Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0145-1 Final 1 1 2023-07-06T01:12:26Z current 2023-07-06T01:12:26Z 2023-07-06T01:12:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2023-23454: Fixed a type confusion bug in the CBQ network scheduler which could lead to a use-after-free (bsc#1207036) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). The following non-security bugs were fixed: - arm64: alternative: Use true and false for boolean values (git-fixes) - arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes) - arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes) - arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes) - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes) - arm64: ftrace: do not adjust the LR value (git-fixes) - arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes) - arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes) - arm64: jump_label.h: use asm_volatile_goto macro instead of 'asm (git-fixes) - arm64: make secondary_start_kernel() notrace (git-fixes) - arm64: makefile fix build of .i file in external module case (git-fixes) - arm64: ptrace: remove addr_limit manipulation (git-fixes) - arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes) - arm64: smp: Handle errors reported by the firmware (git-fixes) - arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes) - Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - CDC-NCM: remove 'connected' log message (git-fixes). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1207195). - flexfiles: enforce per-mirror stateid only for v4 DSes (git-fixes). - flexfiles: use per-mirror specified stateid for IO (git-fixes). - fs: nfs: Fix possible null-pointer dereferences in encode_attrs() (git-fixes). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kABI: mitigate new ufs_stats field (git-fixes). - lockd: fix decoding of TEST results (git-fixes). - media: Do not let tvp5150_get_vbi() go out of vbi_ram_default array (git-fixes). - media: i2c: tvp5150: remove useless variable assignment in tvp5150_set_vbi() (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - move new members of struct usbnet to end (git-fixes). - net :sunrpc :clnt :Fix xps refcount imbalance on the error path (git-fixes). - net: kalmia: clean up bind error path (git-fixes). - net: kalmia: fix memory leaks (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: asix: ax88772_bind return error when hw_reset fail (git-fixes). - net: usb: asix: init MAC address buffers (git-fixes). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: rtl8150: demote allmulti message to dev_dbg() (git-fixes). - net/usb/kalmia: use ARRAY_SIZE for various array sizing calculations (git-fixes). - NFS Handle missing attributes in OPEN reply (bsc#1203740). - NFS: Correct size calculation for create reply length (git-fixes). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: Fix NULL pointer dereference of dev_name (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: nfs_compare_mount_options always compare auth flavors (git-fixes). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: swap IO handling is slightly different for O_DIRECT IO (git-fixes). - NFS: swap-out must always use STABLE writes (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFSD: allow fh_want_write to be called twice (git-fixes). - NFSD: fix a warning in __cld_pipe_upcall() (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: fix wrong check in write_v4_end_grace() (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return EPERM, not EACCES, in some SETATTR cases (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD4: fix crash on writing v4_end_grace before nfsd startup (git-fixes). - NFSv2: Fix eof handling (git-fixes). - NFSv2: Fix write regression (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix open create exclusive when the server reboots (git-fixes). - NFSv4: Fix return value in nfs_finish_open() (git-fixes). - NFSv4: Fix return values for nfs4_file_open() (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4.x: fix lock recovery during delegation recall (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64/module: REL32 relocation range check (bsc#1065729). - powerpc/64s/hash: Fix stab_rr off by one initialization (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/boot: Disable vector instructions (bsc#1065729). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1065729). - powerpc/boot: Fix 64-bit boot wrapper build with non-biarch compiler (bsc#1065729). - powerpc/boot: Fix missing check of lseek() return value (bsc#1065729). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() (bsc#1065729). - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function (bsc#1065729). - powerpc/iommu: Avoid derefence before pointer check (bsc#1065729). - powerpc/mm: Make NULL pointer deferences explicit on bad page faults (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/pci/of: Fix OF flags parsing for 64bit BARs (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: opal_put_chars partial write fix (bsc#1065729). - powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status (bsc#1065729). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bsc#1065729). - powerpc/pseries: Fix node leak in update_lmb_associativity_index() (bsc#1065729). - powerpc/pseries: Mark accumulate_stolen_time() as notrace (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/pseries/hvconsole: Fix stack overread via udbg (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/smp: Set numa node before updating mask (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/time: Fix clockevent_decrementer initalisation for PR KVM (bsc#1065729). - powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer (bsc#1065729). - powerpc/traps: Fix the message printed when stack overflows (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive: Move a dereference below a NULL test (bsc#1065729). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - powerpc/xmon: fix dump_segments() (bsc#1065729). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: 3ware: fix return 0 on the error path of probe (git-fixes). - scsi: 53c700: pass correct 'dev' to dma_alloc_attrs() (git-fixes). - scsi: aacraid: Disabling TM path and only processing IOP reset (git-fixes). - scsi: aacraid: fix illegal IO beyond last LBA (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Reduce memory required for SCSI logging (git-fixes). - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (git-fixes). - scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes). - scsi: dc395x: fix dma API usage in srb_done (git-fixes). - scsi: fcoe: drop frames in ELS LOGO error path (git-fixes). - scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send (git-fixes). - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hpsa: correct scsi command status issue after reset (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: ibmvscsis: Ensure partition name is properly NUL terminated (git-fixes). - scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (git-fixes). - scsi: ips: fix missing break in switch (git-fixes). - scsi: isci: Change sci_controller_start_task's return type to sci_status (git-fixes). - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler (git-fixes). - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: flush running unbind operations when removing a session (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (git-fixes). - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libiscsi: Fix NOP race condition (git-fixes). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libsas: Check SMP PHY control function result (git-fixes). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: fix panic on loading firmware crashdump (git-fixes). - scsi: megaraid_sas: reduce module load time (git-fixes). - scsi: megaraid: disable device when probe failed after enabled device (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpt3sas: Fix clear pending bit in ioctl status (git-fixes). - scsi: mpt3sas: Fix double free warnings (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: NCR5380: Check for bus reset (git-fixes). - scsi: NCR5380: Check for invalid reselection target (git-fixes). - scsi: NCR5380: Clear all unissued commands on host reset (git-fixes). - scsi: NCR5380: Do not call dsprintk() following reselection interrupt (git-fixes). - scsi: NCR5380: Do not clear busy flag when abort fails (git-fixes). - scsi: NCR5380: Handle BUS FREE during reselection (git-fixes). - scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes). - scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data (git-fixes). - scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE (git-fixes). - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes). - scsi: pm80xx: Fix for SATA device discovery (git-fixes). - scsi: pm80xx: Fixed system hang issue during kexec boot (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails (git-fixes). - scsi: qedi: Abort ep termination if offload not scheduled (git-fixes). - scsi: qedi: Do not flush offload work if ARP not resolved (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Fix termination timeouts in session logout (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (git-fixes). - scsi: qla4xxx: fix a potential NULL pointer dereference (git-fixes). - scsi: Revert 'target: iscsi: Wait for all commands to finish before freeing a session' (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG (git-fixes). - scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_srp: Do not block target in failfast state (git-fixes). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (git-fixes). - scsi: sd: do not crash the host on invalid commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: sni_53c710: fix compilation error (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: target: iscsi: Wait for all commands to finish before freeing a session (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Avoid configuring regulator with undefined voltage range (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Complete pending requests in host reset and restore path (git-fixes). - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: Fix regulator load and icc-level configuration (git-fixes). - scsi: ufs: Fix system suspend status (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: skip shutdown if hba is not powered (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - SUNRPC: Do not call __UDPX_INC_STATS() from a preemptible context (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: do not mark uninitialised items as VALID (git-fixes). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (git-fixes). - SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes). - SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes). - SUNRPC: fix cache_head leak due to queued request (git-fixes). - SUNRPC: Fix connect metrics (git-fixes). - SUNRPC: fix crash when cache_head become valid before update (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Ignore source port when computing DRC hash (git-fixes). - tracing: Fix code comments in trace.c (git-fixes). - usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded (git-fixes). - usb: dwc3: gadget: only unmap requests from DMA if mapped (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2023-145,Image SLES12-SP5-Azure-HPC-BYOS-2023-145,Image SLES12-SP5-Azure-SAP-BYOS-2023-145,Image SLES12-SP5-Azure-SAP-On-Demand-2023-145,Image SLES12-SP5-EC2-BYOS-2023-145,Image SLES12-SP5-EC2-ECS-On-Demand-2023-145,Image SLES12-SP5-EC2-On-Demand-2023-145,Image SLES12-SP5-EC2-SAP-BYOS-2023-145,Image SLES12-SP5-EC2-SAP-On-Demand-2023-145,Image SLES12-SP5-GCE-BYOS-2023-145,Image SLES12-SP5-GCE-On-Demand-2023-145,Image SLES12-SP5-GCE-SAP-BYOS-2023-145,Image SLES12-SP5-GCE-SAP-On-Demand-2023-145,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2023-145,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2023-145,SUSE-2023-145,SUSE-SLE-HA-12-SP5-2023-145,SUSE-SLE-Live-Patching-12-SP5-2023-145,SUSE-SLE-SDK-12-SP5-2023-145,SUSE-SLE-SERVER-12-SP5-2023-145,SUSE-SLE-WE-12-SP5-2023-145 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ Link for SUSE-SU-2023:0145-1 https://lists.suse.com/pipermail/sle-security-updates/2023-January/013526.html E-Mail link for SUSE-SU-2023:0145-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1065729 SUSE Bug 1065729 https://bugzilla.suse.com/1203740 SUSE Bug 1203740 https://bugzilla.suse.com/1204250 SUSE Bug 1204250 https://bugzilla.suse.com/1205695 SUSE Bug 1205695 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206344 SUSE Bug 1206344 https://bugzilla.suse.com/1206389 SUSE Bug 1206389 https://bugzilla.suse.com/1206395 SUSE Bug 1206395 https://bugzilla.suse.com/1206664 SUSE Bug 1206664 https://bugzilla.suse.com/1207036 SUSE Bug 1207036 https://bugzilla.suse.com/1207168 SUSE Bug 1207168 https://bugzilla.suse.com/1207195 SUSE Bug 1207195 https://www.suse.com/security/cve/CVE-2022-3107/ SUSE CVE CVE-2022-3107 page https://www.suse.com/security/cve/CVE-2022-3108/ SUSE CVE CVE-2022-3108 page https://www.suse.com/security/cve/CVE-2022-3564/ SUSE CVE CVE-2022-3564 page https://www.suse.com/security/cve/CVE-2022-4662/ SUSE CVE CVE-2022-4662 page https://www.suse.com/security/cve/CVE-2023-0394/ SUSE CVE CVE-2023-0394 page https://www.suse.com/security/cve/CVE-2023-23454/ SUSE CVE CVE-2023-23454 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 kernel-default-4.12.14-122.147.1 cluster-md-kmp-default-4.12.14-122.147.1 dlm-kmp-default-4.12.14-122.147.1 gfs2-kmp-default-4.12.14-122.147.1 ocfs2-kmp-default-4.12.14-122.147.1 kernel-debug-4.12.14-122.147.1 kernel-debug-base-4.12.14-122.147.1 kernel-debug-devel-4.12.14-122.147.1 kernel-debug-kgraft-devel-4.12.14-122.147.1 kernel-default-base-4.12.14-122.147.1 kernel-default-devel-4.12.14-122.147.1 kernel-default-extra-4.12.14-122.147.1 kernel-default-kgraft-4.12.14-122.147.1 kernel-default-kgraft-devel-4.12.14-122.147.1 kernel-default-man-4.12.14-122.147.1 kernel-devel-4.12.14-122.147.1 kernel-docs-4.12.14-122.147.1 kernel-docs-html-4.12.14-122.147.1 kernel-kvmsmall-4.12.14-122.147.1 kernel-kvmsmall-base-4.12.14-122.147.1 kernel-kvmsmall-devel-4.12.14-122.147.1 kernel-kvmsmall-kgraft-devel-4.12.14-122.147.1 kernel-macros-4.12.14-122.147.1 kernel-obs-build-4.12.14-122.147.1 kernel-obs-qa-4.12.14-122.147.1 kernel-source-4.12.14-122.147.1 kernel-source-vanilla-4.12.14-122.147.1 kernel-syms-4.12.14-122.147.1 kernel-vanilla-4.12.14-122.147.1 kernel-vanilla-base-4.12.14-122.147.1 kernel-vanilla-devel-4.12.14-122.147.1 kernel-vanilla-kgraft-devel-4.12.14-122.147.1 kernel-zfcpdump-4.12.14-122.147.1 kernel-zfcpdump-man-4.12.14-122.147.1 kgraft-patch-4_12_14-122_147-default-1-8.3.1 kselftests-kmp-default-4.12.14-122.147.1 kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-BYOS kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-BYOS kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-On-Demand cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-BYOS kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-On-Demand cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production cluster-md-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production dlm-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production gfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production kernel-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production ocfs2-kmp-default-4.12.14-122.147.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production cluster-md-kmp-default-4.12.14-122.147.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 dlm-kmp-default-4.12.14-122.147.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 gfs2-kmp-default-4.12.14-122.147.