# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4732-1  
Rating: important  
References:

  * bsc#1207948
  * bsc#1210447
  * bsc#1212649
  * bsc#1214286
  * bsc#1214700
  * bsc#1214840
  * bsc#1214976
  * bsc#1215095
  * bsc#1215123
  * bsc#1215124
  * bsc#1215292
  * bsc#1215420
  * bsc#1215458
  * bsc#1215710
  * bsc#1215802
  * bsc#1215931
  * bsc#1216058
  * bsc#1216105
  * bsc#1216259
  * bsc#1216527
  * bsc#1216584
  * bsc#1216621
  * bsc#1216687
  * bsc#1216693
  * bsc#1216759
  * bsc#1216761
  * bsc#1216788
  * bsc#1216844
  * bsc#1216861
  * bsc#1216909
  * bsc#1216959
  * bsc#1216965
  * bsc#1216976
  * bsc#1217036
  * bsc#1217068
  * bsc#1217086
  * bsc#1217095
  * bsc#1217124
  * bsc#1217140
  * bsc#1217147
  * bsc#1217195
  * bsc#1217196
  * bsc#1217200
  * bsc#1217205
  * bsc#1217332
  * bsc#1217366
  * bsc#1217511
  * bsc#1217515
  * bsc#1217598
  * bsc#1217599
  * bsc#1217609
  * bsc#1217687
  * bsc#1217731
  * bsc#1217780
  * jsc#PED-3184
  * jsc#PED-5021
  * jsc#PED-7237

  
Cross-References:

  * CVE-2023-2006
  * CVE-2023-25775
  * CVE-2023-3777
  * CVE-2023-39197
  * CVE-2023-39198
  * CVE-2023-4244
  * CVE-2023-45863
  * CVE-2023-45871
  * CVE-2023-46813
  * CVE-2023-46862
  * CVE-2023-5158
  * CVE-2023-5633
  * CVE-2023-5717
  * CVE-2023-6039
  * CVE-2023-6176

  
CVSS scores:

  * CVE-2023-2006 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2006 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-25775 ( SUSE ):  5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  * CVE-2023-25775 ( NVD ):  5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  * CVE-2023-3777 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3777 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-39197 ( SUSE ):  4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
  * CVE-2023-39198 ( SUSE ):  7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  * CVE-2023-39198 ( NVD ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4244 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4244 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45863 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45863 ( NVD ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45871 ( SUSE ):  5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-45871 ( NVD ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-46813 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-46813 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-46862 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-46862 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-5158 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-5158 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-5633 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-5633 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-5717 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-5717 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6039 ( SUSE ):  6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6039 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6176 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6176 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.5
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Live Patching 15-SP5
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Micro 6.0
  * SUSE Linux Enterprise Real Time 15 SP5
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Real Time Module 15-SP5

  
  
An update that solves 15 vulnerabilities, contains three features and has 39
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
    (bsc#1210447).
  * CVE-2023-25775: Fixed improper access control in the Intel Ethernet
    Controller RDMA driver (bsc#1216959).
  * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
    component can be exploited to achieve local privilege escalation.
    (bsc#1215095)
  * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
    (bsc#1216976).
  * CVE-2023-39198: Fixed a race condition leading to use-after-free in
    qxl_mode_dumb_create() (bsc#1216965).
  * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
    could be exploited to achieve local privilege escalation (bsc#1215420).
  * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
    (bsc#1216058).
  * CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
    not be adequate for frames larger than the MTU (bsc#1216259).
  * CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649).
  * CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
    (bsc#1216693).
  * CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
    drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
  * CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were
    handled when they were being used to store a surface (bsc#1216527).
  * CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
    Performance Events component (bsc#1216584).
  * CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
    drivers/net/usb/lan78xx.c (bsc#1217068).
  * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
    scatterwalk functionality (bsc#1217332).

The following non-security bugs were fixed:

  * acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
  * acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
  * acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
  * acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
  * alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
  * alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
  * alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
  * alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
  * alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
  * alsa: hda/realtek: add quirks for hp laptops (git-fixes).
  * alsa: hda/realtek: add support dual speaker for dell (git-fixes).
  * alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
  * alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
  * alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-
    fixes).
  * alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
  * alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
  * alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
  * alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
  * alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
  * alsa: info: fix potential deadlock at disconnection (git-fixes).
  * alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices
    (git-fixes).
  * arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
  * arm64: add cortex-a520 cpu part definition (git-fixes)
  * arm64: allow kprobes on el0 handlers (git-fixes)
  * arm64: armv8_deprecated move emulation functions (git-fixes)
  * arm64: armv8_deprecated: fix unused-function error (git-fixes)
  * arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
  * arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
  * arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
  * arm64: consistently pass esr_elx to die() (git-fixes)
  * arm64: die(): pass 'err' as long (git-fixes)
  * arm64: factor insn read out of call_undef_hook() (git-fixes)
  * arm64: factor out el1 ssbs emulation hook (git-fixes)
  * arm64: report el1 undefs better (git-fixes)
  * arm64: rework bti exception handling (git-fixes)
  * arm64: rework el0 mrs emulation (git-fixes)
  * arm64: rework fpac exception handling (git-fixes)
  * arm64: split el0/el1 undef handlers (git-fixes)
  * arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
  * asoc: ams-delta.c: use component after check (git-fixes).
  * asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix
    (git-fixes).
  * asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
  * asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
  * asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
  * asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not
    described (git-fixes).
  * asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
  * asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
  * asoc: rt5650: fix the wrong result of key button (git-fixes).
  * asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
  * asoc: sof: core: ensure sof_ops_free() is still called when probe never ran
    (git-fixes).
  * asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
  * ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
  * atl1c: work around the dma rx overflow issue (git-fixes).
  * atm: iphase: do pci error checks on own line (git-fixes).
  * blk-mq: do not clear driver tags own mapping (bsc#1217366).
  * blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
    (bsc#1217366).
  * bluetooth: add device 0bda:887b to device tables (git-fixes).
  * bluetooth: add device 13d3:3571 to device tables (git-fixes).
  * bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
  * bluetooth: btusb: add date->evt_skb is null check (git-fixes).
  * bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-
    fixes).
  * bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-
    fixes).
  * btrfs: always log symlinks in full mode (bsc#1214840).
  * can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
    accessed out of bounds (git-fixes).
  * can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
  * can: dev: can_restart(): fix race condition between controller restart and
    netif_carrier_on() (git-fixes).
  * can: isotp: add local echo tx processing for consecutive frames (git-fixes).
  * can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
    fixes).
  * can: isotp: fix tx state handling for echo tx processing (git-fixes).
  * can: isotp: handle wait_event_interruptible() return values (git-fixes).
  * can: isotp: isotp_bind(): return -einval on incorrect can id formatting
    (git-fixes).
  * can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-
    fixes).
  * can: isotp: remove re-binding of bound socket (git-fixes).
  * can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
  * can: isotp: set max pdu size to 64 kbyte (git-fixes).
  * can: isotp: split tx timer into transmission and timeout (git-fixes).
  * can: sja1000: fix comment (git-fixes).
  * clk: imx: imx8mq: correct error handling path (git-fixes).
  * clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
  * clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
  * clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
  * clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
  * clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
  * clk: npcm7xx: fix incorrect kfree (git-fixes).
  * clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies
    (git-fixes).
  * clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
  * clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
  * clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-
    fixes).
  * clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-
    fixes).
  * clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
  * clk: sanitize possible_parent_show to handle return value of
    of_clk_get_parent_name (git-fixes).
  * clk: scmi: free scmi_clk allocated when the clocks with invalid info are
    skipped (git-fixes).
  * clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
  * clk: ti: change ti_clk_register_omap_hw api (git-fixes).
  * clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
  * clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
  * clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-
    fixes).
  * clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware
    (git-fixes).
  * clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
  * crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
  * crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
  * crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
  * disable loongson drivers loongson is a mips architecture, it does not make
    sense to build loongson drivers on other architectures.
  * dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-
    fixes).
  * dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-
    fixes).
  * dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
  * dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
  * docs: net: move the probe and open/close sections of driver.rst up
    (bsc#1215458).
  * docs: net: reformat driver.rst from a list to sections (bsc#1215458).
  * docs: net: use c syntax highlight in driver.rst (bsc#1215458).
  * documentation: networking: correct possessive "its" (bsc#1215458).
  * drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-
    fixes).
  * drm/amd/display: avoid null dereference of timing generator (git-fixes).
  * drm/amd/display: change the dmcub mailbox memory location from fb to inbox
    (git-fixes).
  * drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
  * drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
  * drm/amd/display: use full update for clip size increase of large plane
    source (git-fixes).
  * drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
  * drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
  * drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-
    fixes).
  * drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
  * drm/amd: move helper for dynamic speed switch check out of smu13 (git-
    fixes).
  * drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments
    (git-fixes).
  * drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
  * drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
  * drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-
    fixes).
  * drm/amdgpu: do not use atrm for external devices (git-fixes).
  * drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null
    (git-fixes).
  * drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
  * drm/amdgpu: fix potential null pointer derefernce (git-fixes).
  * drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
  * drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
  * drm/amdgpu: remove unnecessary domain argument (git-fixes).
  * drm/amdgpu: reserve fences for vm update (git-fixes).
  * drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
  * drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-
    fixes).
  * drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
  * drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
    (git-fixes).
  * drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in
    drm_bridge_state (git-fixes).
  * drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
  * drm/bridge: lt8912b: fix bridge_detach (git-fixes).
  * drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
  * drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-
    fixes).
  * drm/bridge: lt8912b: register and attach our dsi device at probe (git-
    fixes).
  * drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
  * drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
  * drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-
    fixes).
  * drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
  * drm/bridge: tc358768: clean up clock period code (git-fixes).
  * drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
  * drm/bridge: tc358768: fix bit updates (git-fixes).
  * drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
  * drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
  * drm/bridge: tc358768: print logical values, not raw register values (git-
    fixes).
  * drm/bridge: tc358768: remove unused variable (git-fixes).
  * drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
  * drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
  * drm/bridge: tc358768: use struct videomode (git-fixes).
  * drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-
    fixes).
  * drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
  * drm/gud: use size_add() in call to struct_size() (git-fixes).
  * drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
  * drm/i915: fix potential spectre vulnerability (git-fixes).
  * drm/i915: flush wc ggtt only on required platforms (git-fixes).
  * drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
  * drm/mediatek: fix iommu fault by swapping fbs after updating plane state
    (git-fixes).
  * drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
  * drm/mipi-dsi: create devm device attachment (git-fixes).
  * drm/mipi-dsi: create devm device registration (git-fixes).
  * drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
  * drm/msm/dsi: free tx buffer in unbind (git-fixes).
  * drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
  * drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
    fixes).
  * drm/panel: fix a possible null pointer dereference (git-fixes).
  * drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
  * drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
  * drm/panel: st7703: pick different reset sequence (git-fixes).
  * drm/qxl: prevent memory leak (git-fixes).
  * drm/radeon: fix a possible null pointer dereference (git-fixes).
  * drm/radeon: possible buffer overflow (git-fixes).
  * drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-
    fixes).
  * drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-
    fixes).
  * drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
  * drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-
    fixes).
  * drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-
    fixes).
  * drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
  * drm/ttm: reorder sys manager cleanup step (git-fixes).
  * drm/vc4: fix typo (git-fixes).
  * drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
  * drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
  * drm: bridge: it66121: fix invalid connector dereference (git-fixes).
  * drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
  * drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
  * dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
  * dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
  * ensure ia32_emulation is always enabled for kernel-obs-build if
    ia32_emulation is disabled by default, ensure it is enabled back for obs
    kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the
    parameter, no need to grep through the config which may not be very
    reliable]
  * fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
  * fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
  * fbdev: imsttfb: fix a resource leak in probe (git-fixes).
  * fbdev: imsttfb: fix double free in probe() (git-fixes).
  * fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
  * fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-
    fixes).
  * fbdev: omapfb: drop unused remove function (git-fixes).
  * fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-
    fixes).
  * firewire: core: fix possible memory leak in create_units() (git-fixes).
  * firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-
    fixes).
  * fix termination state for idr_for_each_entry_ul() (git-fixes).
  * fix x86/mm: print the encryption features in hyperv is disabled
  * gpio: mockup: fix kerneldoc (git-fixes).
  * gpio: mockup: remove unused field (git-fixes).
  * gpu: host1x: correct allocated size for contexts (git-fixes).
  * hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
  * hid: cp2112: fix duplicate workqueue initialization (git-fixes).
  * hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
  * hid: hyperv: remove unused struct synthhid_msg (git-fixes).
  * hid: hyperv: replace one-element array with flexible-array member (git-
    fixes).
  * hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround
    (git-fixes).
  * hid: logitech-hidpp: do not restart io, instead defer hid_connect() only
    (git-fixes).
  * hid: logitech-hidpp: move get_wireless_feature_index() check to
    hidpp_connect_event() (git-fixes).
  * hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
  * hid: logitech-hidpp: revert "do not restart communication if not necessary"
    (git-fixes).
  * hv: simplify sysctl registration (git-fixes).
  * hv_netvsc: fix netvsc_send_completion to avoid multiple message length
    checks (git-fixes).
  * hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
  * hv_netvsc: fix race of register_netdevice_notifier and vf register (git-
    fixes).
  * hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
  * hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-
    fixes).
  * i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
  * i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
  * i2c: designware: disable tx_empty irq while waiting for block length byte
    (git-fixes).
  * i2c: dev: copy userspace array safely (git-fixes).
  * i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
    fixes).
  * i2c: iproc: handle invalid slave state (git-fixes).
  * i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
  * i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
  * i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
  * i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
  * i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
  * i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
    fixes).
  * i3c: master: cdns: fix reading status register (git-fixes).
  * i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-
    fixes).
  * i3c: master: svc: fix check wrong status register in irq handler (git-
    fixes).
  * i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
  * i3c: master: svc: fix race condition in ibi work thread (git-fixes).
  * i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-
    fixes).
  * i3c: master: svc: fix wrong data return when ibi happen during start frame
    (git-fixes).
  * i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-
    fixes).
  * i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
  * idpf: add controlq init and reset checks (bsc#1215458).
  * idpf: add core init and interrupt request (bsc#1215458).
  * idpf: add create vport and netdev configuration (bsc#1215458).
  * idpf: add ethtool callbacks (bsc#1215458).
  * idpf: add module register and probe functionality (bsc#1215458).
  * idpf: add ptypes and mac filter support (bsc#1215458).
  * idpf: add rx splitq napi poll support (bsc#1215458).
  * idpf: add singleq start_xmit and napi poll (bsc#1215458).
  * idpf: add splitq start_xmit (bsc#1215458).
  * idpf: add sriov support and other ndo_ops (bsc#1215458).
  * idpf: add tx splitq napi poll support (bsc#1215458).
  * idpf: cancel mailbox work in error path (bsc#1215458).
  * idpf: configure resources for rx queues (bsc#1215458).
  * idpf: configure resources for tx queues (bsc#1215458).
  * idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
  * idpf: initialize interrupts and enable vport (bsc#1215458).
  * idpf: set scheduling mode for completion queue (bsc#1215458).
  * iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-
    fixes).
  * iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds
    (git-fixes).
  * iio: exynos-adc: request second interupt only when touchscreen mode is used
    (git-fixes).
  * input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
    (git-fixes).
  * input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-
    fixes).
  * input: xpad - add vid for turtle beach controllers (git-fixes).
  * irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
  * kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is
    built since sle15-sp3 but it is not shipped as part of any sle product, only
    in leap (in kernel-*-optional).
  * kernel-binary: suse-module-tools is also required when installed
    requires(pre) adds dependency for the specific sciptlet. however, suse-
    module-tools also ships modprobe.d files which may be needed at posttrans
    time or any time the kernel is on the system for generating ramdisk. add
    plain requires as well.
  * kernel-source: move provides after sources
  * kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
  * leds: pwm: do not disable the pwm when the led should be off (git-fixes).
  * leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu'
    (git-fixes).
  * leds: turris-omnia: do not use smbus calls (git-fixes).
  * lsm: fix default return value for inode_getsecctx (git-fixes).
  * lsm: fix default return value for vm_enough_memory (git-fixes).
  * media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
  * media: ccs: correctly initialise try compose rectangle (git-fixes).
  * media: ccs: fix driver quirk struct documentation (git-fixes).
  * media: cedrus: fix clock/reset sequence (git-fixes).
  * media: cobalt: use field_get() to extract link width (git-fixes).
  * media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
  * media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
  * media: imon: fix access to invalid resource for the second interface (git-
    fixes).
  * media: lirc: drop trailing space from scancode transmit (git-fixes).
  * media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
  * media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
  * media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
  * media: qcom: camss: fix vfe_get() error jump (git-fixes).
  * media: sharp: fix sharp encoding (git-fixes).
  * media: siano: drop unnecessary error check for debugfs_create_dir/file()
    (git-fixes).
  * media: venus: hfi: add checks to handle capabilities from firmware (git-
    fixes).
  * media: venus: hfi: add checks to perform sanity on queue pointers (git-
    fixes).
  * media: venus: hfi: fix the check to handle session buffer requirement (git-
    fixes).
  * media: venus: hfi_parser: add check to keep the number of codecs within
    range (git-fixes).
  * media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
  * media: vidtv: psi: add check for kstrdup (git-fixes).
  * media: vivid: avoid integer overflow (git-fixes).
  * mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-
    fixes).
  * mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
  * mfd: dln2: fix double put in dln2_probe (git-fixes).
  * misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
  * misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-
    fixes).
  * mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237,
    git-fixes).
  * mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
  * mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
  * mmc: block: retry commands in cqe error recovery (git-fixes).
  * mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
  * mmc: cqhci: increase recovery halt timeout (git-fixes).
  * mmc: cqhci: warn of halt or task clear failure (git-fixes).
  * mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
  * mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-
    fixes).
  * mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-
    fixes).
  * mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
  * mmc: vub300: fix an error code (git-fixes).
  * modpost: fix tee module_device_table built on big-endian host (git-fixes).
  * mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
  * mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
  * mtd: rawnand: arasan: include ecc syndrome along with in-band data while
    checking for ecc failure (git-fixes).
  * net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
  * net: add macro netif_subqueue_completed_wake (bsc#1215458).
  * net: avoid address overwrite in kernel_connect (bsc#1216861).
  * net: fix use-after-free in tw_timer_handler (bsc#1217195).
  * net: ieee802154: adf7242: fix some potential buffer overflow in
    adf7242_stats_show() (git-fixes).
  * net: mana: fix return type of mana_start_xmit() (git-fixes).
  * net: piggy back on the memory barrier in bql when waking queues
    (bsc#1215458).
  * net: provide macros for commonly copied lockless queue stop/wake code
    (bsc#1215458).
  * net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
    fixes).
  * net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-
    fixes).
  * nfs: fix access to page->mapping (bsc#1216788).
  * nvme: update firmware version after commit (bsc#1215292).
  * pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
  * pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
  * pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
  * pci: extract ats disabling to a helper function (bsc#1215458).
  * pci: exynos: do not discard .remove() callback (git-fixes).
  * pci: keystone: do not discard .probe() callback (git-fixes).
  * pci: keystone: do not discard .remove() callback (git-fixes).
  * pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-
    fixes).
  * pci: tegra194: use field_get()/field_prep() with link width fields (git-
    fixes).
  * pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
  * pci: use field_get() to extract link width (git-fixes).
  * pci: vmd: correct pci header type register's multi-function check (git-
    fixes).
  * pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
  * pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
    (git-fixes).
  * pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
  * pinctrl: avoid reload of p state in list iteration (git-fixes).
  * platform/x86/intel-uncore-freq: return error on write frequency
    (bsc#1217147).
  * platform/x86/intel-uncore-freq: split common and enumeration part
    (bsc#1217147).
  * platform/x86/intel-uncore-freq: support for cluster level controls
    (bsc#1217147).
  * platform/x86/intel-uncore-freq: tpmi: provide cluster level control
    (bsc#1217147).
  * platform/x86/intel-uncore-freq: uncore frequency control via tpmi
    (bsc#1217147).
  * platform/x86/intel/tpmi: add tpmi external interface for tpmi feature
    drivers (bsc#1217147).
  * platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
  * platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
  * platform/x86/intel/uncore-freq: display uncore current frequency
    (bsc#1217147).
  * platform/x86/intel/uncore-freq: move to uncore-frequency folder
    (bsc#1217147).
  * platform/x86/intel/uncore-freq: use sysfs api to create attributes
    (bsc#1217147).
  * platform/x86/intel/vsec: add tpmi id (bsc#1217147).
  * platform/x86/intel/vsec: enhance and export intel_vsec_add_aux()
    (bsc#1217147).
  * platform/x86/intel/vsec: support private data (bsc#1217147).
  * platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free()
    (bsc#1217147).
  * platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
  * platform/x86/intel: tpmi: fix double free in tpmi_create_device()
    (bsc#1217147).
  * platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
  * platform/x86: intel-uncore-freq: conditionally create attribute for read
    frequency (bsc#1217147).
  * platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes
    (bsc#1217147).
  * platform/x86: intel-uncore-freq: prevent driver loading in guests
    (bsc#1217147).
  * platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf()
    (bsc#1217147).
  * platform/x86: intel-uncore-frequency: move to intel sub-directory
    (bsc#1217147).
  * platform/x86: intel-uncore-frequency: use default_groups in kobj_type
    (bsc#1217147).
  * platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-
    fixes).
  * platform/x86: wmi: fix opening of char device (git-fixes).
  * platform/x86: wmi: fix probe failure when failing to register wmi devices
    (git-fixes).
  * platform/x86: wmi: remove unnecessary initializations (git-fixes).
  * pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
  * pm: hibernate: use __get_safe_page() rather than touching the list (git-
    fixes).
  * powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
  * powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687
    ltc#203927).
  * powerpc: do not clobber f0/vs0 during fp|altivec register save
    (bsc#1217780).
  * pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
  * pwm: fix double shift bug (git-fixes).
  * pwm: sti: reduce number of allocations and drop usage of chip_data (git-
    fixes).
  * quota: fix slow quotaoff (bsc#1216621).
  * r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
  * r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
  * r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
  * r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
  * r8152: release firmware if we have an error in probe (git-fixes).
  * r8152: run the unload routine if we have errors during probe (git-fixes).
  * regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
  * regmap: ensure range selector registers are updated after cache sync (git-
    fixes).
  * regmap: prevent noinc writes from clobbering cache (git-fixes).
  * revert "i2c: pxa: move to generic gpio recovery" (git-fixes).
  * revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes).
  * revert "tracing: fix warning in trace_buffered_event_disable()"
    (bsc#1217036)
  * revert amdgpu patches that caused a regression (bsc#1215802)
  * rpm/check-for-config-changes: add as_wruss to ignored_configs_re add
    as_wruss as an ignored_configs_re entry in check-for-config-changes to fix
    build on x86_32. there was a fix submitted to upstream but it was not
    accepted:
    https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/
    so carry this in ignored_configs_re instead.
  * rpm/check-for-config-changes: add have_shadow_call_stack to
    ignored_configs_re not supported by our compiler.
  * rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
  * run scripts/renamepatches for sle15-sp4
  * s390/ap: fix ap bus crash on early config change callback invocation (git-
    fixes bsc#1217687).
  * s390/cio: unregister device when the only path is gone (git-fixes
    bsc#1217609).
  * s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
  * s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997
    bsc#1217086).
  * s390/cmma: fix initial kernel address space page table walk (ltc#203997
    bsc#1217086).
  * s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
  * s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629
    bsc#1215124).
  * s390/dasd: protect device queue against concurrent access (git-fixes
    bsc#1217515).
  * s390/dasd: use correct number of retries for erp requests (git-fixes
    bsc#1217598).
  * s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes
    bsc#1217511).
  * s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
    (bsc#1214976 git-fixes).
  * s390/mm: add missing arch_set_page_dat() call to gmap allocations
    (ltc#203997 bsc#1217086).
  * s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
    (ltc#203997 bsc#1217086).
  * s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
  * s390/ptrace: fix ptrace_get_last_break error handling (git-fixes
    bsc#1217599).
  * sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
  * sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
  * sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
  * scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
  * scsi: lpfc: correct maximum pci function value for ras fw logging
    (bsc#1217731).
  * scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
    (bsc#1217731).
  * scsi: lpfc: enhance driver logging for selected discovery events
    (bsc#1217731).
  * scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi()
    (bsc#1217731).
  * scsi: lpfc: fix possible file string name overflow when updating firmware
    (bsc#1217731).
  * scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
  * scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
  * scsi: lpfc: reject received prlis with only initiator fcn role for npiv
    ports (bsc#1217124).
  * scsi: lpfc: remove unnecessary zero return code assignment in
    lpfc_sli4_hba_setup (bsc#1217124).
  * scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading
    (bsc#1217731).
  * scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci
    offline (bsc#1217124).
  * scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
  * scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
  * scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
  * scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
  * scsi: qla2xxx: use field_get() to extract pcie capability fields (git-
    fixes).
  * selftests/efivarfs: create-read: fix a resource leak (git-fixes).
  * selftests/pidfd: fix ksft print formats (git-fixes).
  * selftests/resctrl: ensure the benchmark commands fits to its array (git-
    fixes).
  * selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-
    fixes).
  * selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
  * seq_buf: fix a misleading comment (git-fixes).
  * serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial
    cards" (git-fixes).
  * serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
  * soc: qcom: llcc: handle a second device without data corruption (git-fixes).
  * spi: nxp-fspi: use the correct ioremap function (git-fixes).
  * spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
  * spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
  * staging: media: ipu3: remove ftrace-like logging (git-fixes).
  * string.h: add array-wrappers for (v)memdup_user() (git-fixes).
  * supported.conf: marked idpf supported
  * thermal: core: prevent potential string overflow (git-fixes).
  * treewide: spelling fix in comment (git-fixes).
  * tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
  * tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
  * tty: 8250: add support for additional brainboxes px cards (git-fixes).
  * tty: 8250: add support for additional brainboxes uc cards (git-fixes).
  * tty: 8250: add support for brainboxes up cards (git-fixes).
  * tty: 8250: add support for intashield is-100 (git-fixes).
  * tty: 8250: add support for intashield ix cards (git-fixes).
  * tty: 8250: fix port count of px-257 (git-fixes).
  * tty: 8250: fix up px-803/px-857 (git-fixes).
  * tty: 8250: remove uc-257 and uc-431 (git-fixes).
  * tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
  * tty: n_gsm: fix race condition in status line change on dead connections
    (git-fixes).
  * tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
  * tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
  * tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
  * update ath11k hibernation fix patch set (bsc#1207948)
  * update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-
    unknown (bsc#1214976 git-fixes).
  * usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
  * usb: chipidea: fix dma overwrite for tegra (git-fixes).
  * usb: chipidea: simplify tegra dma alignment code (git-fixes).
  * usb: dwc2: fix possible null pointer dereference caused by driver
    concurrency (git-fixes).
  * usb: dwc2: write hcint with intmask applied (bsc#1214286).
  * usb: dwc3: fix default mode initialization (git-fixes).
  * usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
  * usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
  * usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
  * usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
  * usb: dwc3: set the dma max_seg_size (git-fixes).
  * usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
  * usb: raw-gadget: properly handle interrupted requests (git-fixes).
  * usb: serial: option: add fibocom l7xx modules (git-fixes).
  * usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
  * usb: serial: option: fix fm101r-gl defines (git-fixes).
  * usb: storage: set 1.50 as the lower bcddevice for older "super top"
    compatibility (git-fixes).
  * usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-
    fixes).
  * usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
  * usb: usbip: fix stub_dev hub disconnect (git-fixes).
  * virtchnl: add virtchnl version 2 ops (bsc#1215458).
  * wifi: ath10k: do not touch the ce interrupt registers after power up (git-
    fixes).
  * wifi: ath10k: fix clang-specific fortify warning (git-fixes).
  * wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
  * wifi: ath11k: fix dfs radar event locking (git-fixes).
  * wifi: ath11k: fix gtk offload status event locking (git-fixes).
  * wifi: ath11k: fix htt pktlog locking (git-fixes).
  * wifi: ath11k: fix temperature event locking (git-fixes).
  * wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
  * wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
    fixes).
  * wifi: iwlwifi: empty overflow queue during flush (git-fixes).
  * wifi: iwlwifi: honor the enable_ini value (git-fixes).
  * wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
  * wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
  * wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
    fixes).
  * wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
  * wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
  * wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
  * wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file()
    (git-fixes).
  * x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
  * x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
  * x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
  * x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-
    fixes).
  * x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
  * x86/hyperv: fix a warning in mshyperv.h (git-fixes).
  * x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
  * x86/hyperv: make hv_get_nmi_reason public (git-fixes).
  * x86/sev: do not try to parse for the cc blob on non-amd hardware (git-
    fixes).
  * x86/sev: fix calculation of end address based on number of pages (git-
    fixes).
  * x86/sev: use the ghcb protocol when available for snp cpuid requests (git-
    fixes).
  * x86: move gds_ucode_mitigated() declaration to header (git-fixes).
  * xfs: add attr state machine tracepoints (git-fixes).
  * xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
  * xfs: constify btree function parameters that are not modified (git-fixes).
  * xfs: convert agf log flags to unsigned (git-fixes).
  * xfs: convert agi log flags to unsigned (git-fixes).
  * xfs: convert attr type flags to unsigned (git-fixes).
  * xfs: convert bmap extent type flags to unsigned (git-fixes).
  * xfs: convert bmapi flags to unsigned (git-fixes).
  * xfs: convert btree buffer log flags to unsigned (git-fixes).
  * xfs: convert buffer flags to unsigned (git-fixes).
  * xfs: convert buffer log item flags to unsigned (git-fixes).
  * xfs: convert da btree operations flags to unsigned (git-fixes).
  * xfs: convert dquot flags to unsigned (git-fixes).
  * xfs: convert inode lock flags to unsigned (git-fixes).
  * xfs: convert log item tracepoint flags to unsigned (git-fixes).
  * xfs: convert log ticket and iclog flags to unsigned (git-fixes).
  * xfs: convert quota options flags to unsigned (git-fixes).
  * xfs: convert scrub type flags to unsigned (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
    (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
  * xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
  * xfs: make the key parameters to all btree key comparison functions const
    (git-fixes).
  * xfs: make the key parameters to all btree query range functions const (git-
    fixes).
  * xfs: make the keys and records passed to btree inorder functions const (git-
    fixes).
  * xfs: make the pointer passed to btree set_root functions const (git-fixes).
  * xfs: make the start pointer passed to btree alloc_block functions const
    (git-fixes).
  * xfs: make the start pointer passed to btree update_lastrec functions const
    (git-fixes).
  * xfs: mark the record passed into btree init_key functions as const (git-
    fixes).
  * xfs: mark the record passed into xchk_btree functions as const (git-fixes).
  * xfs: remove xfs_btree_cur_t typedef (git-fixes).
  * xfs: rename i_disk_size fields in ftrace output (git-fixes).
  * xfs: resolve fork names in trace output (git-fixes).
  * xfs: standardize ag block number formatting in ftrace output (git-fixes).
  * xfs: standardize ag number formatting in ftrace output (git-fixes).
  * xfs: standardize daddr formatting in ftrace output (git-fixes).
  * xfs: standardize inode generation formatting in ftrace output (git-fixes).
  * xfs: standardize inode number formatting in ftrace output (git-fixes).
  * xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
  * xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
  * xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
  * xhci: enable rpm on controllers that support low-power states (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.5  
    zypper in -t patch SUSE-2023-4732=1 openSUSE-SLE-15.5-2023-4732=1

  * SUSE Linux Enterprise Micro 5.5  
    zypper in -t patch SUSE-SLE-Micro-5.5-2023-4732=1

  * SUSE Linux Enterprise Live Patching 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4732=1

  * SUSE Real Time Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4732=1

## Package List:

  * openSUSE Leap 15.5 (noarch)
    * kernel-source-rt-5.14.21-150500.13.27.2
    * kernel-devel-rt-5.14.21-150500.13.27.2
  * openSUSE Leap 15.5 (x86_64)
    * kernel-rt-optional-5.14.21-150500.13.27.2
    * kernel-rt_debug-vdso-5.14.21-150500.13.27.2
    * dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2
    * reiserfs-kmp-rt-5.14.21-150500.13.27.2
    * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-vdso-5.14.21-150500.13.27.2
    * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * gfs2-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2
    * cluster-md-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt_debug-devel-5.14.21-150500.13.27.2
    * kernel-rt-extra-5.14.21-150500.13.27.2
    * dlm-kmp-rt-5.14.21-150500.13.27.2
    * kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2
    * kernel-rt-extra-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-livepatch-devel-5.14.21-150500.13.27.2
    * kernel-rt-optional-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.27.2
    * kernel-rt_debug-debugsource-5.14.21-150500.13.27.2
    * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2
    * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-devel-5.14.21-150500.13.27.2
    * ocfs2-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt-debugsource-5.14.21-150500.13.27.2
    * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-syms-rt-5.14.21-150500.13.27.1
    * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2
    * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2
    * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2
    * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-livepatch-5.14.21-150500.13.27.2
    * kselftests-kmp-rt-5.14.21-150500.13.27.2
  * openSUSE Leap 15.5 (nosrc x86_64)
    * kernel-rt_debug-5.14.21-150500.13.27.2
    * kernel-rt-5.14.21-150500.13.27.2
  * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
    * kernel-rt-5.14.21-150500.13.27.2
  * SUSE Linux Enterprise Micro 5.5 (x86_64)
    * kernel-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-debugsource-5.14.21-150500.13.27.2
  * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
    * kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2
    * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2
    * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2
  * SUSE Real Time Module 15-SP5 (x86_64)
    * kernel-rt_debug-vdso-5.14.21-150500.13.27.2
    * dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2
    * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-vdso-5.14.21-150500.13.27.2
    * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * gfs2-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2
    * cluster-md-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt_debug-devel-5.14.21-150500.13.27.2
    * dlm-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt_debug-debugsource-5.14.21-150500.13.27.2
    * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2
    * kernel-rt-debuginfo-5.14.21-150500.13.27.2
    * ocfs2-kmp-rt-5.14.21-150500.13.27.2
    * kernel-rt-devel-5.14.21-150500.13.27.2
    * kernel-rt-debugsource-5.14.21-150500.13.27.2
    * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
    * kernel-syms-rt-5.14.21-150500.13.27.1
    * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2
  * SUSE Real Time Module 15-SP5 (noarch)
    * kernel-source-rt-5.14.21-150500.13.27.2
    * kernel-devel-rt-5.14.21-150500.13.27.2
  * SUSE Real Time Module 15-SP5 (nosrc x86_64)
    * kernel-rt_debug-5.14.21-150500.13.27.2
    * kernel-rt-5.14.21-150500.13.27.2

