openSUSE Updates
Threads by month
- ----- 2025 -----
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
March 2024
- 3 participants
- 85 discussions
13 Mar '24
# Recommended update for fence-agents
Announcement ID: SUSE-RU-2024:0867-1
Rating: moderate
References:
* bsc#1218718
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that has one fix can now be installed.
## Description:
This update for fence-agents fixes the following issues:
* Fix detecting problems accessing the fence device (bsc#1218718)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-867=1 openSUSE-SLE-15.5-2024-867=1
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-867=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* fence-agents-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-debugsource-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-debuginfo-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-devel-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-amt_ws-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* fence-agents-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-devel-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-debuginfo-4.12.1+git.1677142927.bf55c675-150500.4.6.1
* fence-agents-debugsource-4.12.1+git.1677142927.bf55c675-150500.4.6.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1218718
1
0
13 Mar '24
# Recommended update for lttng-tools
Announcement ID: SUSE-RU-2024:0868-1
Rating: moderate
References:
* bsc#1218508
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that has one fix can now be installed.
## Description:
This update for lttng-tools fixes the following issues:
* Fix UST communication when -EAGAIN is returned which leads to lttng-sessiond
abort (bsc#1218508)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-868=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-868=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-868=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-868=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-868=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le x86_64 i586)
* liblttng-ctl0-debuginfo-2.12.2-150300.3.3.1
* lttng-tools-debugsource-2.12.2-150300.3.3.1
* lttng-tools-debuginfo-2.12.2-150300.3.3.1
* lttng-tools-devel-2.12.2-150300.3.3.1
* liblttng-ctl0-2.12.2-150300.3.3.1
* lttng-tools-2.12.2-150300.3.3.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* liblttng-ctl0-debuginfo-2.12.2-150300.3.3.1
* lttng-tools-debugsource-2.12.2-150300.3.3.1
* lttng-tools-debuginfo-2.12.2-150300.3.3.1
* lttng-tools-devel-2.12.2-150300.3.3.1
* liblttng-ctl0-2.12.2-150300.3.3.1
* lttng-tools-2.12.2-150300.3.3.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* liblttng-ctl0-debuginfo-2.12.2-150300.3.3.1
* lttng-tools-debugsource-2.12.2-150300.3.3.1
* lttng-tools-debuginfo-2.12.2-150300.3.3.1
* liblttng-ctl0-2.12.2-150300.3.3.1
* lttng-tools-2.12.2-150300.3.3.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* liblttng-ctl0-debuginfo-2.12.2-150300.3.3.1
* liblttng-ctl0-2.12.2-150300.3.3.1
* lttng-tools-debugsource-2.12.2-150300.3.3.1
* lttng-tools-debuginfo-2.12.2-150300.3.3.1
* Development Tools Module 15-SP5 (x86_64)
* lttng-tools-debuginfo-2.12.2-150300.3.3.1
* lttng-tools-devel-2.12.2-150300.3.3.1
* lttng-tools-debugsource-2.12.2-150300.3.3.1
* lttng-tools-2.12.2-150300.3.3.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1218508
1
0
13 Mar '24
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0857-1
Rating: important
References:
* bsc#1200599
* bsc#1207653
* bsc#1212514
* bsc#1213456
* bsc#1216223
* bsc#1218195
* bsc#1218689
* bsc#1218915
* bsc#1219127
* bsc#1219128
* bsc#1219146
* bsc#1219295
* bsc#1219653
* bsc#1219827
* bsc#1219835
* bsc#1219915
* bsc#1220009
* bsc#1220140
* bsc#1220187
* bsc#1220238
* bsc#1220240
* bsc#1220241
* bsc#1220243
* bsc#1220250
* bsc#1220253
* bsc#1220255
* bsc#1220328
* bsc#1220330
* bsc#1220344
* bsc#1220398
* bsc#1220409
* bsc#1220416
* bsc#1220418
* bsc#1220421
* bsc#1220436
* bsc#1220444
* bsc#1220459
* bsc#1220469
* bsc#1220482
* bsc#1220526
* bsc#1220538
* bsc#1220570
* bsc#1220572
* bsc#1220599
* bsc#1220627
* bsc#1220641
* bsc#1220649
* bsc#1220660
* bsc#1220689
* bsc#1220700
* bsc#1220735
* bsc#1220736
* bsc#1220737
* bsc#1220742
* bsc#1220745
* bsc#1220767
* bsc#1220796
* bsc#1220825
* bsc#1220826
* bsc#1220831
* bsc#1220845
* bsc#1220860
* bsc#1220863
* bsc#1220870
* bsc#1220917
* bsc#1220918
* bsc#1220930
* bsc#1220931
* bsc#1220932
* bsc#1221039
* bsc#1221040
Cross-References:
* CVE-2019-25162
* CVE-2020-36777
* CVE-2020-36784
* CVE-2021-46904
* CVE-2021-46905
* CVE-2021-46906
* CVE-2021-46915
* CVE-2021-46924
* CVE-2021-46929
* CVE-2021-46932
* CVE-2021-46934
* CVE-2021-46953
* CVE-2021-46964
* CVE-2021-46966
* CVE-2021-46968
* CVE-2021-46974
* CVE-2021-46989
* CVE-2021-47005
* CVE-2021-47012
* CVE-2021-47013
* CVE-2021-47054
* CVE-2021-47060
* CVE-2021-47061
* CVE-2021-47069
* CVE-2021-47076
* CVE-2021-47078
* CVE-2021-47083
* CVE-2022-20154
* CVE-2022-48627
* CVE-2023-28746
* CVE-2023-35827
* CVE-2023-46343
* CVE-2023-51042
* CVE-2023-52340
* CVE-2023-52429
* CVE-2023-52439
* CVE-2023-52443
* CVE-2023-52445
* CVE-2023-52448
* CVE-2023-52449
* CVE-2023-52451
* CVE-2023-52463
* CVE-2023-52475
* CVE-2023-52478
* CVE-2023-52482
* CVE-2023-52502
* CVE-2023-52530
* CVE-2023-52531
* CVE-2023-52532
* CVE-2023-52569
* CVE-2023-52574
* CVE-2023-52597
* CVE-2023-52605
* CVE-2023-6817
* CVE-2024-0340
* CVE-2024-0607
* CVE-2024-1151
* CVE-2024-23849
* CVE-2024-23851
* CVE-2024-26585
* CVE-2024-26586
* CVE-2024-26589
* CVE-2024-26593
* CVE-2024-26595
* CVE-2024-26602
* CVE-2024-26607
* CVE-2024-26622
CVSS scores:
* CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46905 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-46934 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46968 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-47005 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47012 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47060 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47061 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-47083 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26607 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves 67 vulnerabilities and has four security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.
The following security bugs were fixed:
* CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220831).
* CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
PTR_TO_FLOW_KEYS (bsc#1220255).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220187).
* CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
* CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
(bsc#1218915).
* CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
* CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
* CVE-2021-46932: Fixed missing work initialization before device registration
(bsc#1220444)
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238).
* CVE-2023-52475: Fixed use-after-free in powermate_config_complete
(bsc#1220649)
* CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
* CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init
(bsc#1220436).
* CVE-2021-46924: Fixed fix memory leak in device probe and remove
(bsc#1220459)
* CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
* CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails
(bsc#1220570).
* CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
* CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge()
(CVE-2023-46343).
* CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
* CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
* CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
* CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
* CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send
(bsc#1220641).
* CVE-2024-26586: Fixed stack corruption (bsc#1220243).
* CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
* CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253).
* CVE-2024-1151: Fixed unlimited number of recursions from action sets
(bsc#1219835).
* CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127).
* CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
(bsc#1218689).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed
(bsc#1220863)
* CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was
supplied (bsc#1220860)
* CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
* CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to
insert delayed dir index item (bsc#1220918).
* CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors
(bsc#1220735).
* CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
* CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer
(bsc#1220845).
* CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
* CVE-2021-46934: Fixed a bug by validating user data in compat ioctl
(bsc#1220469).
* CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work()
(bsc#1212514).
* CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
* CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
(bsc#1220930).
* CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
* CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek:
(bsc#1220917).
* CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
* CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features()
(bsc#1220660).
* CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones
if the bus is destroyed (bsc#1220742).
* CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
* CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate
in hfsplus (bsc#1220737).
* CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister
failure _after_ sync'ing SRCU (bsc#1220745).
The following non-security bugs were fixed:
* EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
* ext4: fix deadlock due to mbcache entry corruption (bsc#1207653
bsc#1219915).
* ibmvfc: make 'max_sectors' a module option (bsc#1216223).
* KVM: Destroy target device if coalesced MMIO unregistration fails (git-
fixes).
* KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio
(git-fixes).
* KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
* KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-
fixes).
* KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(git-fixes).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
* scsi: Update max_hw_sectors on rescan (bsc#1216223).
* x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
* x86/bugs: Add asm helpers for executing VERW (git-fixes).
* x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-
fixes). Also add the removed mds_user_clear symbol to kABI severities as it
is exposed just for KVM module and is generally a core kernel component so
removing it is low risk.
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
* x86/entry_32: Add VERW just before userspace transition (git-fixes).
* x86/entry_64: Add VERW just before userspace transition (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-857=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-857=1
* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-857=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-857=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-857=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-857=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-857=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-857=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-857=1
## Package List:
* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (noarch)
* kernel-devel-5.3.18-150300.59.153.2
* kernel-docs-html-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-source-5.3.18-150300.59.153.2
* kernel-source-vanilla-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-kvmsmall-5.3.18-150300.59.153.2
* kernel-debug-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.3.18-150300.59.153.2
* kernel-debug-debuginfo-5.3.18-150300.59.153.2
* kernel-kvmsmall-devel-5.3.18-150300.59.153.2
* kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.153.2
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.153.2
* kernel-kvmsmall-debugsource-5.3.18-150300.59.153.2
* kernel-debug-livepatch-devel-5.3.18-150300.59.153.2
* kernel-debug-devel-5.3.18-150300.59.153.2
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.153.2
* kernel-debug-debugsource-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* dlm-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-livepatch-devel-5.3.18-150300.59.153.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-extra-debuginfo-5.3.18-150300.59.153.2
* kernel-obs-build-5.3.18-150300.59.153.2
* kernel-obs-qa-5.3.18-150300.59.153.1
* kernel-default-optional-5.3.18-150300.59.153.2
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kselftests-kmp-default-5.3.18-150300.59.153.2
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.153.2
* cluster-md-kmp-default-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-extra-5.3.18-150300.59.153.2
* dlm-kmp-default-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-default-livepatch-5.3.18-150300.59.153.2
* kernel-syms-5.3.18-150300.59.153.1
* kernel-default-debugsource-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-default-5.3.18-150300.59.153.2
* kernel-default-optional-debuginfo-5.3.18-150300.59.153.2
* ocfs2-kmp-default-5.3.18-150300.59.153.2
* kernel-default-base-rebuild-5.3.18-150300.59.153.2.150300.18.90.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_153-default-1-150300.7.3.2
* kernel-livepatch-SLE15-SP3_Update_42-debugsource-1-150300.7.3.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_153-preempt-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-1-150300.7.3.2
* openSUSE Leap 15.3 (aarch64 x86_64)
* kselftests-kmp-preempt-5.3.18-150300.59.153.2
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-optional-5.3.18-150300.59.153.2
* dlm-kmp-preempt-5.3.18-150300.59.153.2
* ocfs2-kmp-preempt-5.3.18-150300.59.153.2
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-extra-5.3.18-150300.59.153.2
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-preempt-5.3.18-150300.59.153.2
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-preempt-5.3.18-150300.59.153.2
* cluster-md-kmp-preempt-5.3.18-150300.59.153.2
* kernel-preempt-livepatch-devel-5.3.18-150300.59.153.2
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.153.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.153.1
* openSUSE Leap 15.3 (aarch64)
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-sprd-5.3.18-150300.59.153.1
* dtb-exynos-5.3.18-150300.59.153.1
* dtb-zte-5.3.18-150300.59.153.1
* dtb-broadcom-5.3.18-150300.59.153.1
* gfs2-kmp-64kb-5.3.18-150300.59.153.2
* reiserfs-kmp-64kb-5.3.18-150300.59.153.2
* kernel-64kb-extra-5.3.18-150300.59.153.2
* ocfs2-kmp-64kb-5.3.18-150300.59.153.2
* kselftests-kmp-64kb-5.3.18-150300.59.153.2
* dtb-cavium-5.3.18-150300.59.153.1
* dtb-socionext-5.3.18-150300.59.153.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.153.2
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-rockchip-5.3.18-150300.59.153.1
* cluster-md-kmp-64kb-5.3.18-150300.59.153.2
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-allwinner-5.3.18-150300.59.153.1
* dtb-hisilicon-5.3.18-150300.59.153.1
* dtb-amlogic-5.3.18-150300.59.153.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dlm-kmp-64kb-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-nvidia-5.3.18-150300.59.153.1
* kernel-64kb-livepatch-devel-5.3.18-150300.59.153.2
* dtb-qcom-5.3.18-150300.59.153.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.153.2
* dtb-mediatek-5.3.18-150300.59.153.1
* dtb-arm-5.3.18-150300.59.153.1
* dtb-apm-5.3.18-150300.59.153.1
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-optional-5.3.18-150300.59.153.2
* dtb-altera-5.3.18-150300.59.153.1
* dtb-renesas-5.3.18-150300.59.153.1
* dtb-marvell-5.3.18-150300.59.153.1
* kernel-64kb-devel-5.3.18-150300.59.153.2
* dtb-xilinx-5.3.18-150300.59.153.1
* dtb-lg-5.3.18-150300.59.153.1
* dtb-al-5.3.18-150300.59.153.1
* dtb-freescale-5.3.18-150300.59.153.1
* dtb-amd-5.3.18-150300.59.153.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.153.2
* kernel-default-livepatch-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* kernel-livepatch-5_3_18-150300_59_153-default-1-150300.7.3.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.153.2
* cluster-md-kmp-default-5.3.18-150300.59.153.2
* gfs2-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* dlm-kmp-default-5.3.18-150300.59.153.2
* ocfs2-kmp-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-devel-5.3.18-150300.59.153.2
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-devel-5.3.18-150300.59.153.2
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.153.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-devel-5.3.18-150300.59.153.2
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* kernel-default-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
## References:
* https://www.suse.com/security/cve/CVE-2019-25162.html
* https://www.suse.com/security/cve/CVE-2020-36777.html
* https://www.suse.com/security/cve/CVE-2020-36784.html
* https://www.suse.com/security/cve/CVE-2021-46904.html
* https://www.suse.com/security/cve/CVE-2021-46905.html
* https://www.suse.com/security/cve/CVE-2021-46906.html
* https://www.suse.com/security/cve/CVE-2021-46915.html
* https://www.suse.com/security/cve/CVE-2021-46924.html
* https://www.suse.com/security/cve/CVE-2021-46929.html
* https://www.suse.com/security/cve/CVE-2021-46932.html
* https://www.suse.com/security/cve/CVE-2021-46934.html
* https://www.suse.com/security/cve/CVE-2021-46953.html
* https://www.suse.com/security/cve/CVE-2021-46964.html
* https://www.suse.com/security/cve/CVE-2021-46966.html
* https://www.suse.com/security/cve/CVE-2021-46968.html
* https://www.suse.com/security/cve/CVE-2021-46974.html
* https://www.suse.com/security/cve/CVE-2021-46989.html
* https://www.suse.com/security/cve/CVE-2021-47005.html
* https://www.suse.com/security/cve/CVE-2021-47012.html
* https://www.suse.com/security/cve/CVE-2021-47013.html
* https://www.suse.com/security/cve/CVE-2021-47054.html
* https://www.suse.com/security/cve/CVE-2021-47060.html
* https://www.suse.com/security/cve/CVE-2021-47061.html
* https://www.suse.com/security/cve/CVE-2021-47069.html
* https://www.suse.com/security/cve/CVE-2021-47076.html
* https://www.suse.com/security/cve/CVE-2021-47078.html
* https://www.suse.com/security/cve/CVE-2021-47083.html
* https://www.suse.com/security/cve/CVE-2022-20154.html
* https://www.suse.com/security/cve/CVE-2022-48627.html
* https://www.suse.com/security/cve/CVE-2023-28746.html
* https://www.suse.com/security/cve/CVE-2023-35827.html
* https://www.suse.com/security/cve/CVE-2023-46343.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52429.html
* https://www.suse.com/security/cve/CVE-2023-52439.html
* https://www.suse.com/security/cve/CVE-2023-52443.html
* https://www.suse.com/security/cve/CVE-2023-52445.html
* https://www.suse.com/security/cve/CVE-2023-52448.html
* https://www.suse.com/security/cve/CVE-2023-52449.html
* https://www.suse.com/security/cve/CVE-2023-52451.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52475.html
* https://www.suse.com/security/cve/CVE-2023-52478.html
* https://www.suse.com/security/cve/CVE-2023-52482.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52530.html
* https://www.suse.com/security/cve/CVE-2023-52531.html
* https://www.suse.com/security/cve/CVE-2023-52532.html
* https://www.suse.com/security/cve/CVE-2023-52569.html
* https://www.suse.com/security/cve/CVE-2023-52574.html
* https://www.suse.com/security/cve/CVE-2023-52597.html
* https://www.suse.com/security/cve/CVE-2023-52605.html
* https://www.suse.com/security/cve/CVE-2023-6817.html
* https://www.suse.com/security/cve/CVE-2024-0340.html
* https://www.suse.com/security/cve/CVE-2024-0607.html
* https://www.suse.com/security/cve/CVE-2024-1151.html
* https://www.suse.com/security/cve/CVE-2024-23849.html
* https://www.suse.com/security/cve/CVE-2024-23851.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26586.html
* https://www.suse.com/security/cve/CVE-2024-26589.html
* https://www.suse.com/security/cve/CVE-2024-26593.html
* https://www.suse.com/security/cve/CVE-2024-26595.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26607.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200599
* https://bugzilla.suse.com/show_bug.cgi?id=1207653
* https://bugzilla.suse.com/show_bug.cgi?id=1212514
* https://bugzilla.suse.com/show_bug.cgi?id=1213456
* https://bugzilla.suse.com/show_bug.cgi?id=1216223
* https://bugzilla.suse.com/show_bug.cgi?id=1218195
* https://bugzilla.suse.com/show_bug.cgi?id=1218689
* https://bugzilla.suse.com/show_bug.cgi?id=1218915
* https://bugzilla.suse.com/show_bug.cgi?id=1219127
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219146
* https://bugzilla.suse.com/show_bug.cgi?id=1219295
* https://bugzilla.suse.com/show_bug.cgi?id=1219653
* https://bugzilla.suse.com/show_bug.cgi?id=1219827
* https://bugzilla.suse.com/show_bug.cgi?id=1219835
* https://bugzilla.suse.com/show_bug.cgi?id=1219915
* https://bugzilla.suse.com/show_bug.cgi?id=1220009
* https://bugzilla.suse.com/show_bug.cgi?id=1220140
* https://bugzilla.suse.com/show_bug.cgi?id=1220187
* https://bugzilla.suse.com/show_bug.cgi?id=1220238
* https://bugzilla.suse.com/show_bug.cgi?id=1220240
* https://bugzilla.suse.com/show_bug.cgi?id=1220241
* https://bugzilla.suse.com/show_bug.cgi?id=1220243
* https://bugzilla.suse.com/show_bug.cgi?id=1220250
* https://bugzilla.suse.com/show_bug.cgi?id=1220253
* https://bugzilla.suse.com/show_bug.cgi?id=1220255
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220330
* https://bugzilla.suse.com/show_bug.cgi?id=1220344
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220409
* https://bugzilla.suse.com/show_bug.cgi?id=1220416
* https://bugzilla.suse.com/show_bug.cgi?id=1220418
* https://bugzilla.suse.com/show_bug.cgi?id=1220421
* https://bugzilla.suse.com/show_bug.cgi?id=1220436
* https://bugzilla.suse.com/show_bug.cgi?id=1220444
* https://bugzilla.suse.com/show_bug.cgi?id=1220459
* https://bugzilla.suse.com/show_bug.cgi?id=1220469
* https://bugzilla.suse.com/show_bug.cgi?id=1220482
* https://bugzilla.suse.com/show_bug.cgi?id=1220526
* https://bugzilla.suse.com/show_bug.cgi?id=1220538
* https://bugzilla.suse.com/show_bug.cgi?id=1220570
* https://bugzilla.suse.com/show_bug.cgi?id=1220572
* https://bugzilla.suse.com/show_bug.cgi?id=1220599
* https://bugzilla.suse.com/show_bug.cgi?id=1220627
* https://bugzilla.suse.com/show_bug.cgi?id=1220641
* https://bugzilla.suse.com/show_bug.cgi?id=1220649
* https://bugzilla.suse.com/show_bug.cgi?id=1220660
* https://bugzilla.suse.com/show_bug.cgi?id=1220689
* https://bugzilla.suse.com/show_bug.cgi?id=1220700
* https://bugzilla.suse.com/show_bug.cgi?id=1220735
* https://bugzilla.suse.com/show_bug.cgi?id=1220736
* https://bugzilla.suse.com/show_bug.cgi?id=1220737
* https://bugzilla.suse.com/show_bug.cgi?id=1220742
* https://bugzilla.suse.com/show_bug.cgi?id=1220745
* https://bugzilla.suse.com/show_bug.cgi?id=1220767
* https://bugzilla.suse.com/show_bug.cgi?id=1220796
* https://bugzilla.suse.com/show_bug.cgi?id=1220825
* https://bugzilla.suse.com/show_bug.cgi?id=1220826
* https://bugzilla.suse.com/show_bug.cgi?id=1220831
* https://bugzilla.suse.com/show_bug.cgi?id=1220845
* https://bugzilla.suse.com/show_bug.cgi?id=1220860
* https://bugzilla.suse.com/show_bug.cgi?id=1220863
* https://bugzilla.suse.com/show_bug.cgi?id=1220870
* https://bugzilla.suse.com/show_bug.cgi?id=1220917
* https://bugzilla.suse.com/show_bug.cgi?id=1220918
* https://bugzilla.suse.com/show_bug.cgi?id=1220930
* https://bugzilla.suse.com/show_bug.cgi?id=1220931
* https://bugzilla.suse.com/show_bug.cgi?id=1220932
* https://bugzilla.suse.com/show_bug.cgi?id=1221039
* https://bugzilla.suse.com/show_bug.cgi?id=1221040
1
0
13 Mar '24
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0858-1
Rating: important
References:
* bsc#1194869
* bsc#1206453
* bsc#1209412
* bsc#1213456
* bsc#1216776
* bsc#1217927
* bsc#1218195
* bsc#1218216
* bsc#1218450
* bsc#1218527
* bsc#1218663
* bsc#1218915
* bsc#1219126
* bsc#1219127
* bsc#1219141
* bsc#1219146
* bsc#1219295
* bsc#1219443
* bsc#1219653
* bsc#1219827
* bsc#1219835
* bsc#1219839
* bsc#1219840
* bsc#1219934
* bsc#1220003
* bsc#1220009
* bsc#1220021
* bsc#1220030
* bsc#1220106
* bsc#1220140
* bsc#1220187
* bsc#1220238
* bsc#1220240
* bsc#1220241
* bsc#1220243
* bsc#1220250
* bsc#1220251
* bsc#1220253
* bsc#1220254
* bsc#1220255
* bsc#1220257
* bsc#1220267
* bsc#1220277
* bsc#1220317
* bsc#1220326
* bsc#1220328
* bsc#1220330
* bsc#1220335
* bsc#1220344
* bsc#1220348
* bsc#1220350
* bsc#1220364
* bsc#1220392
* bsc#1220393
* bsc#1220398
* bsc#1220409
* bsc#1220444
* bsc#1220457
* bsc#1220459
* bsc#1220649
* bsc#1220796
* bsc#1220825
* jsc#PED-7618
Cross-References:
* CVE-2019-25162
* CVE-2021-46923
* CVE-2021-46924
* CVE-2021-46932
* CVE-2023-28746
* CVE-2023-5197
* CVE-2023-52340
* CVE-2023-52429
* CVE-2023-52439
* CVE-2023-52443
* CVE-2023-52445
* CVE-2023-52447
* CVE-2023-52448
* CVE-2023-52449
* CVE-2023-52451
* CVE-2023-52452
* CVE-2023-52456
* CVE-2023-52457
* CVE-2023-52463
* CVE-2023-52464
* CVE-2023-52475
* CVE-2023-52478
* CVE-2023-6817
* CVE-2024-0607
* CVE-2024-1151
* CVE-2024-23849
* CVE-2024-23850
* CVE-2024-23851
* CVE-2024-25744
* CVE-2024-26585
* CVE-2024-26586
* CVE-2024-26589
* CVE-2024-26591
* CVE-2024-26593
* CVE-2024-26595
* CVE-2024-26598
* CVE-2024-26602
* CVE-2024-26603
* CVE-2024-26622
CVSS scores:
* CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-46923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52447 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52452 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52456 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52457 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23850 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves 39 vulnerabilities, contains one feature and has 23
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
* CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
* CVE-2021-46924: Fixed fix memory leak in device probe and remove
(bsc#1220459)
* CVE-2021-46932: Fixed missing work initialization before device registration
(bsc#1220444)
* CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
* CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from
chain bindings within the same transaction (bsc#1218216).
* CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
* CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-
table.c (bsc#1219827).
* CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
* CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
* CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
* CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
(bsc#1220251).
* CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253).
* CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238).
* CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
* CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
* CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
* CVE-2023-52457: Fixed skipped resource freeing if
pm_runtime_resume_and_get() failed (bsc#1220350).
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
* CVE-2023-52475: Fixed use-after-free in powermate_config_complete
(bsc#1220649)
* CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
* CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
* CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
(bsc#1218915).
* CVE-2024-1151: Fixed unlimited number of recursions from action sets
(bsc#1219835).
* CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127).
* CVE-2024-23850: Fixed double free of anonymous device after snapshot
creation failure (bsc#1219126).
* CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c
(bsc#1219146).
* CVE-2024-25744: Fixed Security issue with int 80 interrupt vector
(bsc#1217927).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220187).
* CVE-2024-26586: Fixed stack corruption (bsc#1220243).
* CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
PTR_TO_FLOW_KEYS (bsc#1220255).
* CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach
(bsc#1220254).
* CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
* CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
* CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
* CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
* CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
* acpi: apei: set memory failure flags as mf_action_required on synchronous
events (git-fixes).
* acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
* acpi: extlog: fix null pointer dereference check (git-fixes).
* acpi: resource: add asus model s5402za to quirks (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
* acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
* acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
* acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2
(git-fixes).
* acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371
amd version) (git-fixes).
* acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
* add reference to recently released cve
* afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-
fixes).
* afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
(git-fixes).
* afs: hide silly-rename files from userspace (git-fixes).
* afs: increase buffer size in afs_update_volume_status() (git-fixes).
* ahci: asm1166: correct count of reported ports (git-fixes).
* alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
* alsa: firewire-lib: fix to check cycle continuity (git-fixes).
* alsa: hda/conexant: add quirk for sws js201d (git-fixes).
* alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads
(git-fixes).
* alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
* alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-
fixes).
* alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
* alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
* alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
* alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
* alsa: hda/realtek: fix the external mic not being recognised for acer swift
1 sf114-32 (git-fixes).
* alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
* alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
* alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
* alsa: usb-audio: check presence of valid altsetting control (git-fixes).
* alsa: usb-audio: ignore clock selector errors for single connection (git-
fixes).
* alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
* alsa: usb-audio: sort quirk table entries (git-fixes).
* arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
* arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
* arm64: entry: simplify tramp_alias macro and tramp_exit routine
(bsc#1219443)
* arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443)
enable workaround.
* arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443)
enable workaround without kabi break.
* arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes)
enable ampere_erratum_ac03_cpu_38 workaround without kabi break
* arm64: irq: set the correct node for shadow call stack (git-fixes)
* arm64: irq: set the correct node for vmap stack (git-fixes)
* arm64: rename arm64_workaround_2966298 (bsc#1219443)
* arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-
fixes)
* asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
* asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
* asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
* asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
* atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
* bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
* bluetooth: enforce validation on max value of connection interval (git-
fixes).
* bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
* bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
* bluetooth: hci_sync: check the correct flag before starting a scan (git-
fixes).
* bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
* bluetooth: l2cap: fix possible multiple reject send (git-fixes).
* bluetooth: qca: fix wrong event type for patch config command (git-fixes).
* bpf: fix verification of indirect var-off stack access (git-fixes).
* bpf: guard stack limits against 32bit overflow (git-fixes).
* bpf: minor logging improvement (bsc#1220257).
* bus: moxtet: add spi device table (git-fixes).
* cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
* can: j1939: fix uaf in j1939_sk_match_filter during
setsockopt(so_j1939_filter) (git-fixes).
* crypto: api - disallow identical driver names (git-fixes).
* crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked
(git-fixes).
* crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
* crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
* dmaengine: fsl-qdma: fix a memory leak related to the queue command dma
(git-fixes).
* dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
* dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
* dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
* dmaengine: ptdma: use consistent dma masks (git-fixes).
* dmaengine: shdma: increase size of 'dev_id' (git-fixes).
* dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-
fixes).
* driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
* drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
* drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()'
(git-fixes).
* drm/amd/display: fix possible null dereference on device remove/driver
unload (git-fixes).
* drm/amd/display: increase frame-larger-than for all display_mode_vba files
(git-fixes).
* drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
* drm/amd/display: preserve original aspect ratio in create stream (git-
fixes).
* drm/amdgpu/display: initialize gamma correction mode variable in
dcn30_get_gamcor_current() (git-fixes).
* drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
* drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
* drm/buddy: fix range bias (git-fixes).
* drm/crtc: fix uninitialized variable use even harder (git-fixes).
* drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
* drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case
(git-fixes).
* drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-
fixes).
* drm/msms/dp: fixed link clock divider bits be over written in bpc unknown
case (git-fixes).
* drm/prime: support page array >= 4gb (git-fixes).
* drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set
(git-fixes).
* drm/ttm: fix an invalid freeing on already freed page in error path (git-
fixes).
* drop bcm5974 input patch causing a regression (bsc#1220030)
* efi/capsule-loader: fix incorrect allocation size (git-fixes).
* efi: do not add memblocks for soft-reserved memory (git-fixes).
* efi: runtime: fix potential overflow of soft-reserved region size (git-
fixes).
* fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
* fbdev: savage: error out if pixclock equals zero (git-fixes).
* fbdev: sis: error out if pixclock equals zero (git-fixes).
* firewire: core: send bus reset promptly on gap count error (git-fixes).
* fs: dlm: fix build with config_ipv6 disabled (git-fixes).
* fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
* gpio: 74x164: enable output pins after registers are reset (git-fixes).
* gpio: fix resource unwinding order in error path (git-fixes).
* gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
* gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-
fixes).
* hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
* hid: apple: add support for the 2021 magic keyboard (git-fixes).
* hid: wacom: do not register input devices until after hid_hw_start (git-
fixes).
* hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-
fixes).
* hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
* hwmon: (coretemp) enlarge per package core count limit (git-fixes).
* hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
* hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
* i2c: i801: fix block process call transactions (git-fixes).
* i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
* i2c: imx: add timer for handling the stop condition (git-fixes).
* i2c: imx: when being a target, mark the last read as processed (git-fixes).
* i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
* ib/hfi1: fix a memleak in init_credit_return (git-fixes)
* ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
* iio: accel: bma400: fix a compilation problem (git-fixes).
* iio: adc: ad7091r: set alert bit in config register (git-fixes).
* iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
* iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-
fixes).
* iio: magnetometer: rm3100: add boundary check for the value read from
rm3100_reg_tmrc (git-fixes).
* input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr()
(git-fixes).
* input: xpad - add lenovo legion go controllers (git-fixes).
* irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes).
* irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
* jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
* jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
* jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
* jfs: fix uaf in jfs_evict_inode (git-fixes).
* kbuild: fix changing elf file type for output of gen_btf for big endian
(git-fixes).
* kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
* kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
* kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
* kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
* kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-
fixes).
* lan78xx: enable auto speed configuration for lan7850 if no eeprom is
detected (git-fixes).
* leds: trigger: panic: do not register panic notifier if creating the trigger
failed (git-fixes).
* lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
* lib/stackdepot: add refcount for records (jsc-ped#7423).
* lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
* lib/stackdepot: move stack_record struct definition into the header (jsc-
ped#7423).
* libsubcmd: fix memory leak in uniq() (git-fixes).
* media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
* media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
* media: rc: bpf attach/detach requires write permission (git-fixes).
* media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
* media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
* mfd: syscon: fix null pointer dereference in of_syscon_register() (git-
fixes).
* mm,page_owner: display all stacks and their count (jsc-ped#7423).
* mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
* mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
* mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
* mm,page_owner: update documentation regarding page_owner_stacks (jsc-
ped#7423).
* mm/hwpoison: fix unpoison_memory() (bsc#1218663).
* mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
* mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
* mm: memory-failure: fix potential unexpected return value from
unpoison_memory() (git-fixes).
* mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
* mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
* mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
* mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
* mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
* mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
* modpost: trim leading spaces when processing source files list (git-fixes).
* mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
* net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
* netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
* nilfs2: fix data corruption in dsync block recovery for small block sizes
(git-fixes).
* nilfs2: replace warn_ons for invalid dat metadata block requests (git-
fixes).
* nouveau/svm: fix kvcalloc() argument order (git-fixes).
* nouveau: fix function cast warnings (git-fixes).
* ntfs: check overflow when iterating attr_records (git-fixes).
* ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
* nvme-fabrics: fix i/o connect error handling (git-fixes).
* nvme-host: fix the updating of the firmware version (git-fixes).
* pci/aer: decode requester id when no error info found (git-fixes).
* pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
* pci: add pci_header_type_mfd definition (bsc#1220021).
* pci: fix 64gt/s effective data rate calculation (git-fixes).
* pci: only override amd usb controller if required (git-fixes).
* pci: switchtec: fix stdev_release() crash after surprise hot remove (git-
fixes).
* platform/x86: thinkpad_acpi: only update profile if successfully converted
(git-fixes).
* platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet
(git-fixes).
* platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names
(git-fixes).
* pm: core: remove unnecessary (void *) conversions (git-fixes).
* pm: runtime: have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend() (git-fixes).
* pnp: acpi: fix fortify warning (git-fixes).
* power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
* powerpc/64: set task pt_regs->link to the lr value on scv entry
(bsc#1194869).
* powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
* powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser
(bsc#1220348).
* powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt
(bsc#1194869).
* powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features
(bsc#1220348).
* powerpc/watchpoint: disable pagefaults when getting user instruction
(bsc#1194869).
* powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
* powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
* powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
* powerpc: do not include lppaca.h in paca.h (bsc#1194869).
* pstore/ram: fix crash when setting number of cpus to an odd number (git-
fixes).
* ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
* ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
* ras: introduce a fru memory poison manager (jsc#ped-7618).
* rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
* rdma/bnxt_re: return error for srq resize (git-fixes)
* rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
* rdma/core: get ib width and speed from netdev (bsc#1219934).
* rdma/irdma: add ae for too many rnrs (git-fixes)
* rdma/irdma: fix kasan issue with tasklet (git-fixes)
* rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
* rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
* rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
* rdma/srpt: fix function pointer cast warnings (git-fixes)
* rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
* refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io
(bsc#1216776, bsc#1220277)
* regulator: core: only increment use_count when enable_count changes (git-
fixes).
* regulator: pwm-regulator: add validity checks in continuous .get_voltage
(git-fixes).
* revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-
fixes).
* revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
* revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
* rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
(bsc#1219653) they are put into -devel subpackage. and a proper link to
/usr/share/gdb/auto-load/ is created.
* s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes
bsc#1219840).
* s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
* sched/membarrier: reduce the ability to hammer on sys_membarrier (git-
fixes).
* scsi: core: move scsi_host_busy() out of host lock for waking up eh handler
(git-fixes).
* scsi: core: move scsi_host_busy() out of host lock if it is for per-command
(git-fixes).
* scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes
bsc#1219141).
* scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
* scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
* scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
* scsi: isci: fix an error code problem in isci_io_request_build() (git-
fixes).
* scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an
abts (bsc#1220021).
* scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric
nodes (bsc#1220021).
* scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
* scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
* scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
* scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
* scsi: lpfc: fix failure to delete vports when discovery is in progress
(bsc#1220021).
* scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
* scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list()
(bsc#1220021).
* scsi: lpfc: move handling of reset congestion statistics events
(bsc#1220021).
* scsi: lpfc: protect vport fc_nodes list with an explicit spin lock
(bsc#1220021).
* scsi: lpfc: remove d_id swap log message from trace event logger
(bsc#1220021).
* scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for
ndlps (bsc#1220021).
* scsi: lpfc: remove shost_lock protection for fc_host_port shost apis
(bsc#1220021).
* scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
* scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn
notifications (bsc#1220021).
* scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
* scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
* scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length
(bsc#1220021).
* scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
* scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git-
fixes bsc#1219141).
* serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
* spi-mxs: fix chipselect glitch (git-fixes).
* spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-
fixes).
* spi: ppc4xx: drop write-only variable (git-fixes).
* spi: sh-msiof: avoid integer overflow in constants (git-fixes).
* staging: iio: ad5933: fix type mismatch regression (git-fixes).
* supported.conf: remove external flag from ibm supported modules.
(bsc#1209412)
* tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
* tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
* topology/sysfs: add format parameter to macro defining "show" functions for
proc (jsc#ped-7618).
* topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
* tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
* ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
* usb: cdns3: fix memory double free when handle zero packet (git-fixes).
* usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-
fixes).
* usb: cdns3: modify the return value of cdns_set_active () to void when
config_pm_sleep is disabled (git-fixes).
* usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
* usb: cdns: readd old api (git-fixes).
* usb: cdnsp: blocked some cdns3 specific code (git-fixes).
* usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers
(git-fixes).
* usb: dwc3: gadget: do not disconnect if not started (git-fixes).
* usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
* usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
* usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
* usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api
(git-fixes).
* usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-
fixes).
* usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
* usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
* usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
* usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
* usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
* usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
* usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
* usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
* usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-
fixes).
* usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
* usb: gadget: udc: handle gadget_connect failure during bind operation (git-
fixes).
* usb: hub: check for alternate port before enabling a_alt_hnp_support
(bsc#1218527).
* usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
* usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-
fixes).
* usb: roles: fix null pointer issue when put module's reference (git-fixes).
* usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
* usb: serial: option: add fibocom fm101-gl variant (git-fixes).
* usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
* watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-
fixes).
