SUSE: 2023:0488-1 important: the Linux-RT Kernel
Summary
## The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332). * CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). * CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). * CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). * CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). * CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). * CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). The following non-security bugs were fixed: * ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). * ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). * ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). * ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). * ACPI: PRM: Check whether EFI runtime is available (git-fixes). * ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). * ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). * ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). * ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). * ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). * ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). * ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). * ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). * ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). * ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). * ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). * ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). * ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). * ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). * ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). * ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). * ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git- fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). * ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). * ALSA: pci: lx6464es: fix a debug loop (git-fixes). * ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). * ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). * ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). * ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). * ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). * ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). * ARM: imx: add missing of_node_put() (git-fixes). * ASoC: Intel: boards: fix spelling in comments (git-fixes). * ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). * ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes). * ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). * ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). * ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). * ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). * ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). * ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes). * Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). * Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). * Fix page corruption caused by racy check in __free_pages (bsc#1208149). * HID: betop: check shape of output reports (git-fixes). * HID: betop: check shape of output reports (git-fixes, bsc#1207186). * HID: check empty report_list in bigben_probe() (git-fixes). * HID: check empty report_list in hid_validate_values() (git-fixes). * HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). * HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). * HID: playstation: sanity check DualSense calibration data (git-fixes). * HID: revert CHERRY_MOUSE_000C quirk (git-fixes). * IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes) * IB/hfi1: Fix expected receive setup error exit issues (git-fixes) * IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) * IB/hfi1: Reject a zero-length user expected buffer (git-fixes) * IB/hfi1: Remove user expected buffer invalidate race (git-fixes) * IB/hfi1: Reserve user expected TIDs (git-fixes) * IB/hfi1: Restore allocated resources on failed copyout (git-fixes) * IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). * KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). * Move upstreamed net patch into sorted section * PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). * PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). * RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). * RDMA/core: Fix ib block iterator counter overflow (git-fixes) * RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes) * RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) * RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) * RDMA/rxe: Prevent faulty rkey generation (git-fixes) * RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) * RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) * Remove duplicate Git-commit tag in patch file * Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes). * Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes). * Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). * Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). * Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git- fixes). * Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes). * SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). * SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). * USB: gadget: Fix use-after-free during usb config switch (git-fixes). * USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). * USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). * USB: serial: option: add Quectel EC200U modem (git-fixes). * USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). * USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). * USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). * USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). * USB: serial: option: add Quectel EM05CN modem (git-fixes). * arm64: Fix Freescale LPUART dependency (boo#1204063). * arm64: atomics: format whitespace consistently (git-fixes). * arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). * arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git- fixes). * arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). * arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). * arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson-g12-common: Make mmc host controller interrupts level- sensitive (git-fixes). * arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). * arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). * arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). * arm64: efi: Execute runtime services from a dedicated stack (git-fixes). * ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git- fixes). * ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). * bcache: fix set_at_max_writeback_rate() for multiple attached devices (git- fixes). * bfq: fix use-after-free in bfq_dispatch_request (git-fixes). * bfq: fix waker_bfqq inconsistency crash (git-fixes). * blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * blk-throttle: prevent overflow while calculating wait time (git-fixes). * blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). * blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). * block, bfq: do not move oom_bfqq (git-fixes). * block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). * block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). * block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). * block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). * block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). * block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). * block/bfq_wf2q: correct weight to ioprio (git-fixes). * block/bio: remove duplicate append pages code (git-fixes). * block: check minor range in device_add_disk() (git-fixes). * block: clear ->slave_dir when dropping the main slave_dir reference (git- fixes). * block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). * block: ensure iov_iter advances for added pages (git-fixes). * block: fix and cleanup bio_check_ro (git-fixes). * block: fix infinite loop for invalid zone append (git-fixes). * block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). * block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). * block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). * block: use bdev_get_queue() in bio.c (git-fixes). * bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git- fixes). * bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). * bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). * bnxt_en: add dynamic debug support for HWRM messages (git-fixes). * bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git- fixes). * bnxt_en: fix the handling of PCIE-AER (git-fixes). * bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). * bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes). * bpf: Skip task with pid=1 in send_signal_common() (git-fixes). * btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). * btrfs: avoid inode logging during rename and link when possible (bsc#1207263). * btrfs: avoid logging all directory changes during renames (bsc#1207263). * btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). * btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). * btrfs: fix assertion failure when logging directory key range item (bsc#1207263). * btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). * btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). * btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). * btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). * btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). * btrfs: join running log transaction when logging new name (bsc#1207263). * btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). * btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). * btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). * btrfs: put initial index value of a directory in a constant (bsc#1207263). * btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). * btrfs: qgroup: remove outdated TODO comments (bsc#1207158). * btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). * btrfs: remove useless path release in the fast fsync path (bsc#1207263). * btrfs: remove write and wait of struct walk_control (bsc#1207263). * btrfs: stop copying old dir items when logging a directory (bsc#1207263). * btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). * btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). * btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). * bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). * can: j1939: do not wait 250 ms if the same addr was already claimed (git- fixes). * can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). * ceph: flush cap releases when the session is flushed (bsc#1208428). * cifs: Fix uninitialized memory read for smb311 posix symlink create (git- fixes). * cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). * cifs: do not include page data when checking signature (git-fixes). * cifs: do not query ifaces on smb1 mounts (git-fixes). * cifs: do not take exclusive lock for updating target hints (bsc#1193629). * cifs: fix double free on failed kerberos auth (git-fixes). * cifs: fix file info setting in cifs_open_file() (git-fixes). * cifs: fix file info setting in cifs_query_path_info() (git-fixes). * cifs: fix potential memory leaks in session setup (bsc#1193629). * cifs: fix race in assemble_neg_contexts() (bsc#1193629). * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). * cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). * cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). * cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). * cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). * cifs: remove redundant assignment to the variable match (bsc#1193629). * cifs: remove unused function (bsc#1193629). * comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). * cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). * cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). * crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). * dm btree: add a defensive bounds check to insert_at() (git-fixes). * dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). * dm cache: Fix UAF in destroy() (git-fixes). * dm cache: set needs_check flag after aborting metadata (git-fixes). * dm clone: Fix UAF in clone_dtr() (git-fixes). * dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). * dm integrity: clear the journal on suspend (git-fixes). * dm integrity: flush the journal on suspend (git-fixes). * dm ioctl: fix misbehavior if list_versions races with module loading (git- fixes). * dm ioctl: prevent potential spectre v1 gadget (git-fixes). * dm raid: fix address sanitizer warning in raid_resume (git-fixes). * dm raid: fix address sanitizer warning in raid_status (git-fixes). * dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). * dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). * dm thin: Fix UAF in run_timer_softirq() (git-fixes). * dm thin: Use last transaction's pmd->root when commit failed (git-fixes). * dm thin: resume even if in FAIL mode (git-fixes). * dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). * dm: fix alloc_dax error handling in alloc_dev (git-fixes). * dm: requeue IO if mapping table not yet available (git-fixes). * dmaengine: Fix double increment of client_count in dma_chan_get() (git- fixes). * dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git- fixes). * dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git- fixes). * dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git- fixes). * dmaengine: lgm: Move DT parsing after initialization (git-fixes). * dmaengine: tegra210-adma: fix global intr clear (git-fixes). * dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). * dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). * docs: Fix the docs build with Sphinx 6.0 (git-fixes). * driver core: Fix test_async_probe_init saves device in wrong array (git- fixes). * drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). * drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). * drivers:md:fix a potential use-after-free bug (git-fixes). * drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). * drm/amd/display: Fail atomic_check early on normalize_zpos error (git- fixes). * drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). * drm/amd/display: Fix set scaling doesn's work (git-fixes). * drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). * drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). * drm/amd/display: fix issues with driver unload (git-fixes). * drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git- fixes). * drm/amdgpu: complete gfxoff allow signal during suspend without delay (git- fixes). * drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git- fixes). * drm/amdgpu: drop experimental flag on aldebaran (git-fixes). * drm/hyperv: Add error message for fb size greater than allocated (git- fixes). * drm/i915/adlp: Fix typo for reference clock (git-fixes). * drm/i915/display: Check source height is > 0 (git-fixes). * drm/i915/gt: Reset twice (git-fixes). * drm/i915/selftest: fix intel_selftest_modify_policy argument types (git- fixes). * drm/i915: Fix VBT DSI DVO port handling (git-fixes). * drm/i915: Fix potential bit_17 double-free (git-fixes). * drm/i915: Initialize the obj flags for shmem objects (git-fixes). * drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). * drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). * drm/vc4: hdmi: make CEC adapter name unique (git-fixes). * drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). * drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). * efi: Accept version 2 of memory attributes table (git-fixes). * efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). * efi: rt-wrapper: Add missing include (git-fixes). * efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). * exit: Add and use make_task_dead (bsc#1207328). * exit: Allow oops_limit to be disabled (bsc#1207328). * exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). * exit: Move force_uaccess back into do_exit (bsc#1207328). * exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). * exit: Put an upper limit on how often we can oops (bsc#1207328). * exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). * exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). * ext4,f2fs: fix readahead of verity data (bsc#1207648). * ext4: Fixup pages without buffers (bsc#1205495). * ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add helper to check quota inums (bsc#1207618). * ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). * ext4: add missing validation of fast-commit record lengths (bsc#1207626). * ext4: allocate extended attribute value in vmalloc area (bsc#1207635). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: disable fast-commit of encrypted dir operations (bsc#1207623). * ext4: do not allow journal inode to have encrypt flag (bsc#1207621). * ext4: do not increase iversion counter for ea_inodes (bsc#1207605). * ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). * ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). * ext4: drop ineligible txn start stop APIs (bsc#1207588).
References
* bsc#1166486
* bsc#1185861
* bsc#1185863
* bsc#1186449
* bsc#1191256
* bsc#1192868
* bsc#1193629
* bsc#1194869
* bsc#1195175
* bsc#1195655
* bsc#1196058
* bsc#1199701
* bsc#1203332
* bsc#1204063
* bsc#1204356
* bsc#1204662
* bsc#1205495
* bsc#1206006
* bsc#1206036
* bsc#1206056
* bsc#1206057
* bsc#1206224
* bsc#1206258
* bsc#1206363
* bsc#1206459
* bsc#1206616
* bsc#1206640
* bsc#1206677
* bsc#1206784
* bsc#1206876
* bsc#1206877
* bsc#1206878
* bsc#1206880
* bsc#1206881
* bsc#1206882
* bsc#1206883
* bsc#1206884
* bsc#1206885
* bsc#1206886
* bsc#1206887
* bsc#1206888
* bsc#1206889
* bsc#1206890
* bsc#1206893
* bsc#1206894
* bsc#1207010
* bsc#1207034
* bsc#1207036
* bsc#1207050
* bsc#1207125
* bsc#1207134
* bsc#1207149
* bsc#1207158
* bsc#1207184
* bsc#1207186
* bsc#1207188
* bsc#1207189
* bsc#1207190
* bsc#1207237
* bsc#1207263
* bsc#1207269
* bsc#1207328
* bsc#1207497
* bsc#1207500
* bsc#1207501
* bsc#1207506
* bsc#1207507
* bsc#1207588
* bsc#1207589
* bsc#1207590
* bsc#1207591
* bsc#1207592
* bsc#1207593
* bsc#1207594
* bsc#1207602
* bsc#1207603
* bsc#1207605
* bsc#1207606
* bsc#1207607
* bsc#1207608
* bsc#1207609
* bsc#1207610
* bsc#1207611
* bsc#1207612
* bsc#1207613
* bsc#1207614
* bsc#1207615
* bsc#1207616
* bsc#1207617
* bsc#1207618
* bsc#1207619
* bsc#1207620
* bsc#1207621
* bsc#1207622
* bsc#1207623
* bsc#1207624
* bsc#1207625
* bsc#1207626
* bsc#1207627
* bsc#1207628
* bsc#1207629
* bsc#1207630
* bsc#1207631
* bsc#1207632
* bsc#1207633
* bsc#1207634
* bsc#1207635
* bsc#1207636
* bsc#1207637
* bsc#1207638
* bsc#1207639
* bsc#1207640
* bsc#1207641
* bsc#1207642
* bsc#1207643
* bsc#1207644
* bsc#1207645
* bsc#1207646
* bsc#1207647
* bsc#1207648
* bsc#1207649
* bsc#1207650
* bsc#1207651
* bsc#1207652
* bsc#1207653
* bsc#1207734
* bsc#1207768
* bsc#1207769
* bsc#1207770
* bsc#1207771
* bsc#1207773
* bsc#1207795
* bsc#1207842
* bsc#1207875
* bsc#1207878
* bsc#1207933
* bsc#1208030
* bsc#1208044
* bsc#1208085
* bsc#1208149
* bsc#1208153
* bsc#1208183
* bsc#1208428
* bsc#1208429
* jsc#PED-3210
* jsc#SLE-21132
Cross-
* CVE-2020-24588
* CVE-2022-36280
* CVE-2022-4382
* CVE-2022-47929
* CVE-2023-0045
* CVE-2023-0122
* CVE-2023-0179
* CVE-2023-0266
* CVE-2023-0590
* CVE-2023-23454
* CVE-2023-23455
CVSS scores:
* CVE-2020-24588 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2020-24588 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
* CVE-2022-4382 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-4382 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
* CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0045 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0266 ( NVD ): 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
* CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4
An update that solves 11 vulnerabilities, contains two features and has 133
security fixes can now be installed.
##
* https://www.suse.com/security/cve/CVE-2020-24588.html
* https://www.suse.com/security/cve/CVE-2022-36280.html
* https://www.suse.com/security/cve/CVE-2022-4382.html
* https://www.suse.com/security/cve/CVE-2022-47929.html
* https://www.suse.com/security/cve/CVE-2023-0045.html
* https://www.suse.com/security/cve/CVE-2023-0122.html
* https://www.suse.com/security/cve/CVE-2023-0179.html
* https://www.suse.com/security/cve/CVE-2023-0266.html
* https://www.suse.com/security/cve/CVE-2023-0590.html
* https://www.suse.com/security/cve/CVE-2023-23454.html
* https://www.suse.com/security/cve/CVE-2023-23455.html
* https://bugzilla.suse.com/show_bug.cgi?id=1166486
* https://bugzilla.suse.com/show_bug.cgi?id=1185861
* https://bugzilla.suse.com/show_bug.cgi?id=1185863
* https://bugzilla.suse.com/show_bug.cgi?id=1186449
* https://bugzilla.suse.com/show_bug.cgi?id=1191256
* https://bugzilla.suse.com/show_bug.cgi?id=1192868
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1195175
* https://bugzilla.suse.com/show_bug.cgi?id=1195655
* https://bugzilla.suse.com/show_bug.cgi?id=1196058
* https://bugzilla.suse.com/show_bug.cgi?id=1199701
* https://bugzilla.suse.com/show_bug.cgi?id=1203332
* https://bugzilla.suse.com/show_bug.cgi?id=1204063
* https://bugzilla.suse.com/show_bug.cgi?id=1204356
* https://bugzilla.suse.com/show_bug.cgi?id=1204662
* https://bugzilla.suse.com/show_bug.cgi?id=1205495
* https://bugzilla.suse.com/show_bug.cgi?id=1206006
* https://bugzilla.suse.com/show_bug.cgi?id=1206036
* https://bugzilla.suse.com/show_bug.cgi?id=1206056
* https://bugzilla.suse.com/show_bug.cgi?id=1206057
* https://bugzilla.suse.com/show_bug.cgi?id=1206224
* https://bugzilla.suse.com/show_bug.cgi?id=1206258
* https://bugzilla.suse.com/show_bug.cgi?id=1206363
* https://bugzilla.suse.com/show_bug.cgi?id=1206459
* https://bugzilla.suse.com/show_bug.cgi?id=1206616
* https://bugzilla.suse.com/show_bug.cgi?id=1206640
* https://bugzilla.suse.com/show_bug.cgi?id=1206677
* https://bugzilla.suse.com/show_bug.cgi?id=1206784
* https://bugzilla.suse.com/show_bug.cgi?id=1206876
* https://bugzilla.suse.com/show_bug.cgi?id=1206877
* https://bugzilla.suse.com/show_bug.cgi?id=1206878
* https://bugzilla.suse.com/show_bug.cgi?id=1206880
* https://bugzilla.suse.com/show_bug.cgi?id=1206881
* https://bugzilla.suse.com/show_bug.cgi?id=1206882
* https://bugzilla.suse.com/show_bug.cgi?id=1206883
* https://bugzilla.suse.com/show_bug.cgi?id=1206884
* https://bugzilla.suse.com/show_bug.cgi?id=1206885
* https://bugzilla.suse.com/show_bug.cgi?id=1206886
* https://bugzilla.suse.com/show_bug.cgi?id=1206887
* https://bugzilla.suse.com/show_bug.cgi?id=1206888
* https://bugzilla.suse.com/show_bug.cgi?id=1206889
* https://bugzilla.suse.com/show_bug.cgi?id=1206890
* https://bugzilla.suse.com/show_bug.cgi?id=1206893
* https://bugzilla.suse.com/show_bug.cgi?id=1206894
* https://bugzilla.suse.com/show_bug.cgi?id=1207010
* https://bugzilla.suse.com/show_bug.cgi?id=1207034
* https://bugzilla.suse.com/show_bug.cgi?id=1207036
* https://bugzilla.suse.com/show_bug.cgi?id=1207050
* https://bugzilla.suse.com/show_bug.cgi?id=1207125
* https://bugzilla.suse.com/show_bug.cgi?id=1207134
* https://bugzilla.suse.com/show_bug.cgi?id=1207149
* https://bugzilla.suse.com/show_bug.cgi?id=1207158
* https://bugzilla.suse.com/show_bug.cgi?id=1207184
* https://bugzilla.suse.com/show_bug.cgi?id=1207186
* https://bugzilla.suse.com/show_bug.cgi?id=1207188
* https://bugzilla.suse.com/show_bug.cgi?id=1207189
* https://bugzilla.suse.com/show_bug.cgi?id=1207190
* https://bugzilla.suse.com/show_bug.cgi?id=1207237
* https://bugzilla.suse.com/show_bug.cgi?id=1207263
* https://bugzilla.suse.com/show_bug.cgi?id=1207269
* https://bugzilla.suse.com/show_bug.cgi?id=1207328
* https://bugzilla.suse.com/show_bug.cgi?id=1207497
* https://bugzilla.suse.com/show_bug.cgi?id=1207500
* https://bugzilla.suse.com/show_bug.cgi?id=1207501
* https://bugzilla.suse.com/show_bug.cgi?id=1207506
* https://bugzilla.suse.com/show_bug.cgi?id=1207507
* https://bugzilla.suse.com/show_bug.cgi?id=1207588
* https://bugzilla.suse.com/show_bug.cgi?id=1207589
* https://bugzilla.suse.com/show_bug.cgi?id=1207590
* https://bugzilla.suse.com/show_bug.cgi?id=1207591
* https://bugzilla.suse.com/show_bug.cgi?id=1207592
* https://bugzilla.suse.com/show_bug.cgi?id=1207593
* https://bugzilla.suse.com/show_bug.cgi?id=1207594
* https://bugzilla.suse.com/show_bug.cgi?id=1207602
* https://bugzilla.suse.com/show_bug.cgi?id=1207603
* https://bugzilla.suse.com/show_bug.cgi?id=1207605
* https://bugzilla.suse.com/show_bug.cgi?id=1207606
* https://bugzilla.suse.com/show_bug.cgi?id=1207607
* https://bugzilla.suse.com/show_bug.cgi?id=1207608
* https://bugzilla.suse.com/show_bug.cgi?id=1207609
* https://bugzilla.suse.com/show_bug.cgi?id=1207610
* https://bugzilla.suse.com/show_bug.cgi?id=1207611
* https://bugzilla.suse.com/show_bug.cgi?id=1207612
* https://bugzilla.suse.com/show_bug.cgi?id=1207613
* https://bugzilla.suse.com/show_bug.cgi?id=1207614
* https://bugzilla.suse.com/show_bug.cgi?id=1207615
* https://bugzilla.suse.com/show_bug.cgi?id=1207616
* https://bugzilla.suse.com/show_bug.cgi?id=1207617
* https://bugzilla.suse.com/show_bug.cgi?id=1207618
* https://bugzilla.suse.com/show_bug.cgi?id=1207619
* https://bugzilla.suse.com/show_bug.cgi?id=1207620
* https://bugzilla.suse.com/show_bug.cgi?id=1207621
* https://bugzilla.suse.com/show_bug.cgi?id=1207622
* https://bugzilla.suse.com/show_bug.cgi?id=1207623
* https://bugzilla.suse.com/show_bug.cgi?id=1207624
* https://bugzilla.suse.com/show_bug.cgi?id=1207625
* https://bugzilla.suse.com/show_bug.cgi?id=1207626
* https://bugzilla.suse.com/show_bug.cgi?id=1207627
* https://bugzilla.suse.com/show_bug.cgi?id=1207628
* https://bugzilla.suse.com/show_bug.cgi?id=1207629
* https://bugzilla.suse.com/show_bug.cgi?id=1207630
* https://bugzilla.suse.com/show_bug.cgi?id=1207631
* https://bugzilla.suse.com/show_bug.cgi?id=1207632
* https://bugzilla.suse.com/show_bug.cgi?id=1207633
* https://bugzilla.suse.com/show_bug.cgi?id=1207634
* https://bugzilla.suse.com/show_bug.cgi?id=1207635
* https://bugzilla.suse.com/show_bug.cgi?id=1207636
* https://bugzilla.suse.com/show_bug.cgi?id=1207637
* https://bugzilla.suse.com/show_bug.cgi?id=1207638
* https://bugzilla.suse.com/show_bug.cgi?id=1207639
* https://bugzilla.suse.com/show_bug.cgi?id=1207640
* https://bugzilla.suse.com/show_bug.cgi?id=1207641
* https://bugzilla.suse.com/show_bug.cgi?id=1207642
* https://bugzilla.suse.com/show_bug.cgi?id=1207643
* https://bugzilla.suse.com/show_bug.cgi?id=1207644
* https://bugzilla.suse.com/show_bug.cgi?id=1207645
* https://bugzilla.suse.com/show_bug.cgi?id=1207646
* https://bugzilla.suse.com/show_bug.cgi?id=1207647
* https://bugzilla.suse.com/show_bug.cgi?id=1207648
* https://bugzilla.suse.com/show_bug.cgi?id=1207649
* https://bugzilla.suse.com/show_bug.cgi?id=1207650
* https://bugzilla.suse.com/show_bug.cgi?id=1207651
* https://bugzilla.suse.com/show_bug.cgi?id=1207652
* https://bugzilla.suse.com/show_bug.cgi?id=1207653
* https://bugzilla.suse.com/show_bug.cgi?id=1207734
* https://bugzilla.suse.com/show_bug.cgi?id=1207768
* https://bugzilla.suse.com/show_bug.cgi?id=1207769
* https://bugzilla.suse.com/show_bug.cgi?id=1207770
* https://bugzilla.suse.com/show_bug.cgi?id=1207771
* https://bugzilla.suse.com/show_bug.cgi?id=1207773
* https://bugzilla.suse.com/show_bug.cgi?id=1207795
* https://bugzilla.suse.com/show_bug.cgi?id=1207842
* https://bugzilla.suse.com/show_bug.cgi?id=1207875
* https://bugzilla.suse.com/show_bug.cgi?id=1207878
* https://bugzilla.suse.com/show_bug.cgi?id=1207933
* https://bugzilla.suse.com/show_bug.cgi?id=1208030
* https://bugzilla.suse.com/show_bug.cgi?id=1208044
* https://bugzilla.suse.com/show_bug.cgi?id=1208085
* https://bugzilla.suse.com/show_bug.cgi?id=1208149
* https://bugzilla.suse.com/show_bug.cgi?id=1208153
* https://bugzilla.suse.com/show_bug.cgi?id=1208183
* https://bugzilla.suse.com/show_bug.cgi?id=1208428
* https://bugzilla.suse.com/show_bug.cgi?id=1208429
* https://jira.suse.com/login.jsp
* https://jira.suse.com/login.jsp