Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:1802-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
  • CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-28327 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • openSUSE Leap 15.4
  • Public Cloud Module 15-SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves 11 vulnerabilities and has 25 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
  • CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  • CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
  • CVE-2023-0394: Fixed NULL pointer dereference that could lead to a system crash in rawv6_push_pending_frames in net/ipv6/raw.c (bsc#1207168).
  • CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
  • CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
  • CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
  • CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
  • CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
  • CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
  • CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
  • CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).

The following non-security bugs were fixed:

  • ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
  • ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
  • ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
  • ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
  • ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
  • ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
  • ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
  • ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
  • ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
  • ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
  • ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
  • ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
  • Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
  • Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
  • Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
  • Fix error path in pci-hyperv to unlock the mutex state_lock
  • HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
  • HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
  • Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
  • KVM: x86: fix sending PV IPI (git-fixes).
  • Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
  • NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
  • PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
  • PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
  • PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
  • PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
  • PCI: hv: Use async probing to reduce boot time (bsc#1207185).
  • PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
  • Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798)
  • Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1207185).
  • Revert "Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798)"
  • Revert "Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)
  • Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798)
  • USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
  • USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
  • USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
  • USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
  • USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
  • USB: dwc3: Fix a typo in field name (git-fixes).
  • USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
  • USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
  • USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
  • USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
  • USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
  • USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
  • arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
  • arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
  • arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
  • arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
  • arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
  • arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
  • arm64: dts: imx8mp: correct usb clocks (git-fixes)
  • arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
  • arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
  • arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
  • atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
  • ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
  • ca8210: fix mac_len negative array access (git-fixes).
  • can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
  • cifs: Fix smb2_set_path_size() (git-fixes).
  • cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
  • cifs: append path to open_enter trace event (bsc#1193629).
  • cifs: avoid race conditions with parallel reconnects (bsc#1193629).
  • cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
  • cifs: check only tcon status on tcon related functions (bsc#1193629).
  • cifs: do not poll server interfaces too regularly (bsc#1193629).
  • cifs: dump pending mids for all channels in DebugData (bsc#1193629).
  • cifs: empty interface list when server does not support query interfaces (bsc#1193629).
  • cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
  • cifs: fix dentry lookups in directory handle cache (bsc#1193629).
  • cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
  • cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
  • cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
  • cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
  • cifs: lock chan_lock outside match_session (bsc#1193629).
  • cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
  • cifs: print session id while listing open files (bsc#1193629).
  • cifs: return DFS root session id in DebugData (bsc#1193629).
  • cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
  • cifs: use DFS root session instead of tcon ses (bsc#1193629).
  • drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
  • drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
  • drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
  • drm/amdkfd: Fix an illegal memory access (git-fixes).
  • drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
  • drm/i915/active: Fix missing debug object activation (git-fixes).
  • drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
  • drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
  • drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
  • drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
  • drm/i915/display: clean up comments (git-fixes).
  • drm/i915/gt: perform uc late init after probe error injection (git-fixes).
  • drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
  • drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
  • drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
  • drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
  • drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
  • drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
  • efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
  • fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
  • firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
  • hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
  • i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
  • i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
  • i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
  • kABI: x86/msr: Remove .fixup usage (kabi).
  • kconfig: Update config changed flag before calling callback (git-fixes).
  • lan78xx: Add missing return code checks (git-fixes).
  • lan78xx: Fix exception on link speed change (git-fixes).
  • lan78xx: Fix memory allocation bug (git-fixes).
  • lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
  • lan78xx: Fix race condition in disconnect handling (git-fixes).
  • lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
  • lan78xx: Fix white space and style issues (git-fixes).
  • lan78xx: Remove unused pause frame queue (git-fixes).
  • lan78xx: Remove unused timer (git-fixes).
  • lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
  • lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
  • locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
  • mm: memcg: fix swapcached stat accounting (bsc#1209804).
  • mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
  • mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
  • net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes).
  • net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
  • net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
  • net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
  • net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
  • net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
  • net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
  • net: usb: asix: remove redundant assignment to variable reg (git-fixes).
  • net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
  • net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
  • net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
  • net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
  • net: usb: use eth_hw_addr_set() (git-fixes).
  • nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
  • nvme-tcp: always fail a request when sending it failed (bsc#1208902).
  • pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
  • pinctrl: at91-pio4: fix domain name assignment (git-fixes).
  • pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
  • platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
  • platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
  • platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
  • platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
  • platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
  • platform/x86: think-lmi: Opcode support (bsc#1210050).
  • platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
  • platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
  • platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
  • platform/x86: think-lmi: add debug_cmd (bsc#1210050).
  • platform/x86: think-lmi: add missing type attribute (git-fixes).
  • platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
  • platform/x86: think-lmi: only display possible_values if available (git-fixes).
  • platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
  • platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
  • platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
  • platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
  • platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
  • platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
  • platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
  • platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
  • platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
  • platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
  • platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
  • platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
  • platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
  • platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
  • platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
  • platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
  • platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
  • platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
  • platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050).
  • platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
  • platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
  • platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
  • platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
  • platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
  • platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
  • platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
  • platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
  • platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
  • platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
  • power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
  • powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
  • powerpc/btext: add missing of_node_put (bsc#1065729).
  • powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
  • powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
  • powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
  • powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
  • powerpc/kexec_file: fix implicit decl error (bsc#1194869).
  • powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
  • powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
  • powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
  • powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
  • powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
  • powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
  • powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
  • powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
  • powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
  • powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
  • r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
  • regulator: Handle deferred clk (git-fixes).
  • remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185).
  • rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far.
  • rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5.
  • s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
  • s390/dasd: fix no record found for raw_track_access (bsc#1207574).
  • s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
  • sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
  • sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
  • scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
  • sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
  • serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
  • serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
  • serial: fsl_lpuart: Fix comment typo (git-fixes).
  • smb3: fix unusable share after force unmount failure (bsc#1193629).
  • smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
  • thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
  • thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
  • thunderbolt: Disable interrupt auto clear for rings (git-fixes).
  • thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
  • thunderbolt: Use const qualifier for ring_interrupt_index (git-fixes).
  • thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
  • tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
  • uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
  • vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
  • wifi: mac80211: fix qos on mesh interfaces (git-fixes).
  • x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
  • x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
  • x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  • x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
  • x86/fpu: Cache xfeature flags from CPUID (git-fixes).
  • x86/fpu: Remove unused supervisor only offsets (git-fixes).
  • x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
  • x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
  • x86/mce: Allow instrumentation during task work queueing (git-fixes).
  • x86/mce: Mark mce_end() noinstr (git-fixes).
  • x86/mce: Mark mce_panic() noinstr (git-fixes).
  • x86/mce: Mark mce_read_aux() noinstr (git-fixes).
  • x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
  • x86/msr: Remove .fixup usage (git-fixes).
  • x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
  • x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
  • x86/uaccess: Move variable into switch case statement (git-fixes).
  • x86: Annotate call_on_stack() (git-fixes).
  • x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
  • xfs: convert ptag flags to unsigned (git-fixes).
  • xfs: do not assert fail on perag references on teardown (git-fixes).
  • xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
  • xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
  • xfs: remove xfs_setattr_time() declaration (git-fixes).
  • xfs: zero inode fork buffer at allocation (git-fixes).
  • xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2023-1802=1
  • Public Cloud Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1802=1

Package List:

  • openSUSE Leap 15.4 (aarch64 x86_64)
    • ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    • kernel-azure-optional-5.14.21-150400.14.43.1
    • kselftests-kmp-azure-5.14.21-150400.14.43.1
    • reiserfs-kmp-azure-5.14.21-150400.14.43.1
    • dlm-kmp-azure-5.14.21-150400.14.43.1
    • kselftests-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    • reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    • kernel-azure-optional-debuginfo-5.14.21-150400.14.43.1
    • kernel-syms-azure-5.14.21-150400.14.43.1
    • kernel-azure-debugsource-5.14.21-150400.14.43.1
    • kernel-azure-extra-debuginfo-5.14.21-150400.14.43.1
    • gfs2-kmp-azure-5.14.21-150400.14.43.1
    • ocfs2-kmp-azure-5.14.21-150400.14.43.1
    • kernel-azure-devel-debuginfo-5.14.21-150400.14.43.1
    • kernel-azure-devel-5.14.21-150400.14.43.1
    • gfs2-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    • cluster-md-kmp-azure-5.14.21-150400.14.43.1
    • kernel-azure-livepatch-devel-5.14.21-150400.14.43.1
    • cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.43.1
    • kernel-azure-debuginfo-5.14.21-150400.14.43.1
    • kernel-azure-extra-5.14.21-150400.14.43.1
    • dlm-kmp-azure-debuginfo-5.14.21-150400.14.43.1
  • openSUSE Leap 15.4 (aarch64 nosrc x86_64)
    • kernel-azure-5.14.21-150400.14.43.1
  • openSUSE Leap 15.4 (noarch)
    • kernel-source-azure-5.14.21-150400.14.43.1
    • kernel-devel-azure-5.14.21-150400.14.43.1
  • Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
    • kernel-azure-5.14.21-150400.14.43.1
  • Public Cloud Module 15-SP4 (aarch64 x86_64)
    • kernel-azure-devel-debuginfo-5.14.21-150400.14.43.1
    • kernel-syms-azure-5.14.21-150400.14.43.1
    • kernel-azure-devel-5.14.21-150400.14.43.1
    • kernel-azure-debuginfo-5.14.21-150400.14.43.1
    • kernel-azure-debugsource-5.14.21-150400.14.43.1
  • Public Cloud Module 15-SP4 (noarch)
    • kernel-source-azure-5.14.21-150400.14.43.1
    • kernel-devel-azure-5.14.21-150400.14.43.1

References: