The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink . * CVE-2017-5753: Fixed spectre vulnerability in prlimit . * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA . * CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c . * CVE-2023-0590: