth: hci_sync: Avoid use-after-free in dbg for
    hci_remove_adv_monitor() (git-fixes).
  * bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-
    fixes).
  * can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
  * ceph: add a dedicated private data for netfs rreq (bsc#1213205).
  * ceph: fix blindly expanding the readahead windows (bsc#1213206).
  * cifs: add a warning when the in-flight count goes negative (bsc#1193629).
  * cifs: address unused variable warning (bsc#1193629).
  * cifs: do all necessary checks for credits within or before locking
    (bsc#1193629).
  * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
  * cifs: fix max_credits implementation (bsc#1193629).
  * cifs: fix session state check in reconnect to avoid use-after-free issue
    (bsc#1193629).
  * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
  * cifs: fix session state transition to avoid use-after-free issue
    (bsc#1193629).
  * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
  * cifs: fix status checks in cifs_tree_connect (bsc#1193629).
  * cifs: log session id when a matching ses is not found (bsc#1193629).
  * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
  * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
  * cifs: print all credit counters in DebugData (bsc#1193629).
  * cifs: print client_guid in DebugData (bsc#1193629).
  * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
  * cifs: print nosharesock value while dumping mount options (bsc#1193629).
  * codel: fix kernel-doc notation warnings (git-fixes).
  * cpufreq: tegra194: Fix module loading (git-fixes).
  * devlink: fix kernel-doc notation warnings (git-fixes).
  * dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes).
  * drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
  * drm/amd/amdgpu: limit one queue per gang (git-fixes).
  * drm/amd/amdgpu: update mes11 api def (git-fixes).
  * drm/amd/display (gcc13): fix enum mismatch (git-fixes).
  * drm/amd/display: Add Z8 allow states to z-state support list (git-fixes).
  * drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes).
  * drm/amd/display: Add minimum Z8 residency debug option (git-fixes).
  * drm/amd/display: Add missing WA and MCLK validation (git-fixes).
  * drm/amd/display: Change default Z8 watermark values (git-fixes).
  * drm/amd/display: Correct DML calculation to align HW formula (git-fixes).
  * drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes).
  * drm/amd/display: Do not update DRR while BW optimizations pending (git-
    fixes).
  * drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes).
  * drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes).
  * drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes).
  * drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes).
  * drm/amd/display: Fix Z8 support configurations (git-fixes).
  * drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes).
  * drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
  * drm/amd/display: Have Payload Properly Created After Resume (git-fixes).
  * drm/amd/display: Lowering min Z8 residency time (git-fixes).
  * drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes).
  * drm/amd/display: Refactor eDP PSR codes (git-fixes).
  * drm/amd/display: Remove FPU guards from the DML folder (git-fixes).
  * drm/amd/display: Remove optimization for VRR updates (git-fixes).
  * drm/amd/display: Remove stutter only configurations (git-fixes).
  * drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes).
  * drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes).
  * drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes).
  * drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
  * drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes).
  * drm/amd/display: fix a divided-by-zero error (git-fixes).
  * drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
  * drm/amd/display: limit timing for single dimm memory (git-fixes).
  * drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
  * drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
  * drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7
    (git-fixes).
  * drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes).
  * drm/amd/pm: conditionally disable pcie lane switching for some
    sienna_cichlid SKUs (git-fixes).
  * drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-
    fixes).
  * drm/amd/pm: resolve reboot exception for si oland (git-fixes).
  * drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes).
  * drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes).
  * drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
  * drm/amd: Add a new helper for loading/validating microcode (git-fixes).
  * drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes).
  * drm/amd: Load MES microcode during early_init (git-fixes).
  * drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes).
  * drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-
    fixes).
  * drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
  * drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
  * drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
  * drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes).
  * drm/amdgpu/mes11: enable reg active poll (git-fixes).
  * drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes).
  * drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-
    fixes).
  * drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes).
  * drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes).
  * drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function
    (git-fixes).
  * drm/amdgpu: Fix sdma v4 sw fini error (git-fixes).
  * drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes).
  * drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-
    fixes).
  * drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
  * drm/amdgpu: change reserved vram info print (git-fixes).
  * drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes).
  * drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes).
  * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
  * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
  * drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
  * drm/amdgpu: refine get gpu clock counter method (git-fixes).
  * drm/amdgpu: remove deprecated MES version vars (git-fixes).
  * drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
  * drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes).
  * drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
  * drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes).
  * drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes).
  * drm/bridge: anx7625: Prevent endless probe loop (git-fixes).
  * drm/bridge: it6505: Move a variable assignment behind a null pointer check
    in receive_timing_debugfs_show() (git-fixes).
  * drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes).
  * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-
    fixes).
  * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
  * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
  * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
  * drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes).
  * drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
  * drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes).
  * drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes).
  * drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes).
  * drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes).
  * drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes).
  * drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
  * drm/etnaviv: reap idle mapping if it does not match the softpin address
    (git-fixes).
  * drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs
    (bsc#1213493).
  * drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
  * drm/i915/gt: Cleanup partial engine discovery failures (git-fixes).
  * drm/i915/guc: Add error-capture init warnings when needed (git-fixes).
  * drm/i915/guc: Fix missing ecodes (git-fixes).
  * drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes).
  * drm/i915/guc: Rename GuC register state capture node to be more obvious
    (git-fixes).
  * drm/i915/mtl: update scaler source and destination limits for MTL (git-
    fixes).
  * drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-
    fixes).
  * drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-
    fixes).
  * drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-
    fixes).
  * drm/i915: Allow panel fixed modes to have differing sync polarities (git-
    fixes).
  * drm/i915: Check pipe source size when using skl+ scalers (git-fixes).
  * drm/i915: Do panel VBT init early if the VBT declares an explicit panel type
    (git-fixes).
  * drm/i915: Fix TypeC mode initialization during system resume (git-fixes).
  * drm/i915: Fix a memory leak with reused mmap_offset (git-fixes).
  * drm/i915: Fix negative value passed as remaining time (git-fixes).
  * drm/i915: Fix one wrong caching mode enum usage (git-fixes).
  * drm/i915: Introduce intel_panel_init_alloc() (git-fixes).
  * drm/i915: Never return 0 if not all requests retired (git-fixes).
  * drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes).
  * drm/i915: Print return value on error (git-fixes).
  * drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes).
  * drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
  * drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes).
  * drm/msm/adreno: Simplify read64/write64 helpers (git-fixes).
  * drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes).
  * drm/msm/disp/dpu: get timing engine status from intf status register (git-
    fixes).
  * drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes).
  * drm/msm/dpu: Assign missing writeback log_mask (git-fixes).
  * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
  * drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
  * drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-
    fixes).
  * drm/msm/hdmi: use devres helper for runtime PM management (git-fixes).
  * drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-
    fixes).
  * drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-
    fixes).
  * drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
  * drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
  * drm/ttm: Do not leak a resource on swapout move error (git-fixes).
  * drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes).
  * drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-
    fixes).
  * drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable
    implementation (git-fixes).
  * drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable
    implementation (git-fixes).
  * drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable
    (git-fixes).
  * drm/vmwgfx: Remove ttm object hashtable (git-fixes).
  * drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes).
  * drm/vmwgfx: Write the driver id registers (git-fixes).
  * drm: Add fixed-point helper to get rounded integer values (git-fixes).
  * drm: Add missing DP DSC extended capability definitions (git-fixes).
  * drm: Optimize drm buddy top-down allocation method (git-fixes).
  * drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-
    fixes).
  * drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes).
  * drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes).
  * drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes).
  * drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
  * fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
  * fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
  * i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226).
  * irqchip/gic-v3: Claim iomem resources (bsc#1213533)
  * irqchip/gicv3: Handle resource request failure consistently (bsc#1213533)
  * irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533)
  * kABI: do not check external trampolines for signature (kabi bsc#1207894
    bsc#1211243).
  * kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators
    are directly tied to the architecture, there is no reason to have out-of-
    tree production drivers
  * kabi/severities: ignore kABI of i915 module It's exported only for its sub-
    module, not really used by externals
  * kabi/severities: ignore kABI of vmwgfx The driver exports a function
    unnecessarily without used by anyone else. Ignore the kABI changes.
  * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
  * net: mana: Add support for vlan tagging (bsc#1212301).
  * net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
  * net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-
    fixes).
  * net: qrtr: start MHI channel after endpoit creation (git-fixes).
  * nilfs2: reject devices with insufficient block count (git-fixes).
  * ocfs2: Switch to security_inode_init_security() (git-fixes).
  * ocfs2: check new file size on fallocate call (git-fixes).
  * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
  * pci: s390: Fix use-after-free of PCI resources with per-function hotplug
    (bsc#1212525).
  * pci: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-
    fixes).
  * perf/x86/amd/core: Always clear status for idx (bsc#1213233).
  * pie: fix kernel-doc notation warning (git-fixes).
  * powerpc/64: Only WARN if __pa()/__va() called with bad addresses
    (bsc#1194869).
  * powerpc/64s: Fix VAS mm use after free (bsc#1194869).
  * powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
  * powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
  * powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
    (bsc#1194869).
  * powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare()
    (bsc#1194869).
  * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
    boundary (bsc#1150305 ltc#176097 git-fixes).
  * powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
  * powerpc/powernv/sriov: perform null check on iov before dereferencing iov
    (bsc#1194869).
  * powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
    (bsc#1194869).
  * powerpc/prom_init: Fix kernel config grep (bsc#1194869).
  * powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
    (jsc#PED-542 git-fixes).
  * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
  * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
  * powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
  * powerpc: define get_cycles macro for arch-override (bsc#1194869).
  * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
  * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME
    They depend on CONFIG_TOOLCHAIN_HAS__.
  * rsi: remove kernel-doc comment marker (git-fixes).
  * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
  * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
  * s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
  * s390/pci: clean up left over special treatment for function zero
    (bsc#1212525).
  * s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
  * s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
  * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes
    bsc#1213252).
  * s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
    (git-fixes bsc#1213264).
  * s390: discard .interp section (git-fixes bsc#1213247).
  * security: keys: Modify mismatched function name (git-fixes).
  * selftests/ir: fix build with ancient kernel headers (git-fixes).
  * selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
  * selftests: forwarding: Fix packet matching in mirroring selftests (git-
    fixes).
  * selftests: tc: add 'ct' action kconfig dep (git-fixes).
  * selftests: tc: add ConnTrack procfs kconfig (git-fixes).
  * selftests: tc: set timeout to 15 minutes (git-fixes).
  * signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
  * signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
    (bsc#1194869).
  * smb3: do not reserve too many oplock credits (bsc#1193629).
  * smb3: missing null check in SMB2_change_notify (bsc#1193629).
  * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
  * smb: client: fix missed ses refcounting (git-fixes).
  * smb: client: fix parsing of source mount option (bsc#1193629).
  * smb: client: fix shared DFS root mounts with different prefixes
    (bsc#1193629).
  * smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
  * smb: client: fix warning in CIFSFindNext() (bsc#1193629).
  * smb: client: fix warning in cifs_match_super() (bsc#1193629).
  * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
  * smb: client: fix warning in generic_ip_connect() (bsc#1193629).
  * smb: client: improve DFS mount check (bsc#1193629).
  * smb: client: remove redundant pointer 'server' (bsc#1193629).
  * smb: delete an unnecessary statement (bsc#1193629).
  * smb: move client and server files to common directory fs/smb (bsc#1193629).
  * smb: remove obsolete comment (bsc#1193629).
  * soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes).
  * soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes).
  * soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes).
  * spi: bcm63xx: fix max prepend length (git-fixes).
  * swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes).
  * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
    fixes).
  * usb: dwc2: Fix some error handling paths (git-fixes).
  * usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
  * usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
  * usb: typec: Fix fast_role_swap_current show function (git-fixes).
  * usb: typec: Fix fast_role_swap_current show function (git-fixes).
  * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
  * wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware
    restart (git-fixes).
  * wifi: ath11k: Add missing check for ioremap (git-fixes).
  * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
    fixes).
  * x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes).
  * x86/platform/uv: Add platform resolving #defines for misc
    GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718).
  * x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256
    jsc#PED-4718).
  * x86/platform/uv: Helper functions for allocating and freeing conversion
    tables (bsc#1212256 jsc#PED-4718).
  * x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256
    jsc#PED-4718).
  * x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256
    jsc#PED-4718).
  * x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256
    jsc#PED-4718).
  * x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718).
  * x86/platform/uv: When searching for minimums, start at INT_MAX not 99999
    (bsc#1212256 jsc#PED-4718).
  * x86: Fix .brk attribute in linker script (git-fixes).
  * xfs: clean up the rtbitmap fsmap backend (git-fixes).
  * xfs: do not deplete the reserve pool when trying to shrink the fs (git-
    fixes).
  * xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
  * xfs: fix getfsmap reporting past the last rt extent (git-fixes).
  * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
    fixes).
  * xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
  * xfs: fix logdev fsmap query result filtering (git-fixes).
  * xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
  * xfs: fix uninitialized variable access (git-fixes).
  * xfs: make fsmap backend function key parameters const (git-fixes).
  * xfs: make the record pointer passed to query_range functions const (git-
    fixes).
  * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.5  
    zypper in -t patch SUSE-2023-3180=1 openSUSE-SLE-15.5-2023-3180=1

  * Public Cloud Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3180=1

## Package List:

  * openSUSE Leap 15.5 (aarch64 x86_64)
    * kernel-syms-azure-5.14.21-150500.33.11.1
    * kernel-azure-debuginfo-5.14.21-150500.33.11.1
    * dlm-kmp-azure-debuginfo-5.14.21-150500.33.11.1
    * kselftests-kmp-azure-5.14.21-150500.33.11.1
    * ocfs2-kmp-azure-5.14.21-150500.33.11.1
    * kernel-azure-devel-5.14.21-150500.33.11.1
    * kernel-azure-livepatch-devel-5.14.21-150500.33.11.1
    * gfs2-kmp-azure-5.14.21-150500.33.11.1
    * kernel-azure-debugsource-5.14.21-150500.33.11.1
    * reiserfs-kmp-azure-5.14.21-150500.33.11.1
    * kernel-azure-optional-5.14.21-150500.33.11.1
    * dlm-kmp-azure-5.14.21-150500.33.11.1
    * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1
    * cluster-md-kmp-azure-5.14.21-150500.33.11.1
    * kernel-azure-optional-debuginfo-5.14.21-150500.33.11.1
    * kernel-azure-extra-5.14.21-150500.33.11.1
    * kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1
    * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.11.1
    * kernel-azure-extra-debuginfo-5.14.21-150500.33.11.1
    * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1
    * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.11.1
    * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.11.1
  * openSUSE Leap 15.5 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150500.33.11.1
  * openSUSE Leap 15.5 (x86_64)
    * kernel-azure-vdso-5.14.21-150500.33.11.1
    * kernel-azure-vdso-debuginfo-5.14.21-150500.33.11.1
  * openSUSE Leap 15.5 (noarch)
    * kernel-source-azure-5.14.21-150500.33.11.1
    * kernel-devel-azure-5.14.21-150500.33.11.1
  * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150500.33.11.1
  * Public Cloud Module 15-SP5 (aarch64 x86_64)
    * kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1
    * kernel-syms-azure-5.14.21-150500.33.11.1
    * kernel-azure-debuginfo-5.14.21-150500.33.11.1
    * kernel-azure-devel-5.14.21-150500.33.11.1
    * kernel-azure-debugsource-5.14.21-150500.33.11.1
  * Public Cloud Module 15-SP5 (noarch)
    * kernel-source-azure-5.14.21-150500.33.11.1
    * kernel-devel-azure-5.14.21-150500.33.11.1

