Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:3601-1
Rating:	important
References:	bsc#1120059 bsc#1203517 bsc#1210327 bsc#1210448 bsc#1212051 bsc#1213543 bsc#1213546 bsc#1213601 bsc#1213666 bsc#1213899 bsc#1213904 bsc#1213906 bsc#1213908 bsc#1213910 bsc#1213911 bsc#1213912 bsc#1213921 bsc#1213927 bsc#1213969 bsc#1213970 bsc#1213971 bsc#1214019 bsc#1214149 bsc#1214157 bsc#1214209 bsc#1214233 bsc#1214299 bsc#1214335 bsc#1214348 bsc#1214350 bsc#1214451 bsc#1214453 bsc#1214752 bsc#1214928 bsc#1215028 bsc#1215032 bsc#1215034 bsc#1215035 bsc#1215036 bsc#1215037 bsc#1215038 bsc#1215041 bsc#1215046 bsc#1215049 bsc#1215057 jsc#PED-4579
Cross-References:	CVE-2022-36402 CVE-2023-2007 CVE-2023-20588 CVE-2023-34319 CVE-2023-3772 CVE-2023-3812 CVE-2023-3863 CVE-2023-40283 CVE-2023-4128 CVE-2023-4132 CVE-2023-4133 CVE-2023-4134 CVE-2023-4194 CVE-2023-4385 CVE-2023-4387 CVE-2023-4459
CVSS scores:	CVE-2022-36402 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36402 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-3863 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4132 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-4132 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2023-4385 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4385 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4459 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Real Time 12 SP5 SUSE Linux Enterprise Server 12 SP5

An update that solves 16 vulnerabilities, contains one feature and has 29 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
• CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
• CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
• CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
• CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
• CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
• CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
• CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
• CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
• CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
• CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
• CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
• CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
• CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
• CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
• CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).

The following non-security bugs were fixed:

