

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4057-1  
Rating: important  
References:

  * #1202845
  * #1213772
  * #1213808
  * #1214928
  * #1214943
  * #1214944
  * #1214950
  * #1214951
  * #1214954
  * #1214957
  * #1214986
  * #1214988
  * #1214992
  * #1214993
  * #1215322
  * #1215523
  * #1215877
  * #1215894
  * #1215895
  * #1215896
  * #1215911
  * #1215915
  * #1215916

  
Cross-References:

  * CVE-2023-1192
  * CVE-2023-1206
  * CVE-2023-1859
  * CVE-2023-2177
  * CVE-2023-37453
  * CVE-2023-39192
  * CVE-2023-39193
  * CVE-2023-39194
  * CVE-2023-4155
  * CVE-2023-42753
  * CVE-2023-42754
  * CVE-2023-4389
  * CVE-2023-4563
  * CVE-2023-4622
  * CVE-2023-4623
  * CVE-2023-4881
  * CVE-2023-4921
  * CVE-2023-5345

  
CVSS scores:

  * CVE-2023-1192 ( SUSE ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1206 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1206 ( NVD ):  5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1859 ( SUSE ):  1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-1859 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2177 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2177 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-37453 ( SUSE ):  4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-37453 ( NVD ):  4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-39192 ( SUSE ):  6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-39192 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
  * CVE-2023-39193 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-39193 ( NVD ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-39194 ( SUSE ):  3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
  * CVE-2023-39194 ( NVD ):  3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
  * CVE-2023-4155 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-4155 ( NVD ):  5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-42753 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-42754 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-42754 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4389 ( SUSE ):  5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
  * CVE-2023-4389 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4563 ( SUSE ):  0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
  * CVE-2023-4622 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4622 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4623 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4623 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4881 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-4881 ( NVD ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-4921 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4921 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-5345 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-5345 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * Public Cloud Module 15-SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves 18 vulnerabilities and has five security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component.
    This vulnerability could allow a local attacker to crash the system or lead
    to a kernel information leak problem. (bsc#1214727)
  * CVE-2023-39194: Fixed a flaw in the processing of state filters which could
    allow a local attackers to disclose sensitive information. (bsc#1215861)
  * CVE-2023-39193: Fixed a flaw in the processing of state filters which could
    allow a local attackers to disclose sensitive information. (bsc#1215860)
  * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow
    a local attackers to disclose sensitive information. (bsc#1215858)
  * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which
    could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
  * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client
    component which could be exploited to achieve local privilege escalation.
    (bsc#1215899)
  * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization
    (SEV). An attacker can trigger a stack overflow and cause a denial of
    service or potentially guest-to-host escape in kernel configurations without
    stack guard pages. (bsc#1214022)
  * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that
    could be exploited in order to leak internal kernel information or crash the
    system (bsc#1214351).
  * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter
    subsystem. This issue may have allowed a local user to crash the system or
    potentially escalate their privileges (bsc#1215150).
  * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
    table. A user located in the local network or with a high bandwidth
    connection can increase the CPU usage of the server that accepts IPV6
    connections up to 95% (bsc#1212703).
  * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
    scheduler which could be exploited to achieve local privilege escalatio
    (bsc#1215275).
  * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
  * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
    sockets component which could be exploited to achieve local privilege
    escalation (bsc#1215117).
  * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
    which could be exploited to achieve local privilege escalation
    (bsc#1215115).
  * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
    could be exploited to crash the system (bsc#1210169).
  * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
    that could lead to potential information disclosure or a denial of service
    (bsc#1215221).
  * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network
    protocol which could allow a user to crash the system (bsc#1210643).
  * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
    (bsc#1208995).

The following non-security bugs were fixed:

  * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-
    fixes).
  * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-
    fixes).
  * ARM: pxa: remove use of symbol_get() (git-fixes).
  * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-
    fixes).
  * arm64: module-plts: inline linux/moduleloader.h (git-fixes)
  * arm64: module: Use module_init_layout_section() to spot init sections (git-
    fixes)
  * arm64: sdei: abort running SDEI handlers during crash (git-fixes)
  * arm64: tegra: Update AHUB clock parent and rate (git-fixes)
  * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-
    fixes)
  * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
  * ASoC: meson: spdifin: start hw on dai probe (git-fixes).
  * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
  * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
  * ata: libata: disallow dev-initiated LPM transitions to unsupported states
    (git-fixes).
  * ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
  * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
  * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
  * backlight: gpio_backlight: Drop output GPIO direction check for initial
    power state (git-fixes).
  * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
  * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
    (bsc#1214992).
  * block/mq-deadline: use correct way to throttling write requests
    (bsc#1214993).
  * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
    condition (git-fixes).
  * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
  * bpf: Clear the probe_addr for uprobe (git-fixes).
  * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
  * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
  * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
  * drm/amd/display: prevent potential division by zero errors (git-fixes).
  * drm/display: Do not assume dual mode adaptors support i2c sub-addressing
    (bsc#1213808).
  * drm/i915: mark requests for GuC virtual engines to avoid use-after-free
    (git-fixes).
  * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
  * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
  * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
    (git-fixes).
  * ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
  * ext4: correct inline offset when handling xattrs in inode body
    (bsc#1214950).
  * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
    (bsc#1214954).
  * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
  * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
  * ext4: get block from bh in ext4_free_blocks for fast commit replay
    (bsc#1214942).
  * ext4: reflect error codes from ext4_multi_mount_protect() to its callers
    (bsc#1214941).
  * ext4: Remove ext4 locking of moved directory (bsc#1214957).
  * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
  * fs: do not update freeing inode i_io_list (bsc#1214813).
  * fs: Establish locking order for unrelated directories (bsc#1214958).
  * fs: Lock moved directories (bsc#1214959).
  * fs: lockd: avoid possible wrong NULL parameter (git-fixes).
  * fs: no need to check source (bsc#1215752).
  * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
    (bsc#1214813).
  * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
  * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
  * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
  * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
  * gve: Changes to add new TX queues (bsc#1214479).
  * gve: Control path for DQO-QPL (bsc#1214479).
  * gve: fix frag_list chaining (bsc#1214479).
  * gve: Fix gve interrupt names (bsc#1214479).
  * gve: RX path for DQO-QPL (bsc#1214479).
  * gve: trivial spell fix Recive to Receive (bsc#1214479).
  * gve: Tx path for DQO-QPL (bsc#1214479).
  * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
  * gve: use vmalloc_array and vcalloc (bsc#1214479).
  * gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
  * hwrng: virtio - add an internal buffer (git-fixes).
  * hwrng: virtio - always add a pending request (git-fixes).
  * hwrng: virtio - do not wait on cleanup (git-fixes).
  * hwrng: virtio - do not waste entropy (git-fixes).
  * hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
  * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
  * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
  * idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
  * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
  * iommu/virtio: Detach domain on endpoint release (git-fixes).
  * jbd2: check 'jh->b_transaction' before removing it from checkpoint
    (bsc#1214953).
  * jbd2: correct the end of the journal recovery scan range (bsc#1214955).
  * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
  * jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
  * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
    (bsc#1214948).
  * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
  * jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
  * jbd2: remove t_checkpoint_io_list (bsc#1214946).
  * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
  * kabi/severities: ignore mlx4 internal symbols
  * kconfig: fix possible buffer overflow (git-fixes).
  * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes
    bsc#1215915).
  * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes
    bsc#1215896).
  * KVM: s390: pv: fix external interruption loop not always detected (git-fixes
    bsc#1215916).
  * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    (git-fixes bsc#1215894).
  * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
  * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
    (git-fixes bsc#1215911).
  * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-
    fixes).
  * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
  * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
  * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
  * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
  * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
    (bsc#1213772).
  * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
    (bsc#1213772).
  * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
  * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
  * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
  * loop: Fix use-after-free issues (bsc#1214991).
  * loop: loop_set_status_from_info() check before assignment (bsc#1214990).
  * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
  * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
  * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
  * mlx4: Delete custom device management logic (bsc#1187236).
  * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
  * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
  * mlx4: Move the bond work to the core driver (bsc#1187236).
  * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
  * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
  * mlx4: Replace the mlx4_interface.event callback with a notifier
    (bsc#1187236).
  * mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
    (bsc#1187236).
  * module: Expose module_init_layout_section() (git-fixes)
  * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
  * net: mana: Add page pool for RX buffers (bsc#1214040).
  * net: mana: Configure hwc timeout from hardware (bsc#1214037).
  * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
  * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
  * net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
  * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-
    fixes).
  * nfs/blocklayout: Use the passed in gfp flags (git-fixes).
  * NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes).
  * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
  * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
  * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
  * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
  * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
  * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
  * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
  * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
  * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
  * ntb: Clean up tx tail index on link down (git-fixes).
  * ntb: Drop packets when qp link is down (git-fixes).
  * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
  * nvme-auth: use chap->s2 to indicate bidirectional authentication
    (bsc#1214543).
  * nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
  * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
  * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
  * nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
  * PCI: Free released resource after coalescing (git-fixes).
  * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
  * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-
    fixes).
  * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
  * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
    (git-fixes).
  * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-
    fixes).
  * platform/x86: intel_scu_ipc: Check status upon timeout in
    ipc_wait_for_interrupt() (git-fixes).
  * platform/x86: intel_scu_ipc: Do not override scu in
    intel_scu_ipc_dev_simple_command() (git-fixes).
  * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
  * powerpc/fadump: make is_kdump_kernel() return false when fadump is active
    (bsc#1212639 ltc#202582).
  * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
    (bsc#1065729).
  * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
  * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
  * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
  * pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
  * quota: add new helper dquot_active() (bsc#1214998).
  * quota: factor out dquot_write_dquot() (bsc#1214995).
  * quota: fix dqput() to follow the guarantees dquot_srcu should provide
    (bsc#1214963).
  * quota: fix warning in dqgrab() (bsc#1214962).
  * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
  * quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
  * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
    bsc#1215957).
  * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
  * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes
    bsc#1215148).
  * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
    (git-fixes).
  * scsi: 53c700: Check that command slot is not NULL (git-fixes).
  * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
  * scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
  * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
  * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
  * scsi: lpfc: Early return after marking final NLP_DROPPED flag in
    dev_loss_tmo (git-fixes).
  * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-
    fixes).
  * scsi: lpfc: Modify when a node should be put in device recovery mode during
    RSCN (git-fixes).
  * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports
    (git-fixes).
  * scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
  * scsi: qedf: Add synchronization between I/O completions and abort
    (bsc#1210658).
  * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
  * scsi: qedf: Fix NULL dereference in error handling (git-fixes).
  * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
  * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
  * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
  * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
  * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
  * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-
    fixes).
  * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
  * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
  * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
  * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
  * scsi: qla2xxx: Remove unused declarations (bsc#1214928).
  * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs()
    (bsc#1214928).
  * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
  * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
    (git-fixes).
  * scsi: scsi_debug: Remove dead code (git-fixes).
  * scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
  * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
  * scsi: storvsc: Handle additional SRB status values (git-fixes).
  * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
  * selftests: tracing: Fix to unmount tracefs for recovering environment (git-
    fixes).
  * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
  * tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
  * tracing: Fix race issue between cpu buffer write and swap (git-fixes).
  * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
  * tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
  * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
  * udf: Fix extension of the last extent in the file (bsc#1214964).
  * udf: Fix file corruption when appending just after end of preallocated
    extent (bsc#1214965).
  * udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
  * udf: Fix uninitialized array access for some pathnames (bsc#1214967).
  * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
  * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
  * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
  * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
  * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
  * usb: typec: tcpci: clear the fault status bit (git-fixes).
  * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
  * vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
  * vhost-scsi: unbreak any layout for response (git-fixes).
  * vhost: allow batching hint without size (git-fixes).
  * vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
  * vhost: handle error while adding split ranges to iotlb (git-fixes).
  * virtio_net: add checking sq is full inside xdp xmit (git-fixes).
  * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
  * virtio_net: reorder some funcs (git-fixes).
  * virtio_net: separate the logic of checking whether sq is full (git-fixes).
  * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
  * virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
  * virtio-net: fix race between set queues and probe (git-fixes).
  * virtio-net: set queues after driver_ok (git-fixes).
  * virtio-rng: make device ready before making request (git-fixes).
  * virtio: acknowledge all features before access (git-fixes).
  * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore
    (bsc#1212639 ltc#202582).
  * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
  * word-at-a-time: use the same return type for has_zero regardless of
    endianness (bsc#1065729).
  * x86/alternative: Fix race in try_get_desc() (git-fixes).
  * x86/boot/e820: Fix typo in e820.c comment (git-fixes).
  * x86/bugs: Reset speculation control settings on init (git-fixes).
  * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
  * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
  * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
  * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
    (bsc#1213772).
  * x86/cpu: Add Lunar Lake M (git-fixes).
  * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
  * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
  * x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
  * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-
    fixes).
  * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-
    fixes).
  * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
  * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
  * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-
    fixes).
  * x86/mce: Retrieve poison range from hardware (git-fixes).
  * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
  * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
  * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
  * x86/purgatory: remove PGO flags (git-fixes).
  * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-
    fixes).
  * x86/reboot: Disable virtualization in an emergency if SVM is supported (git-
    fixes).
  * x86/resctl: fix scheduler confusion with 'current' (git-fixes).
  * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
  * x86/resctrl: Fix to restore to original value when re-enabling hardware
    prefetch register (git-fixes).
  * x86/rtc: Remove __init for runtime functions (git-fixes).
  * x86/sev: Make enc_dec_hypercall() accept a size instead of npages
    (bsc#1214635).
  * x86/sgx: Reduce delay and interference of enclave release (git-fixes).
  * x86/srso: Do not probe microcode in a guest (git-fixes).
  * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
  * x86/srso: Fix srso_show_state() side effect (git-fixes).
  * x86/srso: Set CPUID feature bits independently of bug or mitigation status
    (git-fixes).
  * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
  * xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
  * xprtrdma: Remap Receive buffers after a reconnect (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2023-4057=1 openSUSE-SLE-15.4-2023-4057=1

  * Public Cloud Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4057=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 x86_64)
    * kernel-azure-optional-debuginfo-5.14.21-150400.14.69.1
    * kernel-syms-azure-5.14.21-150400.14.69.1
    * kernel-azure-debugsource-5.14.21-150400.14.69.1
    * kernel-azure-optional-5.14.21-150400.14.69.1
    * ocfs2-kmp-azure-5.14.21-150400.14.69.1
    * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.69.1
    * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.69.1
    * dlm-kmp-azure-debuginfo-5.14.21-150400.14.69.1
    * kernel-azure-debuginfo-5.14.21-150400.14.69.1
    * cluster-md-kmp-azure-5.14.21-150400.14.69.1
    * kernel-azure-devel-debuginfo-5.14.21-150400.14.69.1
    * kernel-azure-extra-debuginfo-5.14.21-150400.14.69.1
    * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.69.1
    * kselftests-kmp-azure-5.14.21-150400.14.69.1
    * reiserfs-kmp-azure-5.14.21-150400.14.69.1
    * kernel-azure-livepatch-devel-5.14.21-150400.14.69.1
    * kernel-azure-extra-5.14.21-150400.14.69.1
    * dlm-kmp-azure-5.14.21-150400.14.69.1
    * kernel-azure-devel-5.14.21-150400.14.69.1
    * gfs2-kmp-azure-5.14.21-150400.14.69.1
    * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.69.1
    * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.69.1
  * openSUSE Leap 15.4 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150400.14.69.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-devel-azure-5.14.21-150400.14.69.1
    * kernel-source-azure-5.14.21-150400.14.69.1
  * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
    * kernel-azure-5.14.21-150400.14.69.1
  * Public Cloud Module 15-SP4 (aarch64 x86_64)
    * kernel-azure-debugsource-5.14.21-150400.14.69.1
    * kernel-azure-devel-debuginfo-5.14.21-150400.14.69.1
    * kernel-azure-devel-5.14.21-150400.14.69.1
    * kernel-syms-azure-5.14.21-150400.14.69.1
    * kernel-azure-debuginfo-5.14.21-150400.14.69.1
  * Public Cloud Module 15-SP4 (noarch)
    * kernel-devel-azure-5.14.21-150400.14.69.1
    * kernel-source-azure-5.14.21-150400.14.69.1