## References:

  * https://www.suse.com/security/cve/CVE-2023-2006.html
  * https://www.suse.com/security/cve/CVE-2023-25775.html
  * https://www.suse.com/security/cve/CVE-2023-3777.html
  * https://www.suse.com/security/cve/CVE-2023-39197.html
  * https://www.suse.com/security/cve/CVE-2023-39198.html
  * https://www.suse.com/security/cve/CVE-2023-4244.html
  * https://www.suse.com/security/cve/CVE-2023-45863.html
  * https://www.suse.com/security/cve/CVE-2023-45871.html
  * https://www.suse.com/security/cve/CVE-2023-46813.html
  * https://www.suse.com/security/cve/CVE-2023-46862.html
  * https://www.suse.com/security/cve/CVE-2023-5158.html
  * https://www.suse.com/security/cve/CVE-2023-5633.html
  * https://www.suse.com/security/cve/CVE-2023-5717.html
  * https://www.suse.com/security/cve/CVE-2023-6039.html
  * https://www.suse.com/security/cve/CVE-2023-6176.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1207948
  * https://bugzilla.suse.com/show_bug.cgi?id=1210447
  * https://bugzilla.suse.com/show_bug.cgi?id=1212649
  * https://bugzilla.suse.com/show_bug.cgi?id=1214286
  * https://bugzilla.suse.com/show_bug.cgi?id=1214700
  * https://bugzilla.suse.com/show_bug.cgi?id=1214840
  * https://bugzilla.suse.com/show_bug.cgi?id=1214976
  * https://bugzilla.suse.com/show_bug.cgi?id=1215095
  * https://bugzilla.suse.com/show_bug.cgi?id=1215123
  * https://bugzilla.suse.com/show_bug.cgi?id=1215124
  * https://bugzilla.suse.com/show_bug.cgi?id=1215292
  * https://bugzilla.suse.com/show_bug.cgi?id=1215420
  * https://bugzilla.suse.com/show_bug.cgi?id=1215458
  * https://bugzilla.suse.com/show_bug.cgi?id=1215710
  * https://bugzilla.suse.com/show_bug.cgi?id=1215802
  * https://bugzilla.suse.com/show_bug.cgi?id=1215931
  * https://bugzilla.suse.com/show_bug.cgi?id=1216058
  * https://bugzilla.suse.com/show_bug.cgi?id=1216105
  * https://bugzilla.suse.com/show_bug.cgi?id=1216259
  * https://bugzilla.suse.com/show_bug.cgi?id=1216527
  * https://bugzilla.suse.com/show_bug.cgi?id=1216584
  * https://bugzilla.suse.com/show_bug.cgi?id=1216621
  * https://bugzilla.suse.com/show_bug.cgi?id=1216687
  * https://bugzilla.suse.com/show_bug.cgi?id=1216693
  * https://bugzilla.suse.com/show_bug.cgi?id=1216759
  * https://bugzilla.suse.com/show_bug.cgi?id=1216761
  * https://bugzilla.suse.com/show_bug.cgi?id=1216788
  * https://bugzilla.suse.com/show_bug.cgi?id=1216844
  * https://bugzilla.suse.com/show_bug.cgi?id=1216861
  * https://bugzilla.suse.com/show_bug.cgi?id=1216909
  * https://bugzilla.suse.com/show_bug.cgi?id=1216959
  * https://bugzilla.suse.com/show_bug.cgi?id=1216965
  * https://bugzilla.suse.com/show_bug.cgi?id=1216976
  * https://bugzilla.suse.com/show_bug.cgi?id=1217036
  * https://bugzilla.suse.com/show_bug.cgi?id=1217068
  * https://bugzilla.suse.com/show_bug.cgi?id=1217086
  * https://bugzilla.suse.com/show_bug.cgi?id=1217095
  * https://bugzilla.suse.com/show_bug.cgi?id=1217124
  * https://bugzilla.suse.com/show_bug.cgi?id=1217140
  * https://bugzilla.suse.com/show_bug.cgi?id=1217147
  * https://bugzilla.suse.com/show_bug.cgi?id=1217195
  * https://bugzilla.suse.com/show_bug.cgi?id=1217196
  * https://bugzilla.suse.com/show_bug.cgi?id=1217200
  * https://bugzilla.suse.com/show_bug.cgi?id=1217205
  * https://bugzilla.suse.com/show_bug.cgi?id=1217332
  * https://bugzilla.suse.com/show_bug.cgi?id=1217366
  * https://bugzilla.suse.com/show_bug.cgi?id=1217511
  * https://bugzilla.suse.com/show_bug.cgi?id=1217515
  * https://bugzilla.suse.com/show_bug.cgi?id=1217598
  * https://bugzilla.suse.com/show_bug.cgi?id=1217599
  * https://bugzilla.suse.com/show_bug.cgi?id=1217609
  * https://bugzilla.suse.com/show_bug.cgi?id=1217687
  * https://bugzilla.suse.com/show_bug.cgi?id=1217731
  * https://bugzilla.suse.com/show_bug.cgi?id=1217780
  * https://jira.suse.com/login.jsp
  * https://jira.suse.com/login.jsp
  * https://jira.suse.com/login.jsp

openSUSE: 2023:4732-1: important: the Linux Kernel Security Advisory Update

December 12, 2023
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes

Description

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). * CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). * CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). * CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). * CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). * CVE-2023-45871: Fixed an issue in ...

Read the Full Advisory

 

Patch

## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4732=1 openSUSE-SLE-15.5-2023-4732=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4732=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4732=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4732=1


Package List

* openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.27.2 * kernel-devel-rt-5.14.21-150500.13.27.2 * openSUSE Leap 15.5 (x86_64) * kernel-rt-optional-5.14.21-150500.13.27.2 * kernel-rt_debug-vdso-5.14.21-150500.13.27.2 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2 * reiserfs-kmp-rt-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-vdso-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * gfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-5.14.21-150500.13.27.2 * kernel-rt-extra-5.14.21-150500.13.27.2 * dlm-kmp-rt-5.14.21-150500.13.27.2 * kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2 * kernel-rt-extra-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-livepatch-devel-5.14.21-150500.13.27.2 * kernel-rt-optional-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.27.2 * kernel-rt_debug-debugsource-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-devel-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-debugsource-5.14.21-150500.13.27.2 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-syms-rt-5.14.21-150500.13.27.1 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-livepatch-5.14.21-150500.13.27.2 * kselftests-kmp-rt-5.14.21-150500.13.27.2 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.27.2 * kernel-rt-5.14.21-150500.13.27.2 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.27.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-debugsource-5.14.21-150500.13.27.2 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2 * kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2 * kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2 * SUSE Real Time Module 15-SP5 (x86_64) * kernel-rt_debug-vdso-5.14.21-150500.13.27.2 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-vdso-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * gfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2 * cluster-md-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-5.14.21-150500.13.27.2 * dlm-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2 * kernel-rt_debug-debugsource-5.14.21-150500.13.27.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2 * kernel-rt-debuginfo-5.14.21-150500.13.27.2 * ocfs2-kmp-rt-5.14.21-150500.13.27.2 * kernel-rt-devel-5.14.21-150500.13.27.2 * kernel-rt-debugsource-5.14.21-150500.13.27.2 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2 * kernel-syms-rt-5.14.21-150500.13.27.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.27.2 * kernel-devel-rt-5.14.21-150500.13.27.2 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.27.2 * kernel-rt-5.14.21-150500.13.27.2


References

* bsc#1207948 * bsc#1210447 * bsc#1212649 * bsc#1214286 * bsc#1214700 * bsc#1214840 * bsc#1214976 * bsc#1215095 * bsc#1215123 * bsc#1215124 * bsc#1215292 * bsc#1215420 * bsc#1215458 * bsc#1215710 * bsc#1215802 * bsc#1215931 * bsc#1216058 * bsc#1216105 * bsc#1216259 * bsc#1216527 * bsc#1216584 * bsc#1216621 * bsc#1216687 * bsc#1216693 * bsc#1216759 * bsc#1216761 * bsc#1216788 * bsc#1216844 * bsc#1216861 * bsc#1216909 * bsc#1216959 * bsc#1216965 * bsc#1216976 * bsc#1217036 * bsc#1217068 * bsc#1217086 * bsc#1217095 * bsc#1217124 * bsc#1217140 * bsc#1217147 * bsc#1217195 * bsc#1217196 * bsc#1217200 * bsc#1217205 * bsc#1217332 * bsc#1217366 * bsc#1217511 * bsc#1217515 * bsc#1217598 * bsc#1217599 * bsc#1217609 * bsc#1217687 * bsc#1217731 * bsc#1217780 * jsc#PED-3184 * jsc#PED-5021 * jsc#PED-7237 ## References: * https://www.suse.com/security/cve/CVE-2023-2006.html * https://www.suse.com/security/cve/CVE-2023-25775.html * https://www.suse.com/security/cve/CVE-2023-3777.html * https://www.suse.com/security/cve/CVE-2023-39197.html * https://www.suse.com/security/cve/CVE-2023-39198.html * https://www.suse.com/security/cve/CVE-2023-4244.html * https://www.suse.com/security/cve/CVE-2023-45863.html * https://www.suse.com/security/cve/CVE-2023-45871.html * https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-46862.html * https://www.suse.com/security/cve/CVE-2023-5158.html * https://www.suse.com/security/cve/CVE-2023-5633.html * https://www.suse.com/security/cve/CVE-2023-5717.html * https://www.suse.com/security/cve/CVE-2023-6039.html * https://www.suse.com/security/cve/CVE-2023-6176.html * https://bugzilla.suse.com/show_bug.cgi?id=1207948 * https://bugzilla.suse.com/show_bug.cgi?id=1210447 * https://bugzilla.suse.com/show_bug.cgi?id=1212649 * https://bugzilla.suse.com/show_bug.cgi?id=1214286 * https://bugzilla.suse.com/show_bug.cgi?id=1214700 * https://bugzilla.suse.com/show_bug.cgi?id=1214840 * https://bugzilla.suse.com/show_bug.cgi?id=1214976 * https://bugzilla.suse.com/show_bug.cgi?id=1215095 * https://bugzilla.suse.com/show_bug.cgi?id=1215123 * https://bugzilla.suse.com/show_bug.cgi?id=1215124 * https://bugzilla.suse.com/show_bug.cgi?id=1215292 * https://bugzilla.suse.com/show_bug.cgi?id=1215420 * https://bugzilla.suse.com/show_bug.cgi?id=1215458 * https://bugzilla.suse.com/show_bug.cgi?id=1215710 * https://bugzilla.suse.com/show_bug.cgi?id=1215802 * https://bugzilla.suse.com/show_bug.cgi?id=1215931 * https://bugzilla.suse.com/show_bug.cgi?id=1216058 * https://bugzilla.suse.com/show_bug.cgi?id=1216105 * https://bugzilla.suse.com/show_bug.cgi?id=1216259 * https://bugzilla.suse.com/show_bug.cgi?id=1216527 * https://bugzilla.suse.com/show_bug.cgi?id=1216584 * https://bugzilla.suse.com/show_bug.cgi?id=1216621 * https://bugzilla.suse.com/show_bug.cgi?id=1216687 * https://bugzilla.suse.com/show_bug.cgi?id=1216693 * https://bugzilla.suse.com/show_bug.cgi?id=1216759 * https://bugzilla.suse.com/show_bug.cgi?id=1216761 * https://bugzilla.suse.com/show_bug.cgi?id=1216788 * https://bugzilla.suse.com/show_bug.cgi?id=1216844 * https://bugzilla.suse.com/show_bug.cgi?id=1216861 * https://bugzilla.suse.com/show_bug.cgi?id=1216909 * https://bugzilla.suse.com/show_bug.cgi?id=1216959 * https://bugzilla.suse.com/show_bug.cgi?id=1216965 * https://bugzilla.suse.com/show_bug.cgi?id=1216976 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217068 * https://bugzilla.suse.com/show_bug.cgi?id=1217086 * https://bugzilla.suse.com/show_bug.cgi?id=1217095 * https://bugzilla.suse.com/show_bug.cgi?id=1217124 * https://bugzilla.suse.com/show_bug.cgi?id=1217140 * https://bugzilla.suse.com/show_bug.cgi?id=1217147 * https://bugzilla.suse.com/show_bug.cgi?id=1217195 * https://bugzilla.suse.com/show_bug.cgi?id=1217196 * https://bugzilla.suse.com/show_bug.cgi?id=1217200 * https://bugzilla.suse.com/show_bug.cgi?id=1217205 * https://bugzilla.suse.com/show_bug.cgi?id=1217332 * https://bugzilla.suse.com/show_bug.cgi?id=1217366 * https://bugzilla.suse.com/show_bug.cgi?id=1217511 * https://bugzilla.suse.com/show_bug.cgi?id=1217515 * https://bugzilla.suse.com/show_bug.cgi?id=1217598 * https://bugzilla.suse.com/show_bug.cgi?id=1217599 * https://bugzilla.suse.com/show_bug.cgi?id=1217609 * https://bugzilla.suse.com/show_bug.cgi?id=1217687 * https://bugzilla.suse.com/show_bug.cgi?id=1217731 * https://bugzilla.suse.com/show_bug.cgi?id=1217780 * https://jira.suse.com/login.jsp * https://jira.suse.com/login.jsp * https://jira.suse.com/login.jsp


Severity
Announcement ID: SUSE-SU-2023:4732-1
Rating: important

Related News