## References:

  * https://www.suse.com/security/cve/CVE-2023-20593.html
  * https://www.suse.com/security/cve/CVE-2023-2985.html
  * https://www.suse.com/security/cve/CVE-2023-3117.html
  * https://www.suse.com/security/cve/CVE-2023-31248.html
  * https://www.suse.com/security/cve/CVE-2023-3390.html
  * https://www.suse.com/security/cve/CVE-2023-35001.html
  * https://www.suse.com/security/cve/CVE-2023-3812.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1150305
  * https://bugzilla.suse.com/show_bug.cgi?id=1193629
  * https://bugzilla.suse.com/show_bug.cgi?id=1194869
  * https://bugzilla.suse.com/show_bug.cgi?id=1207894
  * https://bugzilla.suse.com/show_bug.cgi?id=1208788
  * https://bugzilla.suse.com/show_bug.cgi?id=1211243
  * https://bugzilla.suse.com/show_bug.cgi?id=1211867
  * https://bugzilla.suse.com/show_bug.cgi?id=1212256
  * https://bugzilla.suse.com/show_bug.cgi?id=1212301
  * https://bugzilla.suse.com/show_bug.cgi?id=1212525
  * https://bugzilla.suse.com/show_bug.cgi?id=1212846
  * https://bugzilla.suse.com/show_bug.cgi?id=1212905
  * https://bugzilla.suse.com/show_bug.cgi?id=1213059
  * https://bugzilla.suse.com/show_bug.cgi?id=1213061
  * https://bugzilla.suse.com/show_bug.cgi?id=1213205
  * https://bugzilla.suse.com/show_bug.cgi?id=1213206
  * https://bugzilla.suse.com/show_bug.cgi?id=1213226
  * https://bugzilla.suse.com/show_bug.cgi?id=1213233
  * https://bugzilla.suse.com/show_bug.cgi?id=1213245
  * https://bugzilla.suse.com/show_bug.cgi?id=1213247
  * https://bugzilla.suse.com/show_bug.cgi?id=1213252
  * https://bugzilla.suse.com/show_bug.cgi?id=1213258
  * https://bugzilla.suse.com/show_bug.cgi?id=1213259
  * https://bugzilla.suse.com/show_bug.cgi?id=1213263
  * https://bugzilla.suse.com/show_bug.cgi?id=1213264
  * https://bugzilla.suse.com/show_bug.cgi?id=1213286
  * https://bugzilla.suse.com/show_bug.cgi?id=1213311
  * https://bugzilla.suse.com/show_bug.cgi?id=1213493
  * https://bugzilla.suse.com/show_bug.cgi?id=1213523
  * https://bugzilla.suse.com/show_bug.cgi?id=1213524
  * https://bugzilla.suse.com/show_bug.cgi?id=1213533
  * https://bugzilla.suse.com/show_bug.cgi?id=1213543
  * https://bugzilla.suse.com/show_bug.cgi?id=1213705
  * https://jira.suse.com/login.jsp
  * https://jira.suse.com/login.jsp

openSUSE: 2023:3180-1: important: the Linux Kernel Security Advisory Update

August 3, 2023
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes

Description

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter s...

Read the Full Advisory

 

Patch

## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3180=1 openSUSE-SLE-15.5-2023-3180=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3180=1


Package List

* openSUSE Leap 15.5 (aarch64 x86_64) * kernel-syms-azure-5.14.21-150500.33.11.1 * kernel-azure-debuginfo-5.14.21-150500.33.11.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * kselftests-kmp-azure-5.14.21-150500.33.11.1 * ocfs2-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-devel-5.14.21-150500.33.11.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.11.1 * gfs2-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-debugsource-5.14.21-150500.33.11.1 * reiserfs-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-optional-5.14.21-150500.33.11.1 * dlm-kmp-azure-5.14.21-150500.33.11.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * cluster-md-kmp-azure-5.14.21-150500.33.11.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.11.1 * kernel-azure-extra-5.14.21-150500.33.11.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.11.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.11.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.11.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-5.14.21-150500.33.11.1 * kernel-azure-vdso-debuginfo-5.14.21-150500.33.11.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.11.1 * kernel-devel-azure-5.14.21-150500.33.11.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.11.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1 * kernel-syms-azure-5.14.21-150500.33.11.1 * kernel-azure-debuginfo-5.14.21-150500.33.11.1 * kernel-azure-devel-5.14.21-150500.33.11.1 * kernel-azure-debugsource-5.14.21-150500.33.11.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.11.1 * kernel-devel-azure-5.14.21-150500.33.11.1


References

* #1150305 * #1193629 * #1194869 * #1207894 * #1208788 * #1211243 * #1211867 * #1212256 * #1212301 * #1212525 * #1212846 * #1212905 * #1213059 * #1213061 * #1213205 * #1213206 * #1213226 * #1213233 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213286 * #1213311 * #1213493 * #1213523 * #1213524 * #1213533 * #1213543 * #1213705 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212256 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212525 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213205 * https://bugzilla.suse.com/show_bug.cgi?id=1213206 * https://bugzilla.suse.com/show_bug.cgi?id=1213226 * https://bugzilla.suse.com/show_bug.cgi?id=1213233 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213311 * https://bugzilla.suse.com/show_bug.cgi?id=1213493 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213533 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://jira.suse.com/login.jsp * https://jira.suse.com/login.jsp


Severity
Announcement ID: SUSE-SU-2023:3180-1
Rating: important

Related News