* wifi: ath11k: fix registration of 6ghz-only phy without the full channel
range (git-fixes).
* wifi: ath9k: fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (git-fixes).
* wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
* wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
* wifi: iwlwifi: fix some error codes (git-fixes).
* wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
* wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-
fixes).
* wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
* wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
* wifi: nl80211: reject iftype change with mesh id change (git-fixes).
* wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
* wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
* wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
* wifi: wext-core: fix -wstringop-overflow warning in
ioctl_standard_iw_point() (git-fixes).
* x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
* x86/bugs: add asm helpers for executing verw (git-fixes).
* x86/bugs: use alternative() instead of mds_user_clear static key (git-
fixes). also add mds_user_clear to kabi severities since it's strictly
mitigation related so should be low risk.
* x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
* x86/entry_32: add verw just before userspace transition (git-fixes).
* x86/entry_64: add verw just before userspace transition (git-fixes).
* x86/mm: fix memory encryption features advertisement (bsc#1206453).
* xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
* xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-858=1 openSUSE-SLE-15.5-2024-858=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-858=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-858=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-858=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-858=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-858=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-858=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-858=1
## Package List:
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-vanilla-5.14.21-150500.55.52.1
* kernel-docs-html-5.14.21-150500.55.52.1
* kernel-devel-5.14.21-150500.55.52.1
* kernel-macros-5.14.21-150500.55.52.1
* kernel-source-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150500.55.52.1
* kernel-debug-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-debug-debuginfo-5.14.21-150500.55.52.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.52.1
* kernel-debug-devel-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-5.14.21-150500.55.52.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.52.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.52.1
* kernel-debug-vdso-5.14.21-150500.55.52.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.52.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.52.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.52.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.52.1
* kernel-kvmsmall-devel-5.14.21-150500.55.52.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-default-base-rebuild-5.14.21-150500.55.52.1.150500.6.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.52.1
* kernel-default-optional-5.14.21-150500.55.52.1
* dlm-kmp-default-5.14.21-150500.55.52.1
* kernel-default-livepatch-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.52.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.52.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-5.14.21-150500.55.52.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.52.1
* kernel-obs-qa-5.14.21-150500.55.52.1
* kernel-obs-build-5.14.21-150500.55.52.1
* kernel-syms-5.14.21-150500.55.52.1
* kernel-default-livepatch-devel-5.14.21-150500.55.52.1
* cluster-md-kmp-default-5.14.21-150500.55.52.1
* ocfs2-kmp-default-5.14.21-150500.55.52.1
* kernel-default-extra-5.14.21-150500.55.52.1
* reiserfs-kmp-default-5.14.21-150500.55.52.1
* kselftests-kmp-default-5.14.21-150500.55.52.1
* kernel-obs-build-debugsource-5.14.21-150500.55.52.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_52-default-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.52.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64)
* kernel-64kb-optional-5.14.21-150500.55.52.1
* dtb-qcom-5.14.21-150500.55.52.1
* dtb-amd-5.14.21-150500.55.52.1
* dtb-altera-5.14.21-150500.55.52.1
* dtb-socionext-5.14.21-150500.55.52.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* dtb-apple-5.14.21-150500.55.52.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-extra-5.14.21-150500.55.52.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* dtb-apm-5.14.21-150500.55.52.1
* dtb-hisilicon-5.14.21-150500.55.52.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.52.1
* dtb-renesas-5.14.21-150500.55.52.1
* dtb-arm-5.14.21-150500.55.52.1
* gfs2-kmp-64kb-5.14.21-150500.55.52.1
* kernel-64kb-devel-5.14.21-150500.55.52.1
* kselftests-kmp-64kb-5.14.21-150500.55.52.1
* dtb-lg-5.14.21-150500.55.52.1
* dlm-kmp-64kb-5.14.21-150500.55.52.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.52.1
* dtb-amlogic-5.14.21-150500.55.52.1
* dtb-amazon-5.14.21-150500.55.52.1
* kernel-64kb-debugsource-5.14.21-150500.55.52.1
* dtb-sprd-5.14.21-150500.55.52.1
* dtb-xilinx-5.14.21-150500.55.52.1
* dtb-cavium-5.14.21-150500.55.52.1
* dtb-nvidia-5.14.21-150500.55.52.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.52.1
* dtb-mediatek-5.14.21-150500.55.52.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.52.1
* dtb-allwinner-5.14.21-150500.55.52.1
* kernel-64kb-debuginfo-5.14.21-150500.55.52.1
* cluster-md-kmp-64kb-5.14.21-150500.55.52.1
* dtb-freescale-5.14.21-150500.55.52.1
* dtb-marvell-5.14.21-150500.55.52.1
* dtb-rockchip-5.14.21-150500.55.52.1
* dtb-broadcom-5.14.21-150500.55.52.1
* ocfs2-kmp-64kb-5.14.21-150500.55.52.1
* reiserfs-kmp-64kb-5.14.21-150500.55.52.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* dtb-exynos-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-devel-5.14.21-150500.55.52.1
* kernel-64kb-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-debugsource-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.52.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.52.1
* kernel-macros-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.52.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.52.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.52.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-syms-5.14.21-150500.55.52.1
* kernel-obs-build-5.14.21-150500.55.52.1
* kernel-obs-build-debugsource-5.14.21-150500.55.52.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.52.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150500.55.52.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-1-150500.11.3.1
* kernel-default-livepatch-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* kernel-default-livepatch-devel-5.14.21-150500.55.52.1
* kernel-livepatch-5_14_21-150500_55_52-default-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-1-150500.11.3.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.52.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.52.1
* cluster-md-kmp-default-5.14.21-150500.55.52.1
* dlm-kmp-default-5.14.21-150500.55.52.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-5.14.21-150500.55.52.1
* ocfs2-kmp-default-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-5.14.21-150500.55.52.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
## References:
* https://www.suse.com/security/cve/CVE-2019-25162.html
* https://www.suse.com/security/cve/CVE-2021-46923.html
* https://www.suse.com/security/cve/CVE-2021-46924.html
* https://www.suse.com/security/cve/CVE-2021-46932.html
* https://www.suse.com/security/cve/CVE-2023-28746.html
* https://www.suse.com/security/cve/CVE-2023-5197.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52429.html
* https://www.suse.com/security/cve/CVE-2023-52439.html
* https://www.suse.com/security/cve/CVE-2023-52443.html
* https://www.suse.com/security/cve/CVE-2023-52445.html
* https://www.suse.com/security/cve/CVE-2023-52447.html
* https://www.suse.com/security/cve/CVE-2023-52448.html
* https://www.suse.com/security/cve/CVE-2023-52449.html
* https://www.suse.com/security/cve/CVE-2023-52451.html
* https://www.suse.com/security/cve/CVE-2023-52452.html
* https://www.suse.com/security/cve/CVE-2023-52456.html
* https://www.suse.com/security/cve/CVE-2023-52457.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52464.html
* https://www.suse.com/security/cve/CVE-2023-52475.html
* https://www.suse.com/security/cve/CVE-2023-52478.html
* https://www.suse.com/security/cve/CVE-2023-6817.html
* https://www.suse.com/security/cve/CVE-2024-0607.html
* https://www.suse.com/security/cve/CVE-2024-1151.html
* https://www.suse.com/security/cve/CVE-2024-23849.html
* https://www.suse.com/security/cve/CVE-2024-23850.html
* https://www.suse.com/security/cve/CVE-2024-23851.html
* https://www.suse.com/security/cve/CVE-2024-25744.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26586.html
* https://www.suse.com/security/cve/CVE-2024-26589.html
* https://www.suse.com/security/cve/CVE-2024-26591.html
* https://www.suse.com/security/cve/CVE-2024-26593.html
* https://www.suse.com/security/cve/CVE-2024-26595.html
* https://www.suse.com/security/cve/CVE-2024-26598.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26603.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1206453
* https://bugzilla.suse.com/show_bug.cgi?id=1209412
* https://bugzilla.suse.com/show_bug.cgi?id=1213456
* https://bugzilla.suse.com/show_bug.cgi?id=1216776
* https://bugzilla.suse.com/show_bug.cgi?id=1217927
* https://bugzilla.suse.com/show_bug.cgi?id=1218195
* https://bugzilla.suse.com/show_bug.cgi?id=1218216
* https://bugzilla.suse.com/show_bug.cgi?id=1218450
* https://bugzilla.suse.com/show_bug.cgi?id=1218527
* https://bugzilla.suse.com/show_bug.cgi?id=1218663
* https://bugzilla.suse.com/show_bug.cgi?id=1218915
* https://bugzilla.suse.com/show_bug.cgi?id=1219126
* https://bugzilla.suse.com/show_bug.cgi?id=1219127
* https://bugzilla.suse.com/show_bug.cgi?id=1219141
* https://bugzilla.suse.com/show_bug.cgi?id=1219146
* https://bugzilla.suse.com/show_bug.cgi?id=1219295
* https://bugzilla.suse.com/show_bug.cgi?id=1219443
* https://bugzilla.suse.com/show_bug.cgi?id=1219653
* https://bugzilla.suse.com/show_bug.cgi?id=1219827
* https://bugzilla.suse.com/show_bug.cgi?id=1219835
* https://bugzilla.suse.com/show_bug.cgi?id=1219839
* https://bugzilla.suse.com/show_bug.cgi?id=1219840
* https://bugzilla.suse.com/show_bug.cgi?id=1219934
* https://bugzilla.suse.com/show_bug.cgi?id=1220003
* https://bugzilla.suse.com/show_bug.cgi?id=1220009
* https://bugzilla.suse.com/show_bug.cgi?id=1220021
* https://bugzilla.suse.com/show_bug.cgi?id=1220030
* https://bugzilla.suse.com/show_bug.cgi?id=1220106
* https://bugzilla.suse.com/show_bug.cgi?id=1220140
* https://bugzilla.suse.com/show_bug.cgi?id=1220187
* https://bugzilla.suse.com/show_bug.cgi?id=1220238
* https://bugzilla.suse.com/show_bug.cgi?id=1220240
* https://bugzilla.suse.com/show_bug.cgi?id=1220241
* https://bugzilla.suse.com/show_bug.cgi?id=1220243
* https://bugzilla.suse.com/show_bug.cgi?id=1220250
* https://bugzilla.suse.com/show_bug.cgi?id=1220251
* https://bugzilla.suse.com/show_bug.cgi?id=1220253
* https://bugzilla.suse.com/show_bug.cgi?id=1220254
* https://bugzilla.suse.com/show_bug.cgi?id=1220255
* https://bugzilla.suse.com/show_bug.cgi?id=1220257
* https://bugzilla.suse.com/show_bug.cgi?id=1220267
* https://bugzilla.suse.com/show_bug.cgi?id=1220277
* https://bugzilla.suse.com/show_bug.cgi?id=1220317
* https://bugzilla.suse.com/show_bug.cgi?id=1220326
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220330
* https://bugzilla.suse.com/show_bug.cgi?id=1220335
* https://bugzilla.suse.com/show_bug.cgi?id=1220344
* https://bugzilla.suse.com/show_bug.cgi?id=1220348
* https://bugzilla.suse.com/show_bug.cgi?id=1220350
* https://bugzilla.suse.com/show_bug.cgi?id=1220364
* https://bugzilla.suse.com/show_bug.cgi?id=1220392
* https://bugzilla.suse.com/show_bug.cgi?id=1220393
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220409
* https://bugzilla.suse.com/show_bug.cgi?id=1220444
* https://bugzilla.suse.com/show_bug.cgi?id=1220457
* https://bugzilla.suse.com/show_bug.cgi?id=1220459
* https://bugzilla.suse.com/show_bug.cgi?id=1220649
* https://bugzilla.suse.com/show_bug.cgi?id=1220796
* https://bugzilla.suse.com/show_bug.cgi?id=1220825
* https://jira.suse.com/browse/PED-7618
1
0
12 Mar '24
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0855-1
Rating: important
References:
* bsc#1194869
* bsc#1206453
* bsc#1209412
* bsc#1216776
* bsc#1217927
* bsc#1218195
* bsc#1218216
* bsc#1218450
* bsc#1218527
* bsc#1218562
* bsc#1218663
* bsc#1218915
* bsc#1219126
* bsc#1219127
* bsc#1219141
* bsc#1219146
* bsc#1219295
* bsc#1219443
* bsc#1219653
* bsc#1219827
* bsc#1219835
* bsc#1219839
* bsc#1219840
* bsc#1219934
* bsc#1220003
* bsc#1220009
* bsc#1220021
* bsc#1220030
* bsc#1220106
* bsc#1220140
* bsc#1220187
* bsc#1220238
* bsc#1220240
* bsc#1220241
* bsc#1220243
* bsc#1220250
* bsc#1220251
* bsc#1220253
* bsc#1220254
* bsc#1220255
* bsc#1220257
* bsc#1220267
* bsc#1220277
* bsc#1220317
* bsc#1220325
* bsc#1220326
* bsc#1220328
* bsc#1220330
* bsc#1220335
* bsc#1220344
* bsc#1220348
* bsc#1220350
* bsc#1220364
* bsc#1220392
* bsc#1220393
* bsc#1220398
* bsc#1220409
* bsc#1220433
* bsc#1220444
* bsc#1220457
* bsc#1220459
* bsc#1220469
* bsc#1220649
* bsc#1220735
* bsc#1220736
* bsc#1220796
* bsc#1220825
* bsc#1220845
* bsc#1220848
* bsc#1220917
* bsc#1220930
* bsc#1220931
* bsc#1220933
* jsc#PED-7618
Cross-References:
* CVE-2019-25162
* CVE-2021-46923
* CVE-2021-46924
* CVE-2021-46932
* CVE-2021-46934
* CVE-2021-47083
* CVE-2022-48627
* CVE-2022-48628
* CVE-2023-5197
* CVE-2023-52340
* CVE-2023-52429
* CVE-2023-52439
* CVE-2023-52443
* CVE-2023-52445
* CVE-2023-52447
* CVE-2023-52448
* CVE-2023-52449
* CVE-2023-52451
* CVE-2023-52452
* CVE-2023-52456
* CVE-2023-52457
* CVE-2023-52462
* CVE-2023-52463
* CVE-2023-52464
* CVE-2023-52467
* CVE-2023-52475
* CVE-2023-52478
* CVE-2023-52482
* CVE-2023-52530
* CVE-2023-52531
* CVE-2023-52559
* CVE-2023-6270
* CVE-2023-6817
* CVE-2024-0607
* CVE-2024-1151
* CVE-2024-23849
* CVE-2024-23850
* CVE-2024-23851
* CVE-2024-25744
* CVE-2024-26585
* CVE-2024-26586
* CVE-2024-26589
* CVE-2024-26591
* CVE-2024-26593
* CVE-2024-26595
* CVE-2024-26598
* CVE-2024-26602
* CVE-2024-26603
* CVE-2024-26607
* CVE-2024-26622
CVSS scores:
* CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-46923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-46934 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-47083 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2022-48628 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52447 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52452 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52456 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52457 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-52462 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52467 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52559 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23850 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26607 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 50 vulnerabilities, contains one feature and has 23
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-6270: Fixed a use-after-free bug in aoecmd_cfg_pkts (bsc#1218562).
* CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend
(bsc#1220933).
* CVE-2023-52462: Fixed a security check for attempt to corrupt spilled
pointer (bsc#1220325).
* CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register
(bsc#1220433).
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
(bsc#1220930).
* CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
* CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach
(bsc#1220254).
* CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
PTR_TO_FLOW_KEYS (bsc#1220255).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220187).
* CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
* CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
(bsc#1218915).
* CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
* CVE-2024-23850: Fixed double free of anonymous device after snapshot
creation failure (bsc#1219126).
* CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
* CVE-2023-52457: Fixed skipped resource freeing if
pm_runtime_resume_and_get() failed (bsc#1220350).
* CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
* CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
* CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
(bsc#1220251).
* CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238).
* CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
* CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
* CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
* CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
* CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
* CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
* CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
* CVE-2024-26586: Fixed stack corruption (bsc#1220243).
* CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
* CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
* CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253).
* CVE-2024-1151: Fixed unlimited number of recursions from action sets
(bsc#1219835).
* CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from
chain bindings within the same transaction (bsc#1218216).
* CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127).
* CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-
table.c (bsc#1219827).
* CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c
(bsc#1219146).
The following non-security bugs were fixed:
* ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous
events (git-fixes).
* ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A (git-fixes).
* ACPI: extlog: fix NULL pointer dereference check (git-fixes).
* ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (git-fixes).
* ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (git-fixes).
* ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 (git-fixes).
* ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2
(git-fixes).
* ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371
AMD version) (git-fixes).
* ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (git-fixes).
* afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-
fixes).
* afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
(git-fixes).
* afs: Hide silly-rename files from userspace (git-fixes).
* afs: Increase buffer size in afs_update_volume_status() (git-fixes).
* ahci: asm1166: correct count of reported ports (git-fixes).
* ALSA: Drop leftover snd-rtctimer stuff from Makefile (git-fixes).
* ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
* ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
* ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
(git-fixes).
* ALSA: hda/realtek: cs35l41: Fix device ID / model name (git-fixes).
* ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table (git-
fixes).
* ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (git-fixes).
* ALSA: hda/realtek: fix mute/micmute LED For HP mt645 (git-fixes).
* ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power (git-fixes).
* ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift
1 SF114-32 (git-fixes).
* ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (git-fixes).
* ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (git-fixes).
* ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
* ALSA: usb-audio: Check presence of valid altsetting control (git-fixes).
* ALSA: usb-audio: Ignore clock selector errors for single connection (git-
fixes).
* ALSA: usb-audio: More relaxed check of MIDI jack names (git-fixes).
* ALSA: usb-audio: Sort quirk table entries (git-fixes).
* arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
* arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
* arm64: entry: Simplify tramp_alias macro and tramp_exit routine
(bsc#1219443)
* arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443)
Enable workaround.
* arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443)
Enable workaround without kABI break.
* arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes)
Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break
* arm64: irq: set the correct node for shadow call stack (git-fixes)
* arm64: irq: set the correct node for VMAP stack (git-fixes)
* arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443)
* arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-
fixes)
* ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
* ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (git-fixes).
* ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
* ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (git-fixes).
* atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
* Bluetooth: Avoid potential use-after-free in hci_error_reset (git-fixes).
* Bluetooth: Enforce validation on max value of connection interval (git-
fixes).
* Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (git-fixes).
* Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR (git-fixes).
* Bluetooth: hci_sync: Check the correct flag before starting a scan (git-
fixes).
* Bluetooth: hci_sync: Fix accept_list when attempting to suspend (git-fixes).
* Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
* Bluetooth: qca: Fix wrong event type for patch config command (git-fixes).
* bpf: Fix verification of indirect var-off stack access (git-fixes).
* bpf: Fix verification of indirect var-off stack access (git-fixes).
* bpf: Guard stack limits against 32bit overflow (git-fixes).
* bpf: Guard stack limits against 32bit overflow (git-fixes).
* bpf: Minor logging improvement (bsc#1220257).
* bus: moxtet: Add spi device table (git-fixes).
* cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
* can: j1939: Fix UAF in j1939_sk_match_filter during
setsockopt(SO_J1939_FILTER) (git-fixes).
* crypto: api - Disallow identical driver names (git-fixes).
* crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
(git-fixes).
* crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
* crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
* dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
(git-fixes).
* dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (git-fixes).
* dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
* dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
* dmaengine: ptdma: use consistent DMA masks (git-fixes).
* dmaengine: shdma: increase size of 'dev_id' (git-fixes).
* dmaengine: ti: edma: Add some null pointer checks to the edma_probe (git-
fixes).
* driver core: Fix device_link_flag_is_sync_state_only() (git-fixes).
* drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
* drm/amd/display: Fix possible buffer overflow in 'find_dcfclk_for_voltage()'
(git-fixes).
* drm/amd/display: Fix possible NULL dereference on device remove/driver
unload (git-fixes).
* drm/amd/display: Increase frame-larger-than for all display_mode_vba files
(git-fixes).
* drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
* drm/amd/display: Preserve original aspect ratio in create stream (git-
fixes).
* drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
* drm/amdgpu: skip to program GFXDEC registers for suspend abort (git-fixes).
* drm/amdgpu/display: Initialize gamma correction mode variable in
dcn30_get_gamcor_current() (git-fixes).
* drm/buddy: fix range bias (git-fixes).
* drm/crtc: fix uninitialized variable use even harder (git-fixes).
* drm/i915/gvt: Fix uninitialized variable in handle_mmio() (git-fixes).
* drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case
(git-fixes).
* drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-
fixes).
* drm/msms/dp: fixed link clock divider bits be over written in BPC unknown
case (git-fixes).
* drm/prime: Support page array >= 4GB (git-fixes).
* drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set
(git-fixes).
* drm/ttm: Fix an invalid freeing on already freed page in error path (git-
fixes).
* efi: Do not add memblocks for soft-reserved memory (git-fixes).
* efi: runtime: Fix potential overflow of soft-reserved region size (git-
fixes).
* efi/capsule-loader: fix incorrect allocation size (git-fixes).
* fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
* fbdev: savage: Error out if pixclock equals zero (git-fixes).
* fbdev: sis: Error out if pixclock equals zero (git-fixes).
* firewire: core: send bus reset promptly on gap count error (git-fixes).
* fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
* fs: JFS: UBSAN: array-index-out-of-bounds in dbAdjTree (git-fixes).
* gpio: 74x164: Enable output pins after registers are reset (git-fixes).
* gpio: fix resource unwinding order in error path (git-fixes).
* gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (git-fixes).
* gpiolib: Fix the error path order in gpiochip_add_data_with_key() (git-
fixes).
* HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
* HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
* HID: wacom: Do not register input devices until after hid_hw_start (git-
fixes).
* HID: wacom: generic: Avoid reporting a serial of '0' to userspace (git-
fixes).
* hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
* hwmon: (coretemp) Enlarge per package core count limit (git-fixes).
* hwmon: (coretemp) Fix bogus core_id to attr name mapping (git-fixes).
* hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
* i2c: i801: Fix block process call transactions (git-fixes).
* i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
* i2c: imx: Add timer for handling the stop condition (git-fixes).
* i2c: imx: when being a target, mark the last read as processed (git-fixes).
* i3c: master: cdns: Update maximum prescaler value for i2c clock (git-fixes).
* IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
* IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
* iio: accel: bma400: Fix a compilation problem (git-fixes).
* iio: adc: ad7091r: Set alert bit in config register (git-fixes).
* iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
* iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (git-
fixes).
* iio: magnetometer: rm3100: add boundary check for the value read from
RM3100_REG_TMRC (git-fixes).
* Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
* Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
* Input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
* Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
* Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr()
(git-fixes).
* Input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
* Input: pm8941-pwrkey - add software key press debouncing support (git-
fixes).
* Input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
* Input: xpad - add Lenovo Legion Go controllers (git-fixes).
* Input: xpad - add Lenovo Legion Go controllers (git-fixes).
* irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
* irqchip/irq-brcmstb-l2: Add write memory barrier before exit (git-fixes).
* jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
* jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
* jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
* jfs: fix uaf in jfs_evict_inode (git-fixes).
* kbuild: Fix changing ELF file type for output of gen_btf for big endian
(git-fixes).
* KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
* KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
* KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
* KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
* KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-
fixes).
* lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
detected (git-commit).
* lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
detected (git-fixes).
* leds: trigger: panic: Do not register panic notifier if creating the trigger
failed (git-fixes).
* lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
* lib/stackdepot: add refcount for records (jsc-PED#7423).
* lib/stackdepot: Fix first entry having a 0-handle (jsc-PED#7423).
* lib/stackdepot: Move stack_record struct definition into the header (jsc-
PED#7423).
* libsubcmd: Fix memory leak in uniq() (git-fixes).
* md: Do not ignore suspended array in md_check_recovery() (git-fixes).
* md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
(git-fixes).
* md: introduce md_ro_state (git-fixes).
* md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
* md: Whenassemble the array, consult the superblock of the freshest device
(git-fixes).
* md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
* md/raid5: release batch_last before waiting for another stripe_head (git-
fixes).
* md/raid6: use valid sector values to determine if an I/O should wait on the
reshape (git-fixes).
* media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
* media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
* media: rc: bpf attach/detach requires write permission (git-fixes).
* media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
* media: stk1160: Fixed high volume of stk1160_dbg messages (git-fixes).
* mfd: syscon: Fix null pointer dereference in of_syscon_register() (git-
fixes).
* mm,page_owner: Display all stacks and their count (jsc-PED#7423).
* mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
* mm,page_owner: Implement the tracking of the stacks count (jsc-PED#7423).
* mm,page_owner: Maintain own list of stack_records structs (jsc-PED#7423).
* mm,page_owner: Update Documentation regarding page_owner_stacks (jsc-
PED#7423).
* mm: memory-failure: fix potential unexpected return value from
unpoison_memory() (git-fixes).
* mm/hwpoison: fix unpoison_memory() (bsc#1218663).
* mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
* mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE (bsc#1218663).
* mmc: core: Fix eMMC initialization with 1-bit bus connection (git-fixes).
* mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
* mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
* mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
* mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
* mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
* modpost: trim leading spaces when processing source files list (git-fixes).
* mtd: spinand: gigadevice: Fix the get ecc status issue (git-fixes).
* net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
* net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
* netfs, fscache: Prevent Oops in fscache_put_cache() (bsc#1220003).
* nilfs2: fix data corruption in dsync block recovery for small block sizes
(git-fixes).
* nilfs2: replace WARN_ONs for invalid DAT metadata block requests (git-
fixes).
* nouveau: fix function cast warnings (git-fixes).
* nouveau/svm: fix kvcalloc() argument order (git-fixes).
* ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
* ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
* nvme-fabrics: fix I/O connect error handling (git-fixes).
* nvme-host: fix the updating of the firmware version (git-fixes).
* PCI: Add no PM reset quirk for NVIDIA Spectrum devices (git-fixes).
* PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
* PCI: Fix 64GT/s effective data rate calculation (git-fixes).
* PCI: Only override AMD USB controller if required (git-fixes).
* PCI: switchtec: Fix stdev_release() crash after surprise hot remove (git-
fixes).
* PCI/AER: Decode Requester ID when no error info found (git-fixes).
* platform/x86: thinkpad_acpi: Only update profile if successfully converted
(git-fixes).
* platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet
(git-fixes).
* platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names
(git-fixes).
* PM: core: Remove unnecessary (void *) conversions (git-fixes).
* PM: runtime: Have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend() (git-fixes).
* PNP: ACPI: fix fortify warning (git-fixes).
* power: supply: bq27xxx-i2c: Do not free non existing IRQ (git-fixes).
* powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
* powerpc: Do not include lppaca.h in paca.h (bsc#1194869).
* powerpc/64: Set task pt_regs->link to the LR value on scv entry
(bsc#1194869).
* powerpc/powernv: Fix fortify source warnings in opal-prd.c (bsc#1194869).
* powerpc/pseries: Add a clear modifier to ibm,pa/pi-features parser
(bsc#1220348).
* powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
(bsc#1194869).
* powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features
(bsc#1220348).
* powerpc/watchpoint: Disable pagefaults when getting user instruction
(bsc#1194869).
* powerpc/watchpoints: Annotate atomic context in more places (bsc#1194869).
* powerpc/watchpoints: Disable preemption in thread_change_pc() (bsc#1194869).
* pstore/ram: Fix crash when setting number of cpus to an odd number (git-
fixes).
* RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
* RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
* RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
* RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
* RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
* RDMA/core: Fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
* RDMA/core: Get IB width and speed from netdev (bsc#1219934).
* RDMA/irdma: Add AE for too many RNRS (git-fixes)
* RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
* RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
* RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
* RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
* RDMA/srpt: fix function pointer cast warnings (git-fixes)
* RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
* regulator: core: Only increment use_count when enable_count changes (git-
fixes).
* regulator: pwm-regulator: Add validity checks in continuous .get_voltage
(git-fixes).
* Revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
* Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-
fixes).
* Revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
* ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
* s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
* s390/qeth: Fix potential loss of L3-IP@ in case of network issues (git-fixes
bsc#1219840).
* sched/membarrier: reduce the ability to hammer on sys_membarrier (git-
fixes).
* scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
(git-fixes).
* scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
(git-fixes).
* scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes
bsc#1219141).
* scsi: hisi_sas: Prevent parallel FLR and controller reset (git-fixes).
* scsi: ibmvfc: Limit max hw queues by num_online_cpus() (bsc#1220106).
* scsi: ibmvfc: Open-code reset loop for target reset (bsc#1220106).
* scsi: isci: Fix an error code problem in isci_io_request_build() (git-
fixes).
* scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an
ABTS (bsc#1220021).
* scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric
nodes (bsc#1220021).
* scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
* scsi: lpfc: Change lpfc_vport load_flag member into a bitmask (bsc#1220021).
* scsi: lpfc: Change nlp state statistic counters into atomic_t (bsc#1220021).
* scsi: lpfc: Copyright updates for 14.4.0.0 patches (bsc#1220021).
* scsi: lpfc: Fix failure to delete vports when discovery is in progress
(bsc#1220021).
* scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
* scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
(bsc#1220021).
* scsi: lpfc: Move handling of reset congestion statistics events
(bsc#1220021).
* scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock
(bsc#1220021).
* scsi: lpfc: Remove D_ID swap log message from trace event logger
(bsc#1220021).
* scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for
ndlps (bsc#1220021).
* scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs
(bsc#1220021).
* scsi: lpfc: Replace deprecated strncpy() with strscpy() (bsc#1220021).
* scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn
notifications (bsc#1220021).
* scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021).
* scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal (bsc#1220021).
* scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length
(bsc#1220021).
* scsi: mpi3mr: Refresh sdev queue depth after controller reset (git-fixes).
* scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" (git-
fixes bsc#1219141).
* serial: 8250: Remove serial_rs485 sanitization from em485 (git-fixes).
* spi-mxs: Fix chipselect glitch (git-fixes).
* spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected (git-
fixes).
* spi: ppc4xx: Drop write-only variable (git-fixes).
* spi: sh-msiof: avoid integer overflow in constants (git-fixes).
* staging: iio: ad5933: fix type mismatch regression (git-fixes).
* tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
* tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
* topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
* topology/sysfs: Add format parameter to macro defining "show" functions for
proc (jsc#PED-7618).
* topology/sysfs: Add PPIN in sysfs under cpu topology (jsc#PED-7618).
* topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
* tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
* tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
* tracing/probes: Fix to show a parse error for bad type for $comm (git-
fixes).
* tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (git-fixes).
* UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
* usb: cdns: readd old API (git-fixes).
* usb: cdns3: fix memory double free when handle zero packet (git-fixes).
* usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-
fixes).
* usb: cdns3: Modify the return value of cdns_set_active () to void when
CONFIG_PM_SLEEP is disabled (git-fixes).
* usb: cdns3: Put the cdns set active part outside the spin lock (git-fixes).
* usb: cdnsp: blocked some cdns3 specific code (git-fixes).
* usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers
(git-fixes).
* usb: dwc3: gadget: Do not disconnect if not started (git-fixes).
* usb: dwc3: gadget: Handle EP0 request dequeuing properly (git-fixes).
* usb: dwc3: gadget: Ignore End Transfer delay on teardown (git-fixes).
* usb: dwc3: gadget: Queue PM runtime idle on disconnect event (git-fixes).
* usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API
(git-fixes).
* usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (git-
fixes).
* usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
* usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
* usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
* usb: gadget: core: Add missing kerneldoc for vbus_work (git-fixes).
* usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
* usb: Gadget: core: Help prevent panic during UVC unconfigure (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
* usb: gadget: Fix obscure lockdep violation for udc_mutex (git-fixes).
* usb: gadget: Fix use-after-free Read in usb_udc_uevent() (git-fixes).
* usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
* usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (git-
fixes).
* usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
* usb: gadget: udc: Handle gadget_connect failure during bind operation (git-
fixes).
* usb: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
(bsc#1218527).
* usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
* usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
* usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-
fixes).
* usb: roles: fix NULL pointer issue when put module's reference (git-fixes).
* usb: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
* usb: serial: option: add Fibocom FM101-GL variant (git-fixes).
* usb: serial: qcserial: add new usb-id for Dell Wireless DW5826e (git-fixes).
* watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (git-
fixes).
* wifi: ath11k: fix registration of 6Ghz-only phy without the full channel
range (git-fixes).
* wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (git-fixes).
* wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
* wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (git-fixes).
* wifi: cfg80211: free beacon_ies when overridden from hidden BSS (git-fixes).
* wifi: iwlwifi: Fix some error codes (git-fixes).
* wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
* wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-
fixes).
* wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
* wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
* wifi: nl80211: reject iftype change with mesh ID change (git-fixes).
* wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
* wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (git-fixes).
* wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
* wifi: wext-core: Fix -Wstringop-overflow warning in
ioctl_standard_iw_point() (git-fixes).
* x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
* x86/bugs: Add asm helpers for executing VERW (git-fixes).
* x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-
fixes). Also add mds_user_clear to kABI severities since it's strictly
mitigation related so should be low risk.
* x86/cpu: X86_FEATURE_INTEL_PPIN finally had a CPUID bit (jsc#PED-7618).
* x86/entry_32: Add VERW just before userspace transition (git-fixes).
* x86/entry_64: Add VERW just before userspace transition (git-fixes).
* x86/mm: Fix memory encryption features advertisement (bsc#1206453).
* xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
* xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-855=1 SUSE-2024-855=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-855=1
## Package List:
* openSUSE Leap 15.5 (aarch64 x86_64)
* kernel-azure-optional-5.14.21-150500.33.37.1
* dlm-kmp-azure-5.14.21-150500.33.37.1
* kernel-azure-debugsource-5.14.21-150500.33.37.1
* kernel-azure-extra-5.14.21-150500.33.37.1
* gfs2-kmp-azure-debuginfo-5.14.21-150500.33.37.1
* kernel-azure-extra-debuginfo-5.14.21-150500.33.37.1
* kernel-azure-livepatch-devel-5.14.21-150500.33.37.1
* gfs2-kmp-azure-5.14.21-150500.33.37.1
* dlm-kmp-azure-debuginfo-5.14.21-150500.33.37.1
* kernel-syms-azure-5.14.21-150500.33.37.1
* cluster-md-kmp-azure-5.14.21-150500.33.37.1
* kernel-azure-debuginfo-5.14.21-150500.33.37.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.37.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.37.1
* kernel-azure-devel-5.14.21-150500.33.37.1
* kernel-azure-optional-debuginfo-5.14.21-150500.33.37.1
* reiserfs-kmp-azure-5.14.21-150500.33.37.1
* kselftests-kmp-azure-5.14.21-150500.33.37.1
* kernel-azure-devel-debuginfo-5.14.21-150500.33.37.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.37.1
* ocfs2-kmp-azure-5.14.21-150500.33.37.1
* kselftests-kmp-azure-debuginfo-5.14.21-150500.33.37.1
* openSUSE Leap 15.5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.37.1
* openSUSE Leap 15.5 (x86_64)
* kernel-azure-vdso-debuginfo-5.14.21-150500.33.37.1
* kernel-azure-vdso-5.14.21-150500.33.37.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-azure-5.14.21-150500.33.37.1
* kernel-devel-azure-5.14.21-150500.33.37.1
* Public Cloud Module 15-SP5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.37.1
* Public Cloud Module 15-SP5 (aarch64 x86_64)
* kernel-azure-devel-debuginfo-5.14.21-150500.33.37.1
* kernel-azure-debugsource-5.14.21-150500.33.37.1
* kernel-azure-devel-5.14.21-150500.33.37.1
* kernel-syms-azure-5.14.21-150500.33.37.1
* kernel-azure-debuginfo-5.14.21-150500.33.37.1
* Public Cloud Module 15-SP5 (noarch)
* kernel-source-azure-5.14.21-150500.33.37.1
* kernel-devel-azure-5.14.21-150500.33.37.1
## References:
* https://www.suse.com/security/cve/CVE-2019-25162.html
* https://www.suse.com/security/cve/CVE-2021-46923.html
* https://www.suse.com/security/cve/CVE-2021-46924.html
* https://www.suse.com/security/cve/CVE-2021-46932.html
* https://www.suse.com/security/cve/CVE-2021-46934.html
* https://www.suse.com/security/cve/CVE-2021-47083.html
* https://www.suse.com/security/cve/CVE-2022-48627.html
* https://www.suse.com/security/cve/CVE-2022-48628.html