• af_key: fix send_acquire race with pfkey_register (git-fixes).
• af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git-fixes).
• af_unix: fix a data race of sk->sk_receive_queue->qlen (git-fixes).
• arm64: re-enable support for contiguous hugepages (git-fixes)
• arm64: vdso: fix clock_getres() for clock_realtime (git-fixes)
• arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
• bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
• bnx2x: fix page fault following eeh recovery (bsc#1214299).
• bonding: fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
• bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
• bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes)
• bridge: ebtables: do not crash when using dnat target in output chains (git-fixes).
• btrfs-allow-use-of-global-block-reserve-for-balance: (bsc#1214335).
• btrfs-unset-reloc-control-if-transaction-commit-fail: (bsc#1212051).
• clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
• clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
• fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
• fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
• fs: lockd: avoid possible wrong null parameter (git-fixes).
• inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes).
• kabi/severities: ignore newly added srso mitigation functions
• libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752).
• module: avoid allocation if module is already present and ready (bsc#1213921).
• module: extract patient module check into helper (bsc#1213921).
• module: move check_modinfo() early to early_mod_check() (bsc#1213921).
• module: move early sanity checks into a helper (bsc#1213921).
• net-sysfs: call dev_hold always in netdev_queue_add_kobject (git-fixes).
• net-sysfs: call dev_hold always in rx_queue_add_kobject (git-fixes).
• net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes).
• net-sysfs: fix reference count leak in rx|netdev_queue_add_kobject (git-fixes).
• net/af_unix: fix a data-race in unix_dgram_poll (git-fixes).
• net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git-fixes).
• net/fq_impl: switch to kvmalloc() for memory allocation (git-fixes).
• net: bnx2x: fix variable dereferenced before check (git-fixes).
• net: icmp: fix data-race in cmp_global_allow() (git-fixes).
• net: mana: add support for xdp_query_prog (jsc#sle-18779, bsc#1214209).
• net: usb: qmi_wwan: add support for compal rxm-g1 (git-fixes).
• netfilter: ipset: fix an error code in ip_set_sockfn_get() (git-fixes).
• netfilter: nf_conntrack: fix possible possible crash on module loading (git-fixes).
• nfs/blocklayout: use the passed in gfp flags (git-fixes).
• nfs: guard against readdir loop when entry names exceed maxnamelen (git-fixes).
• nfsd: add encoding of op_recall flag for write delegation (git-fixes).
• nfsd: da_addr_body field missing in some getdeviceinfo replies (git-fixes).
• nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
• packet: fix data-race in fanout_flow_is_huge() (git-fixes).
• packet: unconditionally free po->rollover (git-fixes).
• powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
• revert "scsi: qla2xxx: fix buffer overrun" (bsc#1214928).
• ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
• ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
• s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057).
• s390/cpum_sf: avoid sbd overflow condition in irq handler (git-fixes bsc#1213908).
• s390/cpum_sf: check for sdbt and sdb consistency (git-fixes bsc#1213910).
• s390/dasd/cio: interpret ccw_device_get_mdc return value correctly (git-fixes bsc#1215049).
• s390/dasd: fix capacity calculation for large volumes (git-fixes bsc#1215034).
• s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).
• s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912).
• s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899).
• s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037).
• s390/kdump: fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).
• s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035).
• s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038).
• s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906).
• s390/smp: fix physical to logical cpu map for smt (git-fixes bsc#1213904).
• s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911).
• s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041).
• s390/zcrypt: handle new reply code filtered_by_hypervisor (git-fixes bsc#1215046).
• s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032).
• s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).
• sched/core: check quota and period overflow at usec to nsec conversion (git fixes).
• sched/core: handle overflow in cpu_shares_write_u64 (git fixes).
• sched/cpufreq: fix kobject memleak (git fixes).
• sched/fair: do not numa balance for kthreads (git fixes).
• sched/fair: fix cfs bandwidth hrtimer expiry type (git fixes).
• sched/topology: fix off by one bug (git fixes).
• scsi: qla2xxx: add logs for sfp temperature monitoring (bsc#1214928).
• scsi: qla2xxx: allow 32-byte cdbs (bsc#1214928).
• scsi: qla2xxx: error code did not return to upper layer (bsc#1214928).
• scsi: qla2xxx: fix firmware resource tracking (bsc#1214928).
• scsi: qla2xxx: fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
• scsi: qla2xxx: flush mailbox commands on chip reset (bsc#1214928).
• scsi: qla2xxx: move resource to allow code reuse (bsc#1214928).
• scsi: qla2xxx: remove unsupported ql2xenabledif option (bsc#1214928).
• scsi: qla2xxx: remove unused declarations (bsc#1214928).
• scsi: qla2xxx: remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
• scsi: qla2xxx: update version to 10.02.09.100-k (bsc#1214928).
• scsi: storvsc: always set no_report_opcodes (git-fixes).
• scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
• skbuff: fix a data race in skb_queue_len() (git-fixes).
• sort latest foray of security patches
• sunrpc: always clear xprt_sock_connecting before xprt_clear_connecting on tcp xprt (bsc#1214453).
• timers: add shutdown mechanism to the internal functions (bsc#1213970).
• timers: provide timer_shutdown_sync (bsc#1213970).
• timers: rename del_timer() to timer_delete() (bsc#1213970).
• timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
• timers: replace bug_on()s (bsc#1213970).
• timers: silently ignore timers with a null function (bsc#1213970).
• timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970).
• timers: update kernel-doc for various functions (bsc#1213970).
• timers: use del_timer_sync() even on up (bsc#1213970).
• tracing: fix warning in trace_buffered_event_disable() (git-fixes).
• tun: fix bonding active backup with arp monitoring (git-fixes).
• ubifs: fix snprintf() checking (git-fixes).
• udp6: fix race condition in udp6_sendmsg & connect (git-fixes).
• udp: fix race between close() and udp_abort() (git-fixes).
• usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
• usb: host: xhci: fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
• usb: serial: cp210x: add kamstrup rf sniffer pids (git-fixes).
• usb: serial: cp210x: add scalance lpe-9000 device id (git-fixes).
• usb: serial: option: add lara-r6 01b pids (git-fixes).
• usb: serial: option: add quectel ec200a module support (git-fixes).
• usb: serial: option: add quectel ec200u modem (git-fixes).
• usb: serial: option: add quectel em05cn (sg) modem (git-fixes).
• usb: serial: option: add quectel em05cn modem (git-fixes).
• usb: serial: option: add support for vw/skoda "carstick lte" (git-fixes).
• usb: serial: option: add u-blox lara-l6 modem (git-fixes).
• usb: serial: option: support quectel em060k_128 (git-fixes).
• usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
• usb: serial: simple: sort driver entries (git-fixes).
• usb: xhci-mtk: set the dma max_seg_size (git-fixes).
• usb: xhci: check endpoint is valid before dereferencing it (git-fixes).
• usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
• x86/bugs: reset speculation control settings on init (git-fixes).
• x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
• x86/cpu/amd: enable zenbleed fix for amd custom apu 0405 (git-fixes).
• x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
• x86/cpu/vmware: fix platform detection vmware_port macro (bsc#1210327).
• x86/cpu/vmware: use the full form of inl in vmware_hypercall, for clang/llvm (bsc#1210327).
• x86/cpu/vmware: use the full form of inl in vmware_port (bsc#1210327).
• x86/cpu: cleanup the untrain mess (git-fixes).
• x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
• x86/cpu: fix amd_check_microcode() declaration (git-fixes).
• x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
• x86/cpu: rename original retbleed methods (git-fixes).
• x86/cpu: rename srso_(.*)alias to srso_alias\1 (git-fixes).
• x86/crash: disable virt in core nmi crash handler to avoid double shootdown (git-fixes).
• x86/ioapic: do not return 0 from arch_dynirq_lower_bound() (git-fixes).
• x86/microcode/amd: load late on both threads too (git-fixes).
• x86/mm: do not shuffle cpu entry areas without kaslr (git-fixes).
• x86/mm: fix use of uninitialized buffer in sme_enable() (git-fixes).
• x86/reboot: disable svm, not just vmx, when stopping cpus (git-fixes).
• x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
• x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
• x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
• x86/speculation: add cpu_show_gds() prototype (git-fixes).
• x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
• x86/srso: correct the mitigation status when smt is disabled (git-fixes).
• x86/srso: disable the mitigation on unaffected configurations (git-fixes).
• x86/srso: explain the untraining sequences a bit more (git-fixes).
• x86/srso: fix build breakage with the llvm linker (git-fixes).
• x86/virt: force gif=1 prior to disabling svm (for reboot flows) (git-fixes).
• x86/vmware: add a header file for hypercall definitions (bsc#1210327).
• x86/vmware: add steal time clock support for vmware guests (bsc#1210327).
• x86/vmware: enable steal time accounting (bsc#1210327).
• x86/vmware: update platform detection code for vmcall/vmmcall hypercalls (bsc#1210327).
• x86: move gds_ucode_mitigated() declaration to header (git-fixes).
• xfrm: release device reference for invalid state (git-fixes).
• xhci-pci: set the dma max_seg_size (git-fixes).
• xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time 12 SP5
  zypper in -t patch SUSE-SLE-RT-12-SP5-2023-3601=1

