

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:3391-1  
Rating: important  
References:

  * #1199304
  * #1206418
  * #1207270
  * #1210584
  * #1211131
  * #1211738
  * #1211867
  * #1212301
  * #1212741
  * #1212835
  * #1212846
  * #1213059
  * #1213061
  * #1213167
  * #1213245
  * #1213286
  * #1213287
  * #1213354
  * #1213543
  * #1213585
  * #1213586
  * #1213588
  * #1213653
  * #1213868
  * PED-4567

  
Cross-References:

  * CVE-2022-40982
  * CVE-2023-0459
  * CVE-2023-20569
  * CVE-2023-20593
  * CVE-2023-2156
  * CVE-2023-2985
  * CVE-2023-3117
  * CVE-2023-31248
  * CVE-2023-3390
  * CVE-2023-35001
  * CVE-2023-3567
  * CVE-2023-3609
  * CVE-2023-3611
  * CVE-2023-3776
  * CVE-2023-3812

  
CVSS scores:

  * CVE-2022-40982 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2022-40982 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-0459 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-0459 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20569 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-20569 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20593 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20593 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-2156 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2156 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2985 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2985 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-3117 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3117 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31248 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31248 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3390 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3390 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-35001 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-35001 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3567 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3567 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3609 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3609 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3611 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3611 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3776 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3776 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3812 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3812 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * SUSE Enterprise Storage 7.1
  * SUSE Linux Enterprise High Availability Extension 15 SP3
  * SUSE Linux Enterprise High Performance Computing 15 SP3
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  * SUSE Linux Enterprise Live Patching 15-SP3
  * SUSE Linux Enterprise Micro 5.1
  * SUSE Linux Enterprise Micro 5.2
  * SUSE Linux Enterprise Micro for Rancher 5.2
  * SUSE Linux Enterprise Server 15 SP3
  * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3
  * SUSE Manager Proxy 4.2
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Server 4.2

  
  
An update that solves 15 vulnerabilities, contains one feature and has nine
fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  * CVE-2022-40982: Fixed transient execution attack called "Gather Data
    Sampling" (bsc#1206418).
  * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
    (bsc#1211738).
  * CVE-2023-20569: Fixed side channel attack âInceptionâ or âRAS Poisoningâ
    (bsc#1213287).
  * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
    attacker to potentially access sensitive information (bsc#1213286).
  * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
    of the RPL protocol (bsc#1211131).
  * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
    fs/hfsplus/super.c that could allow a local user to cause a denial of
    service (bsc#1211867).
  * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
    subsystem when processing named and anonymous sets in batch requests that
    could allow a local user with CAP_NET_ADMIN capability to crash or
    potentially escalate their privileges on the system (bsc#1213245).
  * CVE-2023-31248: Fixed an use-after-free vulnerability in
    nft_chain_lookup_byid that could allow a local attacker to escalate their
    privilege (bsc#1213061).
  * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
    subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
    with user access to cause a privilege escalation issue (bsc#1212846).
  * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
    that could allow a local attacker to escalate their privilege (bsc#1213059).
  * CVE-2023-3567: Fixed a use-after-free in vcs_read in
    drivers/tty/vt/vc_screen.c (bsc#1213167).
  * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
    (bsc#1213586).
  * CVE-2023-3611: Fixed an out-of-bounds write in net/sched
    sch_qfq(bsc#1213585).
  * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
    free (bsc#1213588).
  * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
    device driver functionality that could allow a local user to crash or
    potentially escalate their privileges on the system (bsc#1213543).

The following non-security bugs were fixed:

  * arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
  * block, bfq: fix division by zero error on zero wsum (bsc#1213653).
  * get module prefix from kmod (bsc#1212835).
  * init, x86: move mem_encrypt_init() into arch_cpu_finalize_init()
    (bsc#1206418).
  * init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
  * init: provide arch_cpu_finalize_init() (bsc#1206418).
  * init: remove check_bugs() leftovers (bsc#1206418).
  * jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
  * kernel-binary.spec.in: remove superfluous %% in supplements fixes:
    02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
    to in-tree kmps")
  * kernel-docs: add buildrequires on python3-base when using python3 the
    python3 binary is provided by python3-base.
  * kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
  * keys: do not cache key in task struct if key is requested from kernel thread
    (bsc#1213354).
  * lockdep: add preemption enabled/disabled assertion apis (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: add __always_inline annotation to __down_read_common() and
    inlined callers (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: allow slowpath writer to ignore handoff bit if not set by
    first waiter (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: conditionally wake waiters in reader/writer slowpaths
    (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: disable preemption for spinning region (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: disable preemption in all down_read*() and up_read() code
    paths (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: disable preemption in all down_write*() and up_write() code
    paths (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: enable reader optimistic lock stealing (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: fix comments about reader optimistic lock stealing conditions
    (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: make handoff bit handling more consistent (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: no need to check for handoff bit if wait queue empty
    (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: optimize down_read_trylock() under highly contended case
    (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath()
    (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: prevent non-first waiter from spinning in down_write()
    slowpath (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
  * locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270
    jsc#ped-4567).
  * locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
  * locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
  * locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270
    jsc#ped-4567).
  * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
  * net: mana: add support for vlan tagging (bsc#1212301).
  * ocfs2: fix a deadlock when commit trans (bsc#1199304).
  * ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
  * ocfs2: fix race between searching chunks and release journal_head from
    buffer_head (bsc#1199304).
  * remove more packaging cruft for sle < 12 sp3
  * rpm/check-for-config-changes: ignore also pahole_has_* we now also have
    options like config_pahole_has_lang_exclude.
  * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
    they depend on config_toolchain_has__.
  * rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
  * rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
  * ubi: ensure that vid header offset + vid header size <= alloc, size
    (bsc#1210584).
  * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
    (bsc#1210584).
  * usrmerge: adjust module path in the kernel sources (bsc#1212835).
  * x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
  * x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
  * x86/microcode/AMD: Make stub function static inline (bsc#1213868).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-3391=1

  * SUSE Linux Enterprise Live Patching 15-SP3  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3391=1  
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

  * SUSE Linux Enterprise High Availability Extension 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3391=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3391=1

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3391=1

  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3391=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP3  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3391=1

  * SUSE Manager Proxy 4.2  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3391=1

  * SUSE Manager Retail Branch Server 4.2  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3391=1

  * SUSE Manager Server 4.2  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3391=1

  * SUSE Enterprise Storage 7.1  
    zypper in -t patch SUSE-Storage-7.1-2023-3391=1

  * SUSE Linux Enterprise Micro 5.1  
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3391=1

  * SUSE Linux Enterprise Micro 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1

  * SUSE Linux Enterprise Micro for Rancher 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1

## Package List:

  * openSUSE Leap 15.4 (nosrc)
    * dtb-aarch64-5.3.18-150300.59.130.1
  * openSUSE Leap 15.4 (aarch64)
    * dtb-al-5.3.18-150300.59.130.1
    * dtb-zte-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
    * kernel-default-livepatch-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-livepatch-devel-5.3.18-150300.59.130.1
    * kernel-livepatch-5_3_18-150300_59_130-default-1-150300.7.3.1
  * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
    s390x x86_64)
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.130.1
    * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1
    * cluster-md-kmp-default-5.3.18-150300.59.130.1
    * gfs2-kmp-default-5.3.18-150300.59.130.1
    * gfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1
    * ocfs2-kmp-default-5.3.18-150300.59.130.1
    * dlm-kmp-default-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * dlm-kmp-default-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
    nosrc)
    * kernel-64kb-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64)
    * kernel-64kb-debugsource-5.3.18-150300.59.130.1
    * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-64kb-devel-5.3.18-150300.59.130.1
    * kernel-64kb-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc
    x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
    x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-obs-build-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-5.3.18-150300.59.130.1
    * kernel-syms-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-obs-build-5.3.18-150300.59.130.1
    * kernel-preempt-devel-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
    * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-source-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc)
    * kernel-docs-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
    * kernel-64kb-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
    * kernel-64kb-debugsource-5.3.18-150300.59.130.1
    * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-64kb-devel-5.3.18-150300.59.130.1
    * kernel-64kb-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
    x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
    x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-obs-build-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-5.3.18-150300.59.130.1
    * kernel-syms-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-obs-build-5.3.18-150300.59.130.1
    * kernel-preempt-devel-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
    * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-source-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
    * kernel-docs-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc)
    * kernel-64kb-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64)
    * kernel-64kb-debugsource-5.3.18-150300.59.130.1
    * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-64kb-devel-5.3.18-150300.59.130.1
    * kernel-64kb-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
    x86_64 nosrc)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
    x86_64)
    * kernel-obs-build-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-5.3.18-150300.59.130.1
    * kernel-syms-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-obs-build-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-source-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc)
    * kernel-docs-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-preempt-devel-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x)
    * kernel-zfcpdump-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x)
    * kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1
    * kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
    x86_64)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
    * kernel-obs-build-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-5.3.18-150300.59.130.1
    * kernel-syms-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-obs-build-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-source-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
    * kernel-docs-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-preempt-devel-5.3.18-150300.59.130.1
  * SUSE Manager Proxy 4.2 (nosrc x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Manager Proxy 4.2 (x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
  * SUSE Manager Proxy 4.2 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Manager Retail Branch Server 4.2 (x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
  * SUSE Manager Retail Branch Server 4.2 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (ppc64le s390x x86_64)
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (nosrc s390x)
    * kernel-zfcpdump-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (s390x)
    * kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1
    * kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (nosrc x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
  * SUSE Manager Server 4.2 (x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
  * SUSE Enterprise Storage 7.1 (aarch64 nosrc)
    * kernel-64kb-5.3.18-150300.59.130.1
  * SUSE Enterprise Storage 7.1 (aarch64)
    * kernel-64kb-debugsource-5.3.18-150300.59.130.1
    * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-64kb-devel-5.3.18-150300.59.130.1
    * kernel-64kb-debuginfo-5.3.18-150300.59.130.1
  * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
    * kernel-preempt-5.3.18-150300.59.130.1
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Enterprise Storage 7.1 (aarch64 x86_64)
    * kernel-preempt-debugsource-5.3.18-150300.59.130.1
    * kernel-obs-build-debugsource-5.3.18-150300.59.130.1
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-5.3.18-150300.59.130.1
    * kernel-syms-5.3.18-150300.59.130.1
    * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
    * kernel-obs-build-5.3.18-150300.59.130.1
    * kernel-preempt-devel-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-preempt-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
    * kernel-default-devel-5.3.18-150300.59.130.1
    * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
    * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
  * SUSE Enterprise Storage 7.1 (noarch)
    * kernel-macros-5.3.18-150300.59.130.1
    * kernel-source-5.3.18-150300.59.130.1
    * kernel-devel-5.3.18-150300.59.130.1
  * SUSE Enterprise Storage 7.1 (noarch nosrc)
    * kernel-docs-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
  * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.3.18-150300.59.130.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
    * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
    * kernel-default-debuginfo-5.3.18-150300.59.130.1
    * kernel-default-debugsource-5.3.18-150300.59.130.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-40982.html
  * https://www.suse.com/security/cve/CVE-2023-0459.html
  * https://www.suse.com/security/cve/CVE-2023-20569.html
  * https://www.suse.com/security/cve/CVE-2023-20593.html
  * https://www.suse.com/security/cve/CVE-2023-2156.html
  * https://www.suse.com/security/cve/CVE-2023-2985.html
  * https://www.suse.com/security/cve/CVE-2023-3117.html
  * https://www.suse.com/security/cve/CVE-2023-31248.html
  * https://www.suse.com/security/cve/CVE-2023-3390.html
  * https://www.suse.com/security/cve/CVE-2023-35001.html
  * https://www.suse.com/security/cve/CVE-2023-3567.html
  * https://www.suse.com/security/cve/CVE-2023-3609.html
  * https://www.suse.com/security/cve/CVE-2023-3611.html
  * https://www.suse.com/security/cve/CVE-2023-3776.html
  * https://www.suse.com/security/cve/CVE-2023-3812.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1199304
  * https://bugzilla.suse.com/show_bug.cgi?id=1206418
  * https://bugzilla.suse.com/show_bug.cgi?id=1207270
  * https://bugzilla.suse.com/show_bug.cgi?id=1210584
  * https://bugzilla.suse.com/show_bug.cgi?id=1211131
  * https://bugzilla.suse.com/show_bug.cgi?id=1211738
  * https://bugzilla.suse.com/show_bug.cgi?id=1211867
  * https://bugzilla.suse.com/show_bug.cgi?id=1212301
  * https://bugzilla.suse.com/show_bug.cgi?id=1212741
  * https://bugzilla.suse.com/show_bug.cgi?id=1212835
  * https://bugzilla.suse.com/show_bug.cgi?id=1212846
  * https://bugzilla.suse.com/show_bug.cgi?id=1213059
  * https://bugzilla.suse.com/show_bug.cgi?id=1213061
  * https://bugzilla.suse.com/show_bug.cgi?id=1213167
  * https://bugzilla.suse.com/show_bug.cgi?id=1213245
  * https://bugzilla.suse.com/show_bug.cgi?id=1213286
  * https://bugzilla.suse.com/show_bug.cgi?id=1213287
  * https://bugzilla.suse.com/show_bug.cgi?id=1213354
  * https://bugzilla.suse.com/show_bug.cgi?id=1213543
  * https://bugzilla.suse.com/show_bug.cgi?id=1213585
  * https://bugzilla.suse.com/show_bug.cgi?id=1213586
  * https://bugzilla.suse.com/show_bug.cgi?id=1213588
  * https://bugzilla.suse.com/show_bug.cgi?id=1213653
  * https://bugzilla.suse.com/show_bug.cgi?id=1213868
  * https://jira.suse.com/login.jsp

openSUSE: 2023:3391-1: important: the Linux Kernel Security Advisory Update

August 23, 2023

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes

Description

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack âInceptionâ or âRAS Poisoningâ (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). * CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). * CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after- free (bsc#1213588). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: * arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * block, bfq: fix division by zero error on zero wsum (bsc#1213653). * get module prefix from kmod (bsc#1212835). * init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). * init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). * init: provide arch_cpu_finalize_init() (bsc#1206418). * init: remove check_bugs() leftovers (bsc#1206418). * jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). * kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps") * kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. * kernel-docs: use python3 together with python3-sphinx (bsc#1212741). * keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). * lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). * locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). * locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). * locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). * locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). * locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). * locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). * locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). * locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). * locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). * locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). * locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). * locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). * locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). * locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). * locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). * locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). * locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). * locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). * locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). * locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). * locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). * net: mana: add support for vlan tagging (bsc#1212301). * ocfs2: fix a deadlock when commit trans (bsc#1199304). * ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). * ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). * remove more packaging cruft for sle < 12 sp3 * rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe they depend on config_toolchain_has__. * rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). * rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). * ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). * usrmerge: adjust module path in the kernel sources (bsc#1212835). * x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). * x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). * x86/microcode/AMD: Make stub function static inline (bsc#1213868). ## Special Instructions and Notes: * Please reboot the system after installing this update.

Patch

## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3391=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3391=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3391=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3391=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3391=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3391=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3391=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3391=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3391=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3391=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3391=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3391=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1

Package List

* openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.130.1 * openSUSE Leap 15.4 (aarch64) * dtb-al-5.3.18-150300.59.130.1 * dtb-zte-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-livepatch-devel-5.3.18-150300.59.130.1 * kernel-livepatch-5_3_18-150300_59_130-default-1-150300.7.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.130.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1 * cluster-md-kmp-default-5.3.18-150300.59.130.1 * gfs2-kmp-default-5.3.18-150300.59.130.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1 * ocfs2-kmp-default-5.3.18-150300.59.130.1 * dlm-kmp-default-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.130.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-64kb-devel-5.3.18-150300.59.130.1 * kernel-64kb-debuginfo-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.130.1 * kernel-default-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.130.1 * kernel-obs-build-debugsource-5.3.18-150300.59.130.1 * kernel-default-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-5.3.18-150300.59.130.1 * kernel-syms-5.3.18-150300.59.130.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.130.1 * kernel-obs-build-5.3.18-150300.59.130.1 * kernel-preempt-devel-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-preempt-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * kernel-default-devel-5.3.18-150300.59.130.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-macros-5.3.18-150300.59.130.1 * kernel-source-5.3.18-150300.59.130.1 * kernel-devel-5.3.18-150300.59.130.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.130.1 * kernel-default-debugsource-5.3.18-150300.59.130.1

References

* #1199304 * #1206418 * #1207270 * #1210584 * #1211131 * #1211738 * #1211867 * #1212301 * #1212741 * #1212835 * #1212846 * #1213059 * #1213061 * #1213167 * #1213245 * #1213286 * #1213287 * #1213354 * #1213543 * #1213585 * #1213586 * #1213588 * #1213653 * #1213868 * PED-4567 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1199304 * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213354 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213653 * https://bugzilla.suse.com/show_bug.cgi?id=1213868 * https://jira.suse.com/login.jsp