The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup could lead to a NULL pointer dereference. - CVE-2023-23454: Fixed a type confusion bug in the CBQ network scheduler which could lead to a use-after-free - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. The following non-security bugs were fixed: - arm64: alternative: Use true and false for boolean values - arm64: cmpwait: Clear event register before arming exclusive monitor - arm64: Fix minor issues with the dcache_by_line_op macro - arm64: fix possible spectre-v1 in ptrace_hbp_get_event - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event - arm64: ftrace: do not adjust the LR value - arm64: io: Ensure calls to delay routines are ordered against prior - arm64: io: Ensure value passed to __iormb is held in a 64-bit - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm - arm64: make secondary_start_kernel notrace - arm64: makefile fix build of .i file in external module case - arm64: ptrace: remove addr_limit manipulation - arm64: rockchip: Force CONFIG_PM on Rockchip systems - arm64: smp: Handle errors reported by the firmware - arm64/kvm: consistently handle host HCR_EL2 flags - Bluetooth: hci_qca: Fix the teardown problem for real . - CDC-NCM: remove "connected" log message . - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty . - flexfiles: enforce per-mirror stateid only for v4 DSes . - flexfiles: use per-mirror specified stateid for IO . - fs: nfs: Fix possible null-pointer dereferences in encode_attrs . - ibmveth: Always stop tx queues during close . - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames . - kABI: mitigate new ufs_stats field . - lockd: fix decoding of TEST results . - media: Do not let tvp5150_get_vbi go out of vbi_ram_default array . - media: i2c: tvp5150: remove useless variable assignment in tvp5150_set_vbi . - memcg, kmem: further deprecate kmem.limit_in_bytes . - memcg: Fix possible use-after-free in memcg_write_event_control . - mm, page_alloc: avoid expensive reclaim when compaction may not succeed . - module: set MODULE_STATE_GOING state when a module fails to load . - move new members of struct usbnet to end . - net :sunrpc :clnt :Fix xps refcount imbalance on the error path . - net: kalmia: clean up bind error path . - net: kalmia: fix memory leaks . - net: sched: atm: dont intepret cls results when asked to drop . - net: sched: cbq: dont intepret cls results when asked to drop . - net: sunrpc: Fix off-by-one issues in "rpc_ntop6" . - net: usb: asix: ax88772_bind return error when hw_reset fail . - net: usb: asix: init MAC address buffers . - net: usb: qmi_wwan: add Quectel EM160R-GL . - net: usb: qmi_wwan: add Telit 0x103a composition . - net: usb: qmi_wwan: Add the BroadMobi BM818 card . - net: usb: qmi_wwan: add u-blox 0x1342 composition . - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch . - net: usb: qmi_wwan: Set DTR quirk for MR400 . - net: usb: rtl8150: demote allmulti message to dev_dbg . - net/usb/kalmia: use ARRAY_SIZE for various array sizing calculations . - NFS Handle missing attributes in OPEN reply . - NFS: Correct size calculation for create reply length . - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails . - NFS: Fix an Oops in nfs_d_automount . - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup . - NFS: Fix memory leaks in nfs_pageio_stop_mirroring . - NFS: Fix NULL pointer dereference of dev_name . - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default . - NFS: nfs_compare_mount_options always compare auth flavors . - NFS: nfs_find_open_context may only select open files . - NFS: nfs4clinet: check the return value of kstrdup . - NFS: swap IO handling is slightly different for O_DIRECT IO . - NFS: swap-out must always use STABLE writes . - NFS: we do not support removing system.nfs4_acl . - NFS4: Fix kmemleak when allocate slot failed . - NFSD: allow fh_want_write to be called twice . - NFSD: fix a warning in __cld_pipe_upcall . - NFSD: Fix svc_xprt refcnt leak when setup callback client failed . - NFSD: fix wrong check in write_v4_end_grace . - NFSD: Keep existing listeners on portlist error . - NFSD: Return EPERM, not EACCES, in some SETATTR cases . - NFSD: Return nfserr_serverfault if splice_ok but buf- greater thanpages have data . - NFSD4: fix crash on writing v4_end_grace before nfsd startup . - NFSv2: Fix eof handling . - NFSv2: Fix write regression . - NFSv4 expose nfs_parse_server_name function . - NFSv4 only print the label when its queried . - NFSv4 remove zero number of fs_locations entries error check . - NFSv4: Fix a deadlock between nfs4_open_recover_helper and delegreturn . - NFSv4: Fix open create exclusive when the server reboots . - NFSv4: Fix return value in nfs_finish_open . - NFSv4: Fix return values for nfs4_file_open . - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall . - NFSv4.1: Fix uninitialised variable in devicenotify . - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors . - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot . - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding . - NFSv4.2: Fix a memory stomp in decode_attr_security_label . - NFSv4.2: Fix initialisation of struct nfs4_label . - NFSv4.2: Fixup CLONE dest file size for zero-length count . - NFSv4.x: Fail client initialisation if state manager thread can"t run . - NFSv4.x: fix lock recovery during delegation recall . - NFSv4/pNFS: Always return layout stats on layout return for flexfiles . - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process . - powerpc: Force inlining of cpu_has_feature to avoid build failure . - powerpc: improve handling of unrecoverable system reset . - powerpc: sysdev: add missing iounmap on error in mpic_msgr_probe . - powerpc/64: Init jump labels before parse_early_param . - powerpc/64/module: REL32 relocation range check . - powerpc/64s/hash: Fix stab_rr off by one initialization . - powerpc/64s/pgtable: fix an undefined behaviour . - powerpc/boot: Disable vector instructions . - powerpc/boot: Explicitly disable usage of SPE instructions . - powerpc/boot: Fix 64-bit boot wrapper build with non-biarch compiler . - powerpc/boot: Fix missing check of lseek return value . - powerpc/boot: Fixup device-tree on little endian . - powerpc/crashkernel: Take "mem=" option into account . - powerpc/eeh: Fix possible null deref in eeh_dump_dev_log . - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field . - powerpc/eeh: Only dump stack once if an MMIO loop is detected . - powerpc/futex: Fix warning: "oldval" may be used uninitialized in this function . - powerpc/iommu: Avoid derefence before pointer check . - powerpc/mm: Make NULL pointer deferences explicit on bad page faults . - powerpc/pci: Fix get_phb_number locking . - powerpc/pci/of: Fix OF flags parsing for 64bit BARs . - powerpc/perf: callchain validate kernel stack pointer bounds . - powerpc/powernv: add missing of_node_put . - powerpc/powernv: opal_put_chars partial write fix . - powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status . - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number . - powerpc/powernv/smp: Fix spurious DBG warning . - powerpc/pseries: add of_node_put in dlpar_detach_node . - powerpc/pseries: Fix node leak in update_lmb_associativity_index . - powerpc/pseries: Mark accumulate_stolen_time as notrace . - powerpc/pseries: Stop calling printk in rtas_stop_self . - powerpc/pseries: unregister VPA when hot unplugging a CPU . - powerpc/pseries/cmm: Implement release function for sysfs device . - powerpc/pseries/eeh: use correct API for error log size . - powerpc/pseries/hvconsole: Fix stack overread via udbg . - powerpc/rtas: avoid device tree lookups in rtas_os_term . - powerpc/rtas: avoid scheduling in rtas_os_term . - powerpc/smp: Set numa node before updating mask . - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV . - powerpc/time: Fix clockevent_decrementer initalisation for PR KVM . - powerpc/time: Use clockevents_register_device, fixing an issue with large decrementer . - powerpc/traps: Fix the message printed when stack overflows . - powerpc/xive: Add a check for memory allocation failure . - powerpc/xive: add missing iounmap in error path in xive_spapr_populate_irq_data . - powerpc/xive: Move a dereference below a NULL test . - powerpc/xive/spapr: correct bitmap allocation size . - powerpc/xmon: fix dump_segments . - rndis_host: increase sleep time in the query-response loop . - rpc: fix gss_svc_init cleanup on failure . - rpc: fix NULL dereference on kmalloc failure . - scsi: 3w-9xxx: Avoid disabling device if failing to enable it . - scsi: 3ware: fix return 0 on the error path of probe . - scsi: 53c700: pass correct "dev" to dma_alloc_attrs . - scsi: aacraid: Disabling TM path and only processing IOP reset . - scsi: aacraid: fix illegal IO beyond last LBA . - scsi: advansys: Fix kernel pointer leak . - scsi: aha152x: Fix aha152x_setup __setup handler return value . - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate . - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 . - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE . - scsi: bfa: Replace snprintf with sysfs_emit . - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic . - scsi: core: Avoid printing an error if target_alloc returns -ENXIO . - scsi: core: Cap scsi_host cmd_per_lun at can_queue . - scsi: core: Do not start concurrent async scan on same host . - scsi: core: Fix shost- greater thancmd_per_lun calculation in scsi_add_host_with_dma . - scsi: core: Reduce memory required for SCSI logging . - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c . - scsi: dc395x: fix DMA API usage in sg_update_list . - scsi: dc395x: fix dma API usage in srb_done . - scsi: fcoe: drop frames in ELS LOGO error path . - scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send . - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE . - scsi: fnic: fix use after free . - scsi: hisi_sas: Check sas_port before using it . - scsi: hpsa: correct scsi command status issue after reset . - scsi: hpsa: Fix memory leak in hpsa_init_one . - scsi: ibmvscsis: Ensure partition name is properly NUL terminated . - scsi: ibmvscsis: Fix a stringop-overflow warning . - scsi: ipr: Fix missing/incorrect resource cleanup in error case . - scsi: ipr: Fix softlockup when rescanning devices in petitboot . - scsi: ips: fix missing break in switch . - scsi: isci: Change sci_controller_start_task"s return type to sci_status . - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler . - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param . - scsi: iscsi: Add iscsi_cls_conn refcount helpers . - scsi: iscsi: Do not destroy session if there are outstanding connections . - scsi: iscsi: Do not put host in iscsi_set_flashnode_param . - scsi: iscsi: Do not send data to unbound connection . - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj . - scsi: iscsi: Fix shost- greater thanmax_id use . - scsi: iscsi: flush running unbind operations when removing a session . - scsi: iscsi: Report unbind session event when the target has been removed . - scsi: iscsi: Unblock session then wake up error handler . - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route . - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy . - scsi: libfc: Fix a format specifier . - scsi: libfc: Fix use after free in fc_exch_abts_resp . - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu error handling . - scsi: libiscsi: Fix NOP race condition . - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset . - scsi: libiscsi: Fix UAF in iscsi_conn_get_param/iscsi_conn_teardown . - scsi: libsas: Check SMP PHY control function result . - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology . - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry . - scsi: megaraid_sas: fix panic on loading firmware crashdump . - scsi: megaraid_sas: reduce module load time . - scsi: megaraid: disable device when probe failed after enabled device . - scsi: megaraid: Fix error check return value of register_chrdev . - scsi: mpt3sas: Fix clear pending bit in ioctl status . - scsi: mpt3sas: Fix double free warnings . - scsi: mpt3sas: Increase IOCInit request timeout to 30s . - scsi: mvsas: Add PCI ID of RocketRaid 2640 . - scsi: mvsas: Replace snprintf with sysfs_emit . - scsi: mvumi: Fix error return in mvumi_io_attach . - scsi: NCR5380: Add disconnect_mask module parameter . - scsi: NCR5380: Check for bus reset . - scsi: NCR5380: Check for invalid reselection target . - scsi: NCR5380: Clear all unissued commands on host reset . - scsi: NCR5380: Do not call dsprintk following reselection interrupt . - scsi: NCR5380: Do not clear busy flag when abort fails . - scsi: NCR5380: Handle BUS FREE during reselection . - scsi: NCR5380: Have NCR5380_select return a bool . - scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data . - scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE . - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort . - scsi: pm8001: Fix pm8001_mpi_task_abort_resp . - scsi: pm80xx: Corrected dma_unmap_sg parameter . - scsi: pm80xx: Fix for SATA device discovery . - scsi: pm80xx: Fixed system hang issue during kexec boot . - scsi: pmcraid: Fix missing resource cleanup in error case . - scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails . - scsi: qedi: Abort ep termination if offload not scheduled . - scsi: qedi: Do not flush offload work if ARP not resolved . - scsi: qedi: Fix list_del corruption while removing active I/O . - scsi: qedi: Fix null ref during abort handling . - scsi: qedi: Fix termination timeouts in session logout . - scsi: qedi: Protect active command list to avoid list corruption . - scsi: qla2xxx: Fix crash when I/O abort times out . - scsi: qla2xxx: Fix set-but-not-used variable warnings . - scsi: qla2xxx: Initialize vha- greater thanunknown_atio_[list, work] for NPIV hosts . - scsi: qla2xxx: Remove duplicate of vha- greater thaniocb_work initialization . - scsi: qla2xxx: Remove unused variable "found_devs" . - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param . - scsi: qla4xxx: fix a potential NULL pointer dereference . - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" . - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper . - scsi: scsi_debug: num_tgts must be greater than= 0 . - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG . - scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions . - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg . - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach . - scsi: scsi_transport_spi: Fix function pointer check . - scsi: scsi_transport_srp: Do not block target in failfast state . - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state . - scsi: sd: do not crash the host on invalid commands . - scsi: sd: Free scsi_disk device via put_device . - scsi: ses: Fix unsigned comparison with less than zero . - scsi: ses: Retry failed Send/Receive Diagnostic commands . - scsi: sni_53c710: fix compilation error . - scsi: sr: Do not use GFP_DMA . - scsi: sr: Fix sr_probe missing deallocate of device minor . - scsi: sr: Return appropriate error code when disk is ejected . - scsi: sr: Return correct event when media event code is 3 . - scsi: st: Fix a use after free in st_open . - scsi: target: iscsi: Wait for all commands to finish before freeing a session . - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk - greater thanpoweroff . - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices . - scsi: ufs: Avoid configuring regulator with undefined voltage range . - scsi: ufs: Clean up completed request without interrupt notification . - scsi: ufs: Complete pending requests in host reset and restore path . - scsi: ufs: delete redundant function ufshcd_def_desc_sizes . - scsi: ufs: Fix error handing during hibern8 enter . - scsi: ufs: Fix possible infinite loop in ufshcd_hold . - scsi: ufs: fix potential bug which ends in system hang . - scsi: ufs: Fix regulator load and icc-level configuration . - scsi: ufs: Fix system suspend status . - scsi: ufs: Improve interrupt handling for shared interrupts . - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE . - scsi: ufs: skip shutdown if hba is not powered . - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config . - scsi: virtio_scsi: Fix spelling mistake "Unsupport" - greater than "Unsupported" . - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload . - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits . - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED . - scsi: vmw_pvscsi: Set correct residual data length . - scsi: vmw_pvscsi: Set residual data length conditionally . - SUNRPC: Do not call __UDPX_INC_STATS from a preemptible context . - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf fails . - SUNRPC: do not mark uninitialised items as VALID . - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer . - SUNRPC: Fix a bogus get/put in generic_key_to_expire . - SUNRPC: Fix a compile warning for cmpxchg64 . - SUNRPC: Fix a race with XPRT_CONNECTING . - SUNRPC: fix cache_head leak due to queued request . - SUNRPC: Fix connect metrics . - SUNRPC: fix crash when cache_head become valid before update . - SUNRPC: Fix missing release socket in rpc_sockname . - SUNRPC: Handle 0 length opaque XDR object data properly . - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header . - SUNRPC: stop printk reading past end of string . - svcrdma: Ignore source port when computing DRC hash . - tracing: Fix code comments in trace.c . - usb: dwc3: gadget: Fix OTG events when gadget driver isn"t loaded . - usb: dwc3: gadget: only unmap requests from DMA if mapped . - xprtrdma: treat all calls not a bcall when bc_serv is NULL . Special Instructions and Notes: Please reboot the system after installing this update.