## References:

  * https://www.suse.com/security/cve/CVE-2023-1192.html
  * https://www.suse.com/security/cve/CVE-2023-1206.html
  * https://www.suse.com/security/cve/CVE-2023-1859.html
  * https://www.suse.com/security/cve/CVE-2023-2177.html
  * https://www.suse.com/security/cve/CVE-2023-37453.html
  * https://www.suse.com/security/cve/CVE-2023-39192.html
  * https://www.suse.com/security/cve/CVE-2023-39193.html
  * https://www.suse.com/security/cve/CVE-2023-39194.html
  * https://www.suse.com/security/cve/CVE-2023-4155.html
  * https://www.suse.com/security/cve/CVE-2023-42753.html
  * https://www.suse.com/security/cve/CVE-2023-42754.html
  * https://www.suse.com/security/cve/CVE-2023-4389.html
  * https://www.suse.com/security/cve/CVE-2023-4563.html
  * https://www.suse.com/security/cve/CVE-2023-4622.html
  * https://www.suse.com/security/cve/CVE-2023-4623.html
  * https://www.suse.com/security/cve/CVE-2023-4881.html
  * https://www.suse.com/security/cve/CVE-2023-4921.html
  * https://www.suse.com/security/cve/CVE-2023-5345.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1202845
  * https://bugzilla.suse.com/show_bug.cgi?id=1213772
  * https://bugzilla.suse.com/show_bug.cgi?id=1213808
  * https://bugzilla.suse.com/show_bug.cgi?id=1214928
  * https://bugzilla.suse.com/show_bug.cgi?id=1214943
  * https://bugzilla.suse.com/show_bug.cgi?id=1214944
  * https://bugzilla.suse.com/show_bug.cgi?id=1214950
  * https://bugzilla.suse.com/show_bug.cgi?id=1214951
  * https://bugzilla.suse.com/show_bug.cgi?id=1214954
  * https://bugzilla.suse.com/show_bug.cgi?id=1214957
  * https://bugzilla.suse.com/show_bug.cgi?id=1214986
  * https://bugzilla.suse.com/show_bug.cgi?id=1214988
  * https://bugzilla.suse.com/show_bug.cgi?id=1214992
  * https://bugzilla.suse.com/show_bug.cgi?id=1214993
  * https://bugzilla.suse.com/show_bug.cgi?id=1215322
  * https://bugzilla.suse.com/show_bug.cgi?id=1215523
  * https://bugzilla.suse.com/show_bug.cgi?id=1215877
  * https://bugzilla.suse.com/show_bug.cgi?id=1215894
  * https://bugzilla.suse.com/show_bug.cgi?id=1215895
  * https://bugzilla.suse.com/show_bug.cgi?id=1215896
  * https://bugzilla.suse.com/show_bug.cgi?id=1215911
  * https://bugzilla.suse.com/show_bug.cgi?id=1215915
  * https://bugzilla.suse.com/show_bug.cgi?id=1215916

openSUSE: 2023:4057-1: important: the Linux Kernel Security Advisory Update

October 12, 2023

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes

Description

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git- fixes). * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * ARM: pxa: remove use of symbol_get() (git-fixes). * arm64: csum: Fix OoB access in IP checksum code for negative lengths (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). * ata: pata_falcon: fix IO base selection for Q40 (git-fixes). * ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). * ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). * backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * bpf: Clear the probe_addr for uprobe (git-fixes). * btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). * drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). * drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). * drm/amd/display: prevent potential division by zero errors (git-fixes). * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: do not update freeing inode i_io_list (bsc#1214813). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). * i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (git-fixes). * Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow (git-fixes). * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git- fixes). * KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). * KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). * KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). * KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). * KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). * KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). * mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). * mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). * mlx4: Delete custom device management logic (bsc#1187236). * mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). * mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). * mlx4: Move the bond work to the core driver (bsc#1187236). * mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). * mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). * mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). * mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net/mlx4: Remove many unnecessary NULL values (bsc#1187236). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * nfs/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * ntb: Clean up tx tail index on link down (git-fixes). * ntb: Drop packets when qp link is down (git-fixes). * ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * PCI: Free released resource after coalescing (git-fixes). * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git- fixes). * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * pwm: lpc32xx: Remove handling of PWM channels (git-fixes). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). * s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). * scsi: 53c700: Check that command slot is not NULL (git-fixes). * scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). * scsi: core: Fix possible memory leak if device_add() fails (git-fixes). * scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: lpfc: Remove reftag check in DIF paths (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). * scsi: qedf: Fix NULL dereference in error handling (git-fixes). * scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). * scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). * scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). * scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). * scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). * scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). * scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). * scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). * scsi: qla2xxx: Remove unused declarations (bsc#1214928). * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). * scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: scsi_debug: Remove dead code (git-fixes). * scsi: snic: Fix double free in snic_tgt_create() (git-fixes). * scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: tracing: Fix to unmount tracefs for recovering environment (git- fixes). * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tcpm: Avoid soft reset when partner does not support get_status (git-fixes). * tracing: Fix race issue between cpu buffer write and swap (git-fixes). * tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). * tracing: Remove unnecessary copying of tr->current_trace (git-fixes). * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: tcpci: clear the fault status bit (git-fixes). * usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/alternative: Fix race in try_get_desc() (git-fixes). * x86/boot/e820: Fix typo in e820.c comment (git-fixes). * x86/bugs: Reset speculation control settings on init (git-fixes). * x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). * x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). * x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). * x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). * x86/cpu: Add Lunar Lake M (git-fixes). * x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). * x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). * x86/cpu: Support AMD Automatic IBRS (bsc#1213772). * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git- fixes). * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git- fixes). * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). * x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git- fixes). * x86/mce: Retrieve poison range from hardware (git-fixes). * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). * x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). * x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). * x86/purgatory: remove PGO flags (git-fixes). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/reboot: Disable virtualization in an emergency if SVM is supported (git- fixes). * x86/resctl: fix scheduler confusion with 'current' (git-fixes). * x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). * x86/rtc: Remove __init for runtime functions (git-fixes). * x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). * x86/sgx: Reduce delay and interference of enclave release (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update.

Patch

## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4057=1 openSUSE-SLE-15.4-2023-4057=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4057=1

Package List

* openSUSE Leap 15.4 (aarch64 x86_64) * kernel-azure-optional-debuginfo-5.14.21-150400.14.69.1 * kernel-syms-azure-5.14.21-150400.14.69.1 * kernel-azure-debugsource-5.14.21-150400.14.69.1 * kernel-azure-optional-5.14.21-150400.14.69.1 * ocfs2-kmp-azure-5.14.21-150400.14.69.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * kernel-azure-debuginfo-5.14.21-150400.14.69.1 * cluster-md-kmp-azure-5.14.21-150400.14.69.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.69.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.69.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * kselftests-kmp-azure-5.14.21-150400.14.69.1 * reiserfs-kmp-azure-5.14.21-150400.14.69.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.69.1 * kernel-azure-extra-5.14.21-150400.14.69.1 * dlm-kmp-azure-5.14.21-150400.14.69.1 * kernel-azure-devel-5.14.21-150400.14.69.1 * gfs2-kmp-azure-5.14.21-150400.14.69.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.69.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.69.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.69.1 * kernel-source-azure-5.14.21-150400.14.69.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.69.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debugsource-5.14.21-150400.14.69.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.69.1 * kernel-azure-devel-5.14.21-150400.14.69.1 * kernel-syms-azure-5.14.21-150400.14.69.1 * kernel-azure-debuginfo-5.14.21-150400.14.69.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.69.1 * kernel-source-azure-5.14.21-150400.14.69.1

References

* #1202845 * #1213772 * #1213808 * #1214928 * #1214943 * #1214944 * #1214950 * #1214951 * #1214954 * #1214957 * #1214986 * #1214988 * #1214992 * #1214993 * #1215322 * #1215523 * #1215877 * #1215894 * #1215895 * #1215896 * #1215911 * #1215915 * #1215916 ## References: * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-1859.html * https://www.suse.com/security/cve/CVE-2023-2177.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4563.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4881.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1213772 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214928 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214988 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916