* https://www.suse.com/security/cve/CVE-2023-5197.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52429.html
* https://www.suse.com/security/cve/CVE-2023-52439.html
* https://www.suse.com/security/cve/CVE-2023-52443.html
* https://www.suse.com/security/cve/CVE-2023-52445.html
* https://www.suse.com/security/cve/CVE-2023-52447.html
* https://www.suse.com/security/cve/CVE-2023-52448.html
* https://www.suse.com/security/cve/CVE-2023-52449.html
* https://www.suse.com/security/cve/CVE-2023-52451.html
* https://www.suse.com/security/cve/CVE-2023-52452.html
* https://www.suse.com/security/cve/CVE-2023-52456.html
* https://www.suse.com/security/cve/CVE-2023-52457.html
* https://www.suse.com/security/cve/CVE-2023-52462.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52464.html
* https://www.suse.com/security/cve/CVE-2023-52467.html
* https://www.suse.com/security/cve/CVE-2023-52475.html
* https://www.suse.com/security/cve/CVE-2023-52478.html
* https://www.suse.com/security/cve/CVE-2023-52482.html
* https://www.suse.com/security/cve/CVE-2023-52530.html
* https://www.suse.com/security/cve/CVE-2023-52531.html
* https://www.suse.com/security/cve/CVE-2023-52559.html
* https://www.suse.com/security/cve/CVE-2023-6270.html
* https://www.suse.com/security/cve/CVE-2023-6817.html
* https://www.suse.com/security/cve/CVE-2024-0607.html
* https://www.suse.com/security/cve/CVE-2024-1151.html
* https://www.suse.com/security/cve/CVE-2024-23849.html
* https://www.suse.com/security/cve/CVE-2024-23850.html
* https://www.suse.com/security/cve/CVE-2024-23851.html
* https://www.suse.com/security/cve/CVE-2024-25744.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26586.html
* https://www.suse.com/security/cve/CVE-2024-26589.html
* https://www.suse.com/security/cve/CVE-2024-26591.html
* https://www.suse.com/security/cve/CVE-2024-26593.html
* https://www.suse.com/security/cve/CVE-2024-26595.html
* https://www.suse.com/security/cve/CVE-2024-26598.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26603.html
* https://www.suse.com/security/cve/CVE-2024-26607.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1206453
* https://bugzilla.suse.com/show_bug.cgi?id=1209412
* https://bugzilla.suse.com/show_bug.cgi?id=1216776
* https://bugzilla.suse.com/show_bug.cgi?id=1217927
* https://bugzilla.suse.com/show_bug.cgi?id=1218195
* https://bugzilla.suse.com/show_bug.cgi?id=1218216
* https://bugzilla.suse.com/show_bug.cgi?id=1218450
* https://bugzilla.suse.com/show_bug.cgi?id=1218527
* https://bugzilla.suse.com/show_bug.cgi?id=1218562
* https://bugzilla.suse.com/show_bug.cgi?id=1218663
* https://bugzilla.suse.com/show_bug.cgi?id=1218915
* https://bugzilla.suse.com/show_bug.cgi?id=1219126
* https://bugzilla.suse.com/show_bug.cgi?id=1219127
* https://bugzilla.suse.com/show_bug.cgi?id=1219141
* https://bugzilla.suse.com/show_bug.cgi?id=1219146
* https://bugzilla.suse.com/show_bug.cgi?id=1219295
* https://bugzilla.suse.com/show_bug.cgi?id=1219443
* https://bugzilla.suse.com/show_bug.cgi?id=1219653
* https://bugzilla.suse.com/show_bug.cgi?id=1219827
* https://bugzilla.suse.com/show_bug.cgi?id=1219835
* https://bugzilla.suse.com/show_bug.cgi?id=1219839
* https://bugzilla.suse.com/show_bug.cgi?id=1219840
* https://bugzilla.suse.com/show_bug.cgi?id=1219934
* https://bugzilla.suse.com/show_bug.cgi?id=1220003
* https://bugzilla.suse.com/show_bug.cgi?id=1220009
* https://bugzilla.suse.com/show_bug.cgi?id=1220021
* https://bugzilla.suse.com/show_bug.cgi?id=1220030
* https://bugzilla.suse.com/show_bug.cgi?id=1220106
* https://bugzilla.suse.com/show_bug.cgi?id=1220140
* https://bugzilla.suse.com/show_bug.cgi?id=1220187
* https://bugzilla.suse.com/show_bug.cgi?id=1220238
* https://bugzilla.suse.com/show_bug.cgi?id=1220240
* https://bugzilla.suse.com/show_bug.cgi?id=1220241
* https://bugzilla.suse.com/show_bug.cgi?id=1220243
* https://bugzilla.suse.com/show_bug.cgi?id=1220250
* https://bugzilla.suse.com/show_bug.cgi?id=1220251
* https://bugzilla.suse.com/show_bug.cgi?id=1220253
* https://bugzilla.suse.com/show_bug.cgi?id=1220254
* https://bugzilla.suse.com/show_bug.cgi?id=1220255
* https://bugzilla.suse.com/show_bug.cgi?id=1220257
* https://bugzilla.suse.com/show_bug.cgi?id=1220267
* https://bugzilla.suse.com/show_bug.cgi?id=1220277
* https://bugzilla.suse.com/show_bug.cgi?id=1220317
* https://bugzilla.suse.com/show_bug.cgi?id=1220325
* https://bugzilla.suse.com/show_bug.cgi?id=1220326
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220330
* https://bugzilla.suse.com/show_bug.cgi?id=1220335
* https://bugzilla.suse.com/show_bug.cgi?id=1220344
* https://bugzilla.suse.com/show_bug.cgi?id=1220348
* https://bugzilla.suse.com/show_bug.cgi?id=1220350
* https://bugzilla.suse.com/show_bug.cgi?id=1220364
* https://bugzilla.suse.com/show_bug.cgi?id=1220392
* https://bugzilla.suse.com/show_bug.cgi?id=1220393
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220409
* https://bugzilla.suse.com/show_bug.cgi?id=1220433
* https://bugzilla.suse.com/show_bug.cgi?id=1220444
* https://bugzilla.suse.com/show_bug.cgi?id=1220457
* https://bugzilla.suse.com/show_bug.cgi?id=1220459
* https://bugzilla.suse.com/show_bug.cgi?id=1220469
* https://bugzilla.suse.com/show_bug.cgi?id=1220649
* https://bugzilla.suse.com/show_bug.cgi?id=1220735
* https://bugzilla.suse.com/show_bug.cgi?id=1220736
* https://bugzilla.suse.com/show_bug.cgi?id=1220796
* https://bugzilla.suse.com/show_bug.cgi?id=1220825
* https://bugzilla.suse.com/show_bug.cgi?id=1220845
* https://bugzilla.suse.com/show_bug.cgi?id=1220848
* https://bugzilla.suse.com/show_bug.cgi?id=1220917
* https://bugzilla.suse.com/show_bug.cgi?id=1220930
* https://bugzilla.suse.com/show_bug.cgi?id=1220931
* https://bugzilla.suse.com/show_bug.cgi?id=1220933
* https://jira.suse.com/browse/PED-7618
1
0
# Security update for sudo
Announcement ID: SUSE-SU-2024:0834-1
Rating: important
References:
* bsc#1219026
* bsc#1220389
Cross-References:
* CVE-2023-42465
CVSS scores:
* CVE-2023-42465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42465 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for sudo fixes the following issues:
* CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks
(bsc#1219026).
Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-834=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-834=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-834=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-834=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-834=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-834=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-834=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-834=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* sudo-test-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
## References:
* https://www.suse.com/security/cve/CVE-2023-42465.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219026
* https://bugzilla.suse.com/show_bug.cgi?id=1220389
1
0
12 Mar '24
# Recommended update for selinux-policy
Announcement ID: SUSE-RU-2024:0837-1
Rating: moderate
References:
* bsc#1220361
Affected Products:
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that has one fix can now be installed.
## Description:
This update for selinux-policy fixes the following issues:
* Fixed SELinux preventing agetty from using the checkpoint_restore capability
(bsc#1220361)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-837=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-837=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-837=1
## Package List:
* openSUSE Leap Micro 5.4 (noarch)
* selinux-policy-targeted-20230511+git16.5733e724-150400.4.30.1
* selinux-policy-20230511+git16.5733e724-150400.4.30.1
* selinux-policy-devel-20230511+git16.5733e724-150400.4.30.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* selinux-policy-targeted-20230511+git16.5733e724-150400.4.30.1
* selinux-policy-20230511+git16.5733e724-150400.4.30.1
* selinux-policy-devel-20230511+git16.5733e724-150400.4.30.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* selinux-policy-targeted-20230511+git16.5733e724-150400.4.30.1
* selinux-policy-20230511+git16.5733e724-150400.4.30.1
* selinux-policy-devel-20230511+git16.5733e724-150400.4.30.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1220361
1
0
12 Mar '24
# Recommended update for util-linux
Announcement ID: SUSE-RU-2024:0838-1
Rating: moderate
References:
* bsc#1220117
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that has one fix can now be installed.
## Description:
This update for util-linux fixes the following issues:
* Processes not cleaned up after failed SSH session are using up 100% CPU
(bsc#1220117)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-838=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-838=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-838=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-838=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-838=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-838=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-838=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* libfdisk-devel-static-2.37.2-150400.8.26.1
* uuidd-debuginfo-2.37.2-150400.8.26.1
* python3-libmount-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libmount-devel-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* python3-libmount-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* libuuid-devel-2.37.2-150400.8.26.1
* libblkid-devel-2.37.2-150400.8.26.1
* python3-libmount-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* uuidd-2.37.2-150400.8.26.1
* libmount-devel-static-2.37.2-150400.8.26.1
* libblkid-devel-static-2.37.2-150400.8.26.1
* libuuid-devel-static-2.37.2-150400.8.26.1
* libsmartcols-devel-static-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libfdisk-devel-2.37.2-150400.8.26.1
* libsmartcols-devel-2.37.2-150400.8.26.1
* openSUSE Leap 15.4 (x86_64)
* libfdisk-devel-32bit-2.37.2-150400.8.26.1
* libfdisk1-32bit-2.37.2-150400.8.26.1
* libmount1-32bit-2.37.2-150400.8.26.1
* libuuid1-32bit-2.37.2-150400.8.26.1
* libblkid-devel-32bit-2.37.2-150400.8.26.1
* libmount-devel-32bit-2.37.2-150400.8.26.1
* libsmartcols1-32bit-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-32bit-debuginfo-2.37.2-150400.8.26.1
* libblkid1-32bit-2.37.2-150400.8.26.1
* libblkid1-32bit-debuginfo-2.37.2-150400.8.26.1
* libmount1-32bit-debuginfo-2.37.2-150400.8.26.1
* libuuid-devel-32bit-2.37.2-150400.8.26.1
* libuuid1-32bit-debuginfo-2.37.2-150400.8.26.1
* libsmartcols-devel-32bit-2.37.2-150400.8.26.1
* libsmartcols1-32bit-2.37.2-150400.8.26.1
* openSUSE Leap 15.4 (noarch)
* util-linux-lang-2.37.2-150400.8.26.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libmount1-64bit-2.37.2-150400.8.26.1
* libsmartcols1-64bit-debuginfo-2.37.2-150400.8.26.1
* libblkid1-64bit-2.37.2-150400.8.26.1
* libmount1-64bit-debuginfo-2.37.2-150400.8.26.1
* libblkid-devel-64bit-2.37.2-150400.8.26.1
* libsmartcols-devel-64bit-2.37.2-150400.8.26.1
* libblkid1-64bit-debuginfo-2.37.2-150400.8.26.1
* libsmartcols1-64bit-2.37.2-150400.8.26.1
* libuuid1-64bit-2.37.2-150400.8.26.1
* libfdisk-devel-64bit-2.37.2-150400.8.26.1
* libuuid-devel-64bit-2.37.2-150400.8.26.1
* libmount-devel-64bit-2.37.2-150400.8.26.1
* libfdisk1-64bit-2.37.2-150400.8.26.1
* libuuid1-64bit-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-64bit-debuginfo-2.37.2-150400.8.26.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libmount1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-debugsource-2.37.2-150400.8.26.1
* libuuid1-debuginfo-2.37.2-150400.8.26.1
* libmount1-2.37.2-150400.8.26.1
* libsmartcols1-2.37.2-150400.8.26.1
* util-linux-systemd-debuginfo-2.37.2-150400.8.26.1
* libfdisk1-debuginfo-2.37.2-150400.8.26.1
* libblkid1-2.37.2-150400.8.26.1
* libuuid1-2.37.2-150400.8.26.1
* libfdisk1-2.37.2-150400.8.26.1
* util-linux-debuginfo-2.37.2-150400.8.26.1
* util-linux-systemd-2.37.2-150400.8.26.1
* util-linux-debugsource-2.37.2-150400.8.26.1
* libsmartcols1-debuginfo-2.37.2-150400.8.26.1
* util-linux-2.37.2-150400.8.26.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1220117
1
0
12 Mar '24
# Recommended update for cloud-init
Announcement ID: SUSE-RU-2024:0849-1
Rating: important
References:
* bsc#1198533
* bsc#1214169
* bsc#1218952
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Public Cloud Module 15-SP2
* Public Cloud Module 15-SP3
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.1
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.1
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.1
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5
An update that has three fixes can now be installed.
## Description:
This update for cloud-init contains the following fixes:
* Skip tests with empty config.
* Support reboot on package update/upgrade via the cloud-init config.
(bsc#1198533, bsc#1218952, jsc#SMO-326)
* Switch build dependency to the generic distribution-release package.
* Move fdupes call back to %install. (bsc#1214169)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-849=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-849=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-849=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-849=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-849=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-849=1 openSUSE-SLE-15.5-2024-849=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-849=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-849=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-849=1
* Public Cloud Module 15-SP2
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2024-849=1
* Public Cloud Module 15-SP3
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2024-849=1
## Package List:
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* cloud-init-23.3-150100.8.74.7
* cloud-init-config-suse-23.3-150100.8.74.7
* Public Cloud Module 15-SP4 (noarch)
* python3-jsonpointer-1.14-150000.3.2.1
* python3-jsonpatch-1.23-150100.3.5.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* cloud-init-23.3-150100.8.74.7
* cloud-init-config-suse-23.3-150100.8.74.7
* Public Cloud Module 15-SP5 (noarch)
* python3-jsonpointer-1.14-150000.3.2.1
* python3-jsonpatch-1.23-150100.3.5.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* dhcp-debuginfo-4.3.6.P1-150000.6.19.1
* dhcp-relay-debuginfo-4.3.6.P1-150000.6.19.1
* bind-9.16.48-150500.8.18.1
* dhcp-server-debuginfo-4.3.6.P1-150000.6.19.1
* dhcp-debugsource-4.3.6.P1-150000.6.19.1
* dhcp-relay-4.3.6.P1-150000.6.19.1
* bind-debuginfo-9.16.48-150500.8.18.1
* bind-debugsource-9.16.48-150500.8.18.1
* dhcp-server-4.3.6.P1-150000.6.19.1
* Server Applications Module 15-SP5 (noarch)
* python3-pyserial-3.4-150000.3.4.1
* bind-doc-9.16.48-150500.8.18.1
* openSUSE Leap 15.3 (noarch)
* python3-passlib-1.7.4-150300.3.2.1
* openSUSE Leap 15.4 (noarch)
* python3-more-itertools-8.10.0-150400.7.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* bind-9.16.48-150500.8.18.1
* bind-utils-9.16.48-150500.8.18.1
* libuv-debugsource-1.44.2-150500.3.2.1
* libuv1-1.44.2-150500.3.2.1
* libuv1-debuginfo-1.44.2-150500.3.2.1
* bind-utils-debuginfo-9.16.48-150500.8.18.1
* bind-debuginfo-9.16.48-150500.8.18.1
* bind-debugsource-9.16.48-150500.8.18.1
* libuv-devel-1.44.2-150500.3.2.1
* openSUSE Leap 15.5 (noarch)
* python3-jsonpointer-1.14-150000.3.2.1
* python3-jsonschema-3.2.0-150200.9.5.1
* python3-pyserial-3.4-150000.3.4.1
* python-pyserial-doc-3.4-150000.3.4.1
* python3-jsonpatch-1.23-150100.3.5.1
* python3-attrs-19.3.0-150200.3.6.1
* python3-PyJWT-2.4.0-150200.3.8.1
* python3-importlib-metadata-1.5.0-150100.3.5.1
* python3-zipp-0.6.0-150100.3.5.1
* python3-passlib-1.7.4-150300.3.2.1
* wget-lang-1.20.3-150000.3.17.1
* python3-oauthlib-2.0.6-150000.3.6.1
* python3-bind-9.16.48-150500.8.18.1
* python3-blinker-1.4-150000.3.6.1
* python3-more-itertools-8.10.0-150400.7.1
* python-blinker-doc-1.4-150000.3.6.1
* bind-doc-9.16.48-150500.8.18.1
* openSUSE Leap 15.5 (x86_64)
* libmaxminddb0-32bit-debuginfo-1.4.3-150000.1.8.1
* libmaxminddb0-32bit-1.4.3-150000.1.8.1
* libuv1-32bit-debuginfo-1.44.2-150500.3.2.1
* libuv1-32bit-1.44.2-150500.3.2.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libuv1-64bit-1.44.2-150500.3.2.1
* libuv1-64bit-debuginfo-1.44.2-150500.3.2.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libmaxminddb-devel-1.4.3-150000.1.8.1
* mmdblookup-1.4.3-150000.1.8.1
* dhcp-devel-4.3.6.P1-150000.6.19.1
* cloud-init-23.3-150100.8.74.7
* dhcp-debugsource-4.3.6.P1-150000.6.19.1
* dhcp-server-debuginfo-4.3.6.P1-150000.6.19.1
* dhcp-client-4.3.6.P1-150000.6.19.1
* libmetalink-devel-0.1.3-150000.3.2.1
* python-netifaces-debuginfo-0.10.6-150000.3.2.1
* python-pyrsistent-debugsource-0.14.4-150100.3.4.1
* python3-pyrsistent-debuginfo-0.14.4-150100.3.4.1
* dhcp-server-4.3.6.P1-150000.6.19.1
* libmaxminddb0-1.4.3-150000.1.8.1
* dhcp-debuginfo-4.3.6.P1-150000.6.19.1
* python3-pyrsistent-0.14.4-150100.3.4.1
* python-pyrsistent-debuginfo-0.14.4-150100.3.4.1
* wget-debugsource-1.20.3-150000.3.17.1
* libmetalink3-debuginfo-0.1.3-150000.3.2.1
* wget-debuginfo-1.20.3-150000.3.17.1
* dhcp-relay-4.3.6.P1-150000.6.19.1
* python3-netifaces-debuginfo-0.10.6-150000.3.2.1
* dhcp-client-debuginfo-4.3.6.P1-150000.6.19.1
* mmdblookup-debuginfo-1.4.3-150000.1.8.1
* cloud-init-config-suse-23.3-150100.8.74.7
* python-netifaces-debugsource-0.10.6-150000.3.2.1
* python3-netifaces-0.10.6-150000.3.2.1
* dhcp-relay-debuginfo-4.3.6.P1-150000.6.19.1
* dhcp-4.3.6.P1-150000.6.19.1
* cloud-init-doc-23.3-150100.8.74.7
* libmaxminddb0-debuginfo-1.4.3-150000.1.8.1
* dhcp-doc-4.3.6.P1-150000.6.19.1
* libmaxminddb-debugsource-1.4.3-150000.1.8.1
* wget-1.20.3-150000.3.17.1
* libmetalink-debugsource-0.1.3-150000.3.2.1
* libmetalink3-0.1.3-150000.3.2.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* dhcp-devel-4.3.6.P1-150000.6.19.1
* cloud-init-23.3-150100.8.74.7
* dhcp-debugsource-4.3.6.P1-150000.6.19.1
* libuv1-1.44.2-150500.3.2.1
* dhcp-client-4.3.6.P1-150000.6.19.1
* python3-pyrsistent-debuginfo-0.14.4-150100.3.4.1
* libmaxminddb0-1.4.3-150000.1.8.1
* dhcp-debuginfo-4.3.6.P1-150000.6.19.1
* python3-pyrsistent-0.14.4-150100.3.4.1
* wget-debugsource-1.20.3-150000.3.17.1
* libmetalink3-debuginfo-0.1.3-150000.3.2.1
* wget-debuginfo-1.20.3-150000.3.17.1
* bind-utils-9.16.48-150500.8.18.1
* python3-netifaces-debuginfo-0.10.6-150000.3.2.1
* dhcp-client-debuginfo-4.3.6.P1-150000.6.19.1
* bind-utils-debuginfo-9.16.48-150500.8.18.1
* cloud-init-config-suse-23.3-150100.8.74.7
* python3-netifaces-0.10.6-150000.3.2.1
* dhcp-4.3.6.P1-150000.6.19.1
* libuv1-debuginfo-1.44.2-150500.3.2.1
* libmaxminddb0-debuginfo-1.4.3-150000.1.8.1
* wget-1.20.3-150000.3.17.1
* libmetalink3-0.1.3-150000.3.2.1
* SUSE Linux Enterprise Micro 5.5 (aarch64)
* dhcp-relay-debuginfo-4.3.6.P1-150000.6.19.1
* python2-netifaces-debuginfo-0.10.6-150000.3.2.1
* dhcp-server-debuginfo-4.3.6.P1-150000.6.19.1
* libuv-debugsource-1.44.2-150500.3.2.1
* dhcp-relay-4.3.6.P1-150000.6.19.1
* python2-netifaces-0.10.6-150000.3.2.1
* libmetalink-devel-0.1.3-150000.3.2.1
* python-netifaces-debuginfo-0.10.6-150000.3.2.1
* python-netifaces-debugsource-0.10.6-150000.3.2.1
* libmetalink-debugsource-0.1.3-150000.3.2.1
* dhcp-server-4.3.6.P1-150000.6.19.1
* libuv-devel-1.44.2-150500.3.2.1
* SUSE Linux Enterprise Micro 5.5 (aarch64_ilp32)
* libmaxminddb0-64bit-1.4.3-150000.1.8.1
* libuv1-64bit-1.44.2-150500.3.2.1
* libuv1-64bit-debuginfo-1.44.2-150500.3.2.1
* libmaxminddb0-64bit-debuginfo-1.4.3-150000.1.8.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-jsonschema-3.2.0-150200.9.5.1
* python3-pyserial-3.4-150000.3.4.1
* python2-blinker-1.4-150000.3.6.1
* python2-pyserial-3.4-150000.3.4.1
* python3-jsonpatch-1.23-150100.3.5.1
* python3-attrs-19.3.0-150200.3.6.1
* python3-PyJWT-2.4.0-150200.3.8.1
* python3-importlib-metadata-1.5.0-150100.3.5.1
* python3-zipp-0.6.0-150100.3.5.1
* python3-passlib-1.7.4-150300.3.2.1
* python3-oauthlib-2.0.6-150000.3.6.1
* python3-bind-9.16.48-150500.8.18.1
* python2-oauthlib-2.0.6-150000.3.6.1
* python3-blinker-1.4-150000.3.6.1
* python3-more-itertools-8.10.0-150400.7.1
* python2-jsonpointer-1.14-150000.3.2.1
* python3-jsonpointer-1.14-150000.3.2.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* bind-debugsource-9.16.48-150500.8.18.1
* bind-debuginfo-9.16.48-150500.8.18.1
* Basesystem Module 15-SP5 (noarch)
* python3-jsonschema-3.2.0-150200.9.5.1
* python3-attrs-19.3.0-150200.3.6.1
* python3-PyJWT-2.4.0-150200.3.8.1
* python3-importlib-metadata-1.5.0-150100.3.5.1
* python3-zipp-0.6.0-150100.3.5.1
* python3-passlib-1.7.4-150300.3.2.1
* python3-oauthlib-2.0.6-150000.3.6.1
* python3-bind-9.16.48-150500.8.18.1
* python3-blinker-1.4-150000.3.6.1
* python3-more-itertools-8.10.0-150400.7.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* bind-debugsource-9.16.48-150500.8.18.1
* libmaxminddb-devel-1.4.3-150000.1.8.1
* mmdblookup-1.4.3-150000.1.8.1
* dhcp-devel-4.3.6.P1-150000.6.19.1
* dhcp-debugsource-4.3.6.P1-150000.6.19.1
* libuv1-1.44.2-150500.3.2.1
* dhcp-client-4.3.6.P1-150000.6.19.1
* libmetalink-devel-0.1.3-150000.3.2.1
* python-netifaces-debuginfo-0.10.6-150000.3.2.1
* python-pyrsistent-debugsource-0.14.4-150100.3.4.1
* python3-pyrsistent-debuginfo-0.14.4-150100.3.4.1
* libmaxminddb0-1.4.3-150000.1.8.1
* dhcp-debuginfo-4.3.6.P1-150000.6.19.1
* python3-pyrsistent-0.14.4-150100.3.4.1
* python-pyrsistent-debuginfo-0.14.4-150100.3.4.1
* libuv-debugsource-1.44.2-150500.3.2.1
* wget-debugsource-1.20.3-150000.3.17.1
* libmetalink3-debuginfo-0.1.3-150000.3.2.1
* wget-debuginfo-1.20.3-150000.3.17.1
* libuv-devel-1.44.2-150500.3.2.1
* bind-utils-9.16.48-150500.8.18.1
* python3-netifaces-debuginfo-0.10.6-150000.3.2.1
* dhcp-client-debuginfo-4.3.6.P1-150000.6.19.1
* bind-debuginfo-9.16.48-150500.8.18.1
* mmdblookup-debuginfo-1.4.3-150000.1.8.1
* bind-utils-debuginfo-9.16.48-150500.8.18.1
* python-netifaces-debugsource-0.10.6-150000.3.2.1
* python3-netifaces-0.10.6-150000.3.2.1
* dhcp-4.3.6.P1-150000.6.19.1
* libuv1-debuginfo-1.44.2-150500.3.2.1
* libmaxminddb0-debuginfo-1.4.3-150000.1.8.1
* libmaxminddb-debugsource-1.4.3-150000.1.8.1
* wget-1.20.3-150000.3.17.1
* libmetalink-debugsource-0.1.3-150000.3.2.1
* libmetalink3-0.1.3-150000.3.2.1
* SUSE Package Hub 15 15-SP5 (noarch)
* python2-blinker-1.4-150000.3.6.1
* python2-pyserial-3.4-150000.3.4.1
* python2-oauthlib-2.0.6-150000.3.6.1
* python2-jsonpointer-1.14-150000.3.2.1
* python2-jsonpatch-1.23-150100.3.5.1
* python2-jsonschema-3.2.0-150200.9.5.1
* Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64)
* cloud-init-23.3-150100.8.74.7
* cloud-init-config-suse-23.3-150100.8.74.7
* Public Cloud Module 15-SP2 (noarch)
* python3-pyserial-3.4-150000.3.4.1
* python2-blinker-1.4-150000.3.6.1
* python3-jsonpatch-1.23-150100.3.5.1
* python2-oauthlib-2.0.6-150000.3.6.1
* python3-jsonpointer-1.14-150000.3.2.1
* Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64)
* cloud-init-23.3-150100.8.74.7
* cloud-init-config-suse-23.3-150100.8.74.7
* Public Cloud Module 15-SP3 (noarch)
* python3-jsonpointer-1.14-150000.3.2.1
* python3-jsonpatch-1.23-150100.3.5.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1198533
* https://bugzilla.suse.com/show_bug.cgi?id=1214169
* https://bugzilla.suse.com/show_bug.cgi?id=1218952
1
0
# Security update for axis
Announcement ID: SUSE-SU-2024:0852-1
Rating: moderate
References:
* bsc#1218605
Cross-References:
* CVE-2023-51441
CVSS scores:
* CVE-2023-51441 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-51441 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for axis fixes the following issues:
* CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service
admin HTTP API (bsc#1218605).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-852=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-852=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* axis-1.4-150200.13.9.1
* axis-manual-1.4-150200.13.9.1
* Basesystem Module 15-SP5 (noarch)
* axis-1.4-150200.13.9.1
## References:
* https://www.suse.com/security/cve/CVE-2023-51441.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218605
1
0