# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0156-1  
Rating: important  
References:

  * bsc#1179610
  * bsc#1183045
  * bsc#1193285
  * bsc#1211162
  * bsc#1211226
  * bsc#1212584
  * bsc#1214747
  * bsc#1214823
  * bsc#1215237
  * bsc#1215696
  * bsc#1215885
  * bsc#1216057
  * bsc#1216559
  * bsc#1216776
  * bsc#1217036
  * bsc#1217217
  * bsc#1217250
  * bsc#1217602
  * bsc#1217692
  * bsc#1217790
  * bsc#1217801
  * bsc#1217933
  * bsc#1217938
  * bsc#1217946
  * bsc#1217947
  * bsc#1217980
  * bsc#1217981
  * bsc#1217982
  * bsc#1218056
  * bsc#1218139
  * bsc#1218184
  * bsc#1218234
  * bsc#1218253
  * bsc#1218258
  * bsc#1218335
  * bsc#1218357
  * bsc#1218447
  * bsc#1218515
  * bsc#1218559
  * bsc#1218569
  * bsc#1218659
  * jsc#PED-3459
  * jsc#PED-5021
  * jsc#PED-7322

  
Cross-References:

  * CVE-2020-26555
  * CVE-2023-51779
  * CVE-2023-6121
  * CVE-2023-6531
  * CVE-2023-6546
  * CVE-2023-6606
  * CVE-2023-6610
  * CVE-2023-6622
  * CVE-2023-6931
  * CVE-2023-6932

  
CVSS scores:

  * CVE-2020-26555 ( SUSE ):  5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2020-26555 ( NVD ):  5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2023-51779 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6121 ( SUSE ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-6121 ( NVD ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-6531 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6546 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6546 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6606 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-6606 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-6610 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-6610 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-6622 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6622 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-6931 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6931 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6932 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6932 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.4
  * openSUSE Leap Micro 5.3
  * openSUSE Leap Micro 5.4
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  * SUSE Linux Enterprise High Availability Extension 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  * SUSE Linux Enterprise Live Patching 15-SP4
  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro 5.4
  * SUSE Linux Enterprise Micro for Rancher 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.4
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves 10 vulnerabilities, contains three features and has 31
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

  * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix
    garbage collector's deletion of SKB races with unix_stream_read_generic()on
    the socket that the SKB is queued on (bsc#1218447).
  * CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing
    debug information (bsc#1217946).
  * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race
    condition in bt_sock_recvmsg (bsc#1218559).
  * CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the
    Bluetooth subsystem that would allow replay attacks (bsc#1179610
    bsc#1215237).
  * CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving
    a malformed length from a server (bsc#1217947).
  * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via
    the GSMIOC_SETCONF ioctl that could lead to local privilege escalation
    (bsc#1218335).
  * CVE-2023-6931: Fixed an out of bounds write in the Performance Events
    subsystem when adding a new event (bsc#1218258).
  * CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query
    packet due to reference count mismanagement (bsc#1218253).
  * CVE-2023-6622: Fixed a null pointer dereference vulnerability in
    nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user
    privilege to trigger a denial of service (bsc#1217938).
  * CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted
    packet in the NVMe-oF/TCP subsystem (bsc#1217250).

The following non-security bugs were fixed:

  * Reviewed and added more information to README.SUSE (jsc#PED-5021).
  * Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226,
    bsc#1218184).
  * Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
  * KVM: s390/mm: Properly reset no-dat (bsc#1218056).
  * KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
  * KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
  * NFS: Fix O_DIRECT locking issues (bsc#1211162).
  * NFS: Fix a few more clear_bit() instances that need release semantics
    (bsc#1211162).
  * NFS: Fix a potential data corruption (bsc#1211162).
  * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
  * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
  * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
  * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
  * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
  * NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
  * Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459)
  * block: fix revalidate performance regression (bsc#1216057).
  * bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
  * ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
    (bsc#1217980).
  * ceph: fix type promotion bug on 32bit systems (bsc#1217982).
  * clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885
    bsc#1217217).
  * clocksource: Enable TSC watchdog checking of HPET and PMTMR only when
    requested (bsc#1215885 bsc#1217217).
  * clocksource: Handle negative skews in "skew is too large" messages
    (bsc#1215885 bsc#1217217).
  * clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217).
  * clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
  * clocksource: Loosen clocksource watchdog constraints (bsc#1215885
    bsc#1217217).
  * clocksource: Print clocksource name when clocksource is tested unstable
    (bsc#1215885 bsc#1217217).
  * clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885
    bsc#1217217).
  * dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
  * fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
  * libceph: use kernel_connect() (bsc#1217981).
  * mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
  * net/smc: Fix pos miscalculation in statistics (bsc#1218139).
  * net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
  * nfs: only issue commit in DIO codepath if we have uncommitted data
    (bsc#1211162).
  * remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
  * s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
  * scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
  * swiotlb: fix a braino in the alignment check fix (bsc#1216559).
  * swiotlb: fix slot alignment checks (bsc#1216559).
  * tracing: Disable preemption when using the filter buffer (bsc#1217036).
  * tracing: Fix a possible race when disabling buffered events (bsc#1217036).
  * tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
  * tracing: Fix incomplete locking when disabling buffered events
    (bsc#1217036).
  * tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
  * tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver()
    (bsc#1217036).
  * uapi: propagate __struct_group() attributes to the container union
    (jsc#SLE-18978).
  * vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
  * x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
  * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696
    bsc#1217790).
  * x86/tsc: Add option to force frequency recalibration with HW timer
    (bsc#1215885 bsc#1217217).
  * x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
  * x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885
    bsc#1217217).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-156=1

  * SUSE Linux Enterprise Real Time 15 SP4  
    zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-156=1

  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4  
    zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-156=1

  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-156=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP4  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-156=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-156=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-156=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-156=1

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2024-156=1

  * openSUSE Leap Micro 5.3  
    zypper in -t patch openSUSE-Leap-Micro-5.3-2024-156=1

  * openSUSE Leap Micro 5.4  
    zypper in -t patch openSUSE-Leap-Micro-5.4-2024-156=1

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-156=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-156=1

  * SUSE Linux Enterprise Micro for Rancher 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2024-156=1

  * SUSE Linux Enterprise Micro 5.4  
    zypper in -t patch SUSE-SLE-Micro-5.4-2024-156=1

  * SUSE Linux Enterprise Live Patching 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-156=1  
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

  * SUSE Linux Enterprise High Availability Extension 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-156=1

  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-156=1

## Package List:

  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-debugsource-5.14.21-150400.24.103.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
    x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
    x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * reiserfs-kmp-default-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Real Time 15 SP4 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Real Time 15 SP4 (x86_64)
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Real Time 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Real Time 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
    * kernel-default-extra-5.14.21-150400.24.103.1
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64)
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-debugsource-5.14.21-150400.24.103.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
    x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
    x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * reiserfs-kmp-default-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
    * kernel-source-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x)
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.103.1
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
    x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * reiserfs-kmp-default-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1
  * SUSE Manager Proxy 4.3 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Manager Proxy 4.3 (x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Manager Proxy 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Manager Retail Branch Server 4.3 (x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Manager Server 4.3 (ppc64le x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Manager Server 4.3 (ppc64le s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Manager Server 4.3 (noarch)
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Manager Server 4.3 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.103.1
  * SUSE Manager Server 4.3 (s390x)
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.103.1
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (noarch)
    * kernel-docs-html-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-source-vanilla-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
    * kernel-source-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (nosrc ppc64le x86_64)
    * kernel-debug-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (ppc64le x86_64)
    * kernel-debug-devel-5.14.21-150400.24.103.1
    * kernel-debug-debuginfo-5.14.21-150400.24.103.1
    * kernel-debug-debugsource-5.14.21-150400.24.103.1
    * kernel-debug-livepatch-devel-5.14.21-150400.24.103.1
    * kernel-debug-devel-debuginfo-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
    * kernel-kvmsmall-debuginfo-5.14.21-150400.24.103.1
    * kernel-kvmsmall-devel-5.14.21-150400.24.103.1
    * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.103.1
    * kernel-kvmsmall-debugsource-5.14.21-150400.24.103.1
    * kernel-default-base-rebuild-5.14.21-150400.24.103.1.150400.24.48.1
    * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * kernel-default-optional-5.14.21-150400.24.103.1
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * reiserfs-kmp-default-5.14.21-150400.24.103.1
    * ocfs2-kmp-default-5.14.21-150400.24.103.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * cluster-md-kmp-default-5.14.21-150400.24.103.1
    * dlm-kmp-default-5.14.21-150400.24.103.1
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.103.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * gfs2-kmp-default-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-obs-qa-5.14.21-150400.24.103.1
    * kernel-default-extra-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * kernel-default-livepatch-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kselftests-kmp-default-5.14.21-150400.24.103.1
    * kernel-default-optional-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kselftests-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-extra-debuginfo-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-default-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
    * kernel-kvmsmall-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (ppc64le s390x x86_64)
    * kernel-livepatch-5_14_21-150400_24_103-default-1-150400.9.3.1
    * kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-1-150400.9.3.1
    * kernel-livepatch-SLE15-SP4_Update_22-debugsource-1-150400.9.3.1
  * openSUSE Leap 15.4 (nosrc s390x)
    * kernel-zfcpdump-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (s390x)
    * kernel-zfcpdump-debugsource-5.14.21-150400.24.103.1
    * kernel-zfcpdump-debuginfo-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (nosrc)
    * dtb-aarch64-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (aarch64)
    * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.103.1
    * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-extra-5.14.21-150400.24.103.1
    * dtb-socionext-5.14.21-150400.24.103.1
    * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.103.1
    * dtb-amazon-5.14.21-150400.24.103.1
    * dtb-freescale-5.14.21-150400.24.103.1
    * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.103.1
    * dtb-lg-5.14.21-150400.24.103.1
    * ocfs2-kmp-64kb-5.14.21-150400.24.103.1
    * dtb-mediatek-5.14.21-150400.24.103.1
    * dtb-hisilicon-5.14.21-150400.24.103.1
    * dtb-altera-5.14.21-150400.24.103.1
    * dlm-kmp-64kb-5.14.21-150400.24.103.1
    * dtb-sprd-5.14.21-150400.24.103.1
    * dtb-amlogic-5.14.21-150400.24.103.1
    * kernel-64kb-debugsource-5.14.21-150400.24.103.1
    * kernel-64kb-optional-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-livepatch-devel-5.14.21-150400.24.103.1
    * kernel-64kb-devel-5.14.21-150400.24.103.1
    * dtb-nvidia-5.14.21-150400.24.103.1
    * dtb-qcom-5.14.21-150400.24.103.1
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.103.1
    * gfs2-kmp-64kb-5.14.21-150400.24.103.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.103.1
    * reiserfs-kmp-64kb-5.14.21-150400.24.103.1
    * dtb-xilinx-5.14.21-150400.24.103.1
    * dtb-apm-5.14.21-150400.24.103.1
    * dtb-apple-5.14.21-150400.24.103.1
    * dtb-marvell-5.14.21-150400.24.103.1
    * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-extra-debuginfo-5.14.21-150400.24.103.1
    * dtb-renesas-5.14.21-150400.24.103.1
    * dtb-rockchip-5.14.21-150400.24.103.1
    * kernel-64kb-optional-5.14.21-150400.24.103.1
    * kselftests-kmp-64kb-5.14.21-150400.24.103.1
    * dtb-amd-5.14.21-150400.24.103.1
    * dtb-arm-5.14.21-150400.24.103.1
    * dtb-cavium-5.14.21-150400.24.103.1
    * dtb-allwinner-5.14.21-150400.24.103.1
    * dtb-exynos-5.14.21-150400.24.103.1
    * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.103.1
    * dtb-broadcom-5.14.21-150400.24.103.1
    * cluster-md-kmp-64kb-5.14.21-150400.24.103.1
  * openSUSE Leap 15.4 (aarch64 nosrc)
    * kernel-64kb-5.14.21-150400.24.103.1
  * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * openSUSE Leap Micro 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * openSUSE Leap Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
    * kernel-livepatch-5_14_21-150400_24_103-default-1-150400.9.3.1
    * kernel-default-livepatch-devel-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-default-livepatch-5.14.21-150400.24.103.1
    * kernel-livepatch-5_14_21-150400_24_103-default-debuginfo-1-150400.9.3.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-livepatch-SLE15-SP4_Update_22-debugsource-1-150400.9.3.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
    s390x x86_64)
    * dlm-kmp-default-5.14.21-150400.24.103.1
    * dlm-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * gfs2-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * ocfs2-kmp-default-5.14.21-150400.24.103.1
    * gfs2-kmp-default-5.14.21-150400.24.103.1
    * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * cluster-md-kmp-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    nosrc)
    * kernel-64kb-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
    * kernel-64kb-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-debugsource-5.14.21-150400.24.103.1
    * kernel-64kb-debuginfo-5.14.21-150400.24.103.1
    * kernel-64kb-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
    x86_64)
    * kernel-default-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
    x86_64)
    * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-obs-build-5.14.21-150400.24.103.1
    * kernel-default-debugsource-5.14.21-150400.24.103.1
    * kernel-obs-build-debugsource-5.14.21-150400.24.103.1
    * reiserfs-kmp-default-5.14.21-150400.24.103.1
    * kernel-default-devel-5.14.21-150400.24.103.1
    * kernel-syms-5.14.21-150400.24.103.1
    * kernel-default-devel-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-debuginfo-5.14.21-150400.24.103.1
    * kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    * kernel-source-5.14.21-150400.24.103.1
    * kernel-macros-5.14.21-150400.24.103.1
    * kernel-devel-5.14.21-150400.24.103.1
  * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
    * kernel-docs-5.14.21-150400.24.103.1

## References:

  * https://www.suse.com/security/cve/CVE-2020-26555.html
  * https://www.suse.com/security/cve/CVE-2023-51779.html
  * https://www.suse.com/security/cve/CVE-2023-6121.html
  * https://www.suse.com/security/cve/CVE-2023-6531.html
  * https://www.suse.com/security/cve/CVE-2023-6546.html
  * https://www.suse.com/security/cve/CVE-2023-6606.html
  * https://www.suse.com/security/cve/CVE-2023-6610.html
  * https://www.suse.com/security/cve/CVE-2023-6622.html
  * https://www.suse.com/security/cve/CVE-2023-6931.html
  * https://www.suse.com/security/cve/CVE-2023-6932.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1179610
  * https://bugzilla.suse.com/show_bug.cgi?id=1183045
  * https://bugzilla.suse.com/show_bug.cgi?id=1193285
  * https://bugzilla.suse.com/show_bug.cgi?id=1211162
  * https://bugzilla.suse.com/show_bug.cgi?id=1211226
  * https://bugzilla.suse.com/show_bug.cgi?id=1212584
  * https://bugzilla.suse.com/show_bug.cgi?id=1214747
  * https://bugzilla.suse.com/show_bug.cgi?id=1214823
  * https://bugzilla.suse.com/show_bug.cgi?id=1215237
  * https://bugzilla.suse.com/show_bug.cgi?id=1215696
  * https://bugzilla.suse.com/show_bug.cgi?id=1215885
  * https://bugzilla.suse.com/show_bug.cgi?id=1216057
  * https://bugzilla.suse.com/show_bug.cgi?id=1216559
  * https://bugzilla.suse.com/show_bug.cgi?id=1216776
  * https://bugzilla.suse.com/show_bug.cgi?id=1217036
  * https://bugzilla.suse.com/show_bug.cgi?id=1217217
  * https://bugzilla.suse.com/show_bug.cgi?id=1217250
  * https://bugzilla.suse.com/show_bug.cgi?id=1217602
  * https://bugzilla.suse.com/show_bug.cgi?id=1217692
  * https://bugzilla.suse.com/show_bug.cgi?id=1217790
  * https://bugzilla.suse.com/show_bug.cgi?id=1217801
  * https://bugzilla.suse.com/show_bug.cgi?id=1217933
  * https://bugzilla.suse.com/show_bug.cgi?id=1217938
  * https://bugzilla.suse.com/show_bug.cgi?id=1217946
  * https://bugzilla.suse.com/show_bug.cgi?id=1217947
  * https://bugzilla.suse.com/show_bug.cgi?id=1217980
  * https://bugzilla.suse.com/show_bug.cgi?id=1217981
  * https://bugzilla.suse.com/show_bug.cgi?id=1217982
  * https://bugzilla.suse.com/show_bug.cgi?id=1218056
  * https://bugzilla.suse.com/show_bug.cgi?id=1218139
  * https://bugzilla.suse.com/show_bug.cgi?id=1218184
  * https://bugzilla.suse.com/show_bug.cgi?id=1218234
  * https://bugzilla.suse.com/show_bug.cgi?id=1218253
  * https://bugzilla.suse.com/show_bug.cgi?id=1218258
  * https://bugzilla.suse.com/show_bug.cgi?id=1218335
  * https://bugzilla.suse.com/show_bug.cgi?id=1218357
  * https://bugzilla.suse.com/show_bug.cgi?id=1218447
  * https://bugzilla.suse.com/show_bug.cgi?id=1218515
  * https://bugzilla.suse.com/show_bug.cgi?id=1218559
  * https://bugzilla.suse.com/show_bug.cgi?id=1218569
  * https://bugzilla.suse.com/show_bug.cgi?id=1218659
  * https://jira.suse.com/browse/PED-3459
  * https://jira.suse.com/browse/PED-5021
  * https://jira.suse.com/browse/PED-7322