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 ocfs2-kmp-default-4.12.14-122.147.1 as a component of SUSE Linux Enterprise High Availability Extension 12 SP5 kernel-default-kgraft-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-default-kgraft-devel-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_147-default-1-8.3.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-default-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-base-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-devel-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-man-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-devel-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-macros-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-source-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-syms-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server 12 SP5 kernel-default-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default-base-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default-devel-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-default-man-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-devel-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-macros-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-source-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-syms-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 kernel-docs-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 kernel-obs-build-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 kernel-default-extra-4.12.14-122.147.1 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. CVE-2022-3107 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.147.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.147.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ https://www.suse.com/security/cve/CVE-2022-3107.html CVE-2022-3107 https://bugzilla.suse.com/1206395 SUSE Bug 1206395 An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). CVE-2022-3108 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.147.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.147.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ https://www.suse.com/security/cve/CVE-2022-3108.html CVE-2022-3108 https://bugzilla.suse.com/1206389 SUSE Bug 1206389 A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. CVE-2022-3564 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.147.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.147.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ https://www.suse.com/security/cve/CVE-2022-3564.html CVE-2022-3564 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206314 SUSE Bug 1206314 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. CVE-2022-4662 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.147.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.147.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ https://www.suse.com/security/cve/CVE-2022-4662.html CVE-2022-4662 https://bugzilla.suse.com/1206664 SUSE Bug 1206664 A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. CVE-2023-0394 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.147.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.147.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ https://www.suse.com/security/cve/CVE-2023-0394.html CVE-2023-0394 https://bugzilla.suse.com/1207168 SUSE Bug 1207168 cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23454 Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-Azure-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-ECS-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-EC2-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-BYOS:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-GCE-SAP-On-Demand:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:cluster-md-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:dlm-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:gfs2-kmp-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:kernel-default-4.12.14-122.147.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:cluster-md-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:dlm-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:gfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise High Availability Extension 12 SP5:ocfs2-kmp-default-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.147.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-base-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-default-man-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-macros-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-4.12.14-122.147.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-docs-4.12.14-122.147.1 SUSE Linux Enterprise Software Development Kit 12 SP5:kernel-obs-build-4.12.14-122.147.1 SUSE Linux Enterprise Workstation Extension 12 SP5:kernel-default-extra-4.12.14-122.147.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230145-1/ https://www.suse.com/security/cve/CVE-2023-23454.html CVE-2023-23454 https://bugzilla.suse.com/1207036 SUSE Bug 1207036 https://bugzilla.suse.com/1207188 SUSE Bug 1207188 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 https://bugzilla.suse.com/1211833 SUSE Bug 1211833