Package List:

• SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
  • kernel-rt-debugsource-4.12.14-10.141.1
  • kernel-rt_debug-devel-debuginfo-4.12.14-10.141.1
  • kernel-rt-devel-debuginfo-4.12.14-10.141.1
  • cluster-md-kmp-rt-4.12.14-10.141.1
  • cluster-md-kmp-rt-debuginfo-4.12.14-10.141.1
  • gfs2-kmp-rt-debuginfo-4.12.14-10.141.1
  • kernel-rt-base-debuginfo-4.12.14-10.141.1
  • kernel-rt-debuginfo-4.12.14-10.141.1
  • dlm-kmp-rt-debuginfo-4.12.14-10.141.1
  • kernel-rt_debug-debuginfo-4.12.14-10.141.1
  • kernel-syms-rt-4.12.14-10.141.1
  • dlm-kmp-rt-4.12.14-10.141.1
  • gfs2-kmp-rt-4.12.14-10.141.1
  • kernel-rt_debug-devel-4.12.14-10.141.1
  • kernel-rt_debug-debugsource-4.12.14-10.141.1
  • ocfs2-kmp-rt-debuginfo-4.12.14-10.141.1
  • ocfs2-kmp-rt-4.12.14-10.141.1
  • kernel-rt-devel-4.12.14-10.141.1
  • kernel-rt-base-4.12.14-10.141.1
• SUSE Linux Enterprise Real Time 12 SP5 (noarch)
  • kernel-devel-rt-4.12.14-10.141.1
  • kernel-source-rt-4.12.14-10.141.1
• SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
  • kernel-rt_debug-4.12.14-10.141.1
  • kernel-rt-4.12.14-10.141.1

References:

• https://www.suse.com/security/cve/CVE-2022-36402.html
• https://www.suse.com/security/cve/CVE-2023-2007.html
• https://www.suse.com/security/cve/CVE-2023-20588.html
• https://www.suse.com/security/cve/CVE-2023-34319.html
• https://www.suse.com/security/cve/CVE-2023-3772.html
• https://www.suse.com/security/cve/CVE-2023-3812.html
• https://www.suse.com/security/cve/CVE-2023-3863.html
• https://www.suse.com/security/cve/CVE-2023-40283.html
• https://www.suse.com/security/cve/CVE-2023-4128.html
• https://www.suse.com/security/cve/CVE-2023-4132.html
• https://www.suse.com/security/cve/CVE-2023-4133.html
• https://www.suse.com/security/cve/CVE-2023-4134.html
• https://www.suse.com/security/cve/CVE-2023-4194.html
• https://www.suse.com/security/cve/CVE-2023-4385.html
• https://www.suse.com/security/cve/CVE-2023-4387.html
• https://www.suse.com/security/cve/CVE-2023-4459.html
• https://bugzilla.suse.com/show_bug.cgi?id=1120059
• https://bugzilla.suse.com/show_bug.cgi?id=1203517
• https://bugzilla.suse.com/show_bug.cgi?id=1210327
• https://bugzilla.suse.com/show_bug.cgi?id=1210448
• https://bugzilla.suse.com/show_bug.cgi?id=1212051
• https://bugzilla.suse.com/show_bug.cgi?id=1213543
• https://bugzilla.suse.com/show_bug.cgi?id=1213546
• https://bugzilla.suse.com/show_bug.cgi?id=1213601
• https://bugzilla.suse.com/show_bug.cgi?id=1213666
• https://bugzilla.suse.com/show_bug.cgi?id=1213899
• https://bugzilla.suse.com/show_bug.cgi?id=1213904
• https://bugzilla.suse.com/show_bug.cgi?id=1213906
• https://bugzilla.suse.com/show_bug.cgi?id=1213908
• https://bugzilla.suse.com/show_bug.cgi?id=1213910
• https://bugzilla.suse.com/show_bug.cgi?id=1213911
• https://bugzilla.suse.com/show_bug.cgi?id=1213912
• https://bugzilla.suse.com/show_bug.cgi?id=1213921
• https://bugzilla.suse.com/show_bug.cgi?id=1213927
• https://bugzilla.suse.com/show_bug.cgi?id=1213969
• https://bugzilla.suse.com/show_bug.cgi?id=1213970
• https://bugzilla.suse.com/show_bug.cgi?id=1213971
• https://bugzilla.suse.com/show_bug.cgi?id=1214019
• https://bugzilla.suse.com/show_bug.cgi?id=1214149
• https://bugzilla.suse.com/show_bug.cgi?id=1214157
• https://bugzilla.suse.com/show_bug.cgi?id=1214209
• https://bugzilla.suse.com/show_bug.cgi?id=1214233
• https://bugzilla.suse.com/show_bug.cgi?id=1214299
• https://bugzilla.suse.com/show_bug.cgi?id=1214335
• https://bugzilla.suse.com/show_bug.cgi?id=1214348