SUSE: 2024:0156-1 important: the Linux Kernel

January 18, 2024
* bsc#1179610 * bsc#1183045 * bsc#1193285 * bsc#1211162 * bsc#1211226

Summary

## The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). * CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). * CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). * CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). * CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). * CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). * CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). * CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: * Reviewed and added more information to README.SUSE (jsc#PED-5021). * Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). * Drop drm/bridge lt9611uxc patches that have been reverted on stable trees * KVM: s390/mm: Properly reset no-dat (bsc#1218056). * KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). * KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). * NFS: Fix O_DIRECT locking issues (bsc#1211162). * NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * NFS: Fix a potential data corruption (bsc#1211162). * NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). * NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). * Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459) * block: fix revalidate performance regression (bsc#1216057). * bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). * ceph: fix type promotion bug on 32bit systems (bsc#1217982). * clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). * clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). * clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). * clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). * clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). * clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). * clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). * clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). * dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). * fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). * libceph: use kernel_connect() (bsc#1217981). * mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). * net/smc: Fix pos miscalculation in statistics (bsc#1218139). * net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). * nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). * s390/vx: fix save/restore of fpu kernel context (bsc#1218357). * scsi: lpfc: use unsigned type for num_sge (bsc#1214747). * swiotlb: fix a braino in the alignment check fix (bsc#1216559). * swiotlb: fix slot alignment checks (bsc#1216559). * tracing: Disable preemption when using the filter buffer (bsc#1217036). * tracing: Fix a possible race when disabling buffered events (bsc#1217036). * tracing: Fix a warning when allocating buffered events fails (bsc#1217036). * tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). * tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). * tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). * uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). * vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). * x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). * x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). * x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). * x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).

References

* bsc#1179610

* bsc#1183045

* bsc#1193285

* bsc#1211162

* bsc#1211226

* bsc#1212584

* bsc#1214747

* bsc#1214823

* bsc#1215237

* bsc#1215696

* bsc#1215885

* bsc#1216057

* bsc#1216559

* bsc#1216776

* bsc#1217036

* bsc#1217217

* bsc#1217250

* bsc#1217602

* bsc#1217692

* bsc#1217790

* bsc#1217801

* bsc#1217933

* bsc#1217938

* bsc#1217946

* bsc#1217947

* bsc#1217980

* bsc#1217981

* bsc#1217982

* bsc#1218056

* bsc#1218139

* bsc#1218184

* bsc#1218234

* bsc#1218253

* bsc#1218258

* bsc#1218335

* bsc#1218357

* bsc#1218447

* bsc#1218515

* bsc#1218559

* bsc#1218569

* bsc#1218659

* jsc#PED-3459

* jsc#PED-5021

* jsc#PED-7322

Cross-

* CVE-2020-26555

* CVE-2023-51779

* CVE-2023-6121

* CVE-2023-6531

* CVE-2023-6546

* CVE-2023-6606

* CVE-2023-6610

* CVE-2023-6622

* CVE-2023-6931

* CVE-2023-6932

CVSS scores:

* CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6121 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2023-6121 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6546 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6606 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

* CVE-2023-6606 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

* CVE-2023-6610 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

* CVE-2023-6610 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

* CVE-2023-6622 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-6622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4

* openSUSE Leap Micro 5.3

* openSUSE Leap Micro 5.4

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise High Availability Extension 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

* SUSE Linux Enterprise Live Patching 15-SP4

* SUSE Linux Enterprise Micro 5.3

* SUSE Linux Enterprise Micro 5.4

* SUSE Linux Enterprise Micro for Rancher 5.3

* SUSE Linux Enterprise Micro for Rancher 5.4

* SUSE Linux Enterprise Real Time 15 SP4

* SUSE Linux Enterprise Server 15 SP4

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

* SUSE Manager Proxy 4.3

* SUSE Manager Retail Branch Server 4.3

* SUSE Manager Server 4.3

An update that solves 10 vulnerabilities, contains three features and has 31

security fixes can now be installed.

##

* https://www.suse.com/security/cve/CVE-2020-26555.html

* https://www.suse.com/security/cve/CVE-2023-51779.html

* https://www.suse.com/security/cve/CVE-2023-6121.html

* https://www.suse.com/security/cve/CVE-2023-6531.html

* https://www.suse.com/security/cve/CVE-2023-6546.html

* https://www.suse.com/security/cve/CVE-2023-6606.html

* https://www.suse.com/security/cve/CVE-2023-6610.html

* https://www.suse.com/security/cve/CVE-2023-6622.html

* https://www.suse.com/security/cve/CVE-2023-6931.html

* https://www.suse.com/security/cve/CVE-2023-6932.html

* https://bugzilla.suse.com/show_bug.cgi?id=1179610

* https://bugzilla.suse.com/show_bug.cgi?id=1183045

* https://bugzilla.suse.com/show_bug.cgi?id=1193285

* https://bugzilla.suse.com/show_bug.cgi?id=1211162

* https://bugzilla.suse.com/show_bug.cgi?id=1211226

* https://bugzilla.suse.com/show_bug.cgi?id=1212584

* https://bugzilla.suse.com/show_bug.cgi?id=1214747

* https://bugzilla.suse.com/show_bug.cgi?id=1214823

* https://bugzilla.suse.com/show_bug.cgi?id=1215237

* https://bugzilla.suse.com/show_bug.cgi?id=1215696

* https://bugzilla.suse.com/show_bug.cgi?id=1215885

* https://bugzilla.suse.com/show_bug.cgi?id=1216057

* https://bugzilla.suse.com/show_bug.cgi?id=1216559

* https://bugzilla.suse.com/show_bug.cgi?id=1216776

* https://bugzilla.suse.com/show_bug.cgi?id=1217036

* https://bugzilla.suse.com/show_bug.cgi?id=1217217

* https://bugzilla.suse.com/show_bug.cgi?id=1217250

* https://bugzilla.suse.com/show_bug.cgi?id=1217602

* https://bugzilla.suse.com/show_bug.cgi?id=1217692

* https://bugzilla.suse.com/show_bug.cgi?id=1217790

* https://bugzilla.suse.com/show_bug.cgi?id=1217801

* https://bugzilla.suse.com/show_bug.cgi?id=1217933

* https://bugzilla.suse.com/show_bug.cgi?id=1217938

* https://bugzilla.suse.com/show_bug.cgi?id=1217946

* https://bugzilla.suse.com/show_bug.cgi?id=1217947

* https://bugzilla.suse.com/show_bug.cgi?id=1217980

* https://bugzilla.suse.com/show_bug.cgi?id=1217981

* https://bugzilla.suse.com/show_bug.cgi?id=1217982

* https://bugzilla.suse.com/show_bug.cgi?id=1218056

* https://bugzilla.suse.com/show_bug.cgi?id=1218139

* https://bugzilla.suse.com/show_bug.cgi?id=1218184

* https://bugzilla.suse.com/show_bug.cgi?id=1218234

* https://bugzilla.suse.com/show_bug.cgi?id=1218253

* https://bugzilla.suse.com/show_bug.cgi?id=1218258

* https://bugzilla.suse.com/show_bug.cgi?id=1218335

* https://bugzilla.suse.com/show_bug.cgi?id=1218357

* https://bugzilla.suse.com/show_bug.cgi?id=1218447

* https://bugzilla.suse.com/show_bug.cgi?id=1218515

* https://bugzilla.suse.com/show_bug.cgi?id=1218559

* https://bugzilla.suse.com/show_bug.cgi?id=1218569

* https://bugzilla.suse.com/show_bug.cgi?id=1218659

* https://jira.suse.com/browse/PED-3459

* https://jira.suse.com/browse/PED-5021

* https://jira.suse.com/browse/PED-7322

Severity
Announcement ID: SUSE-SU-2024:0156-1
Rating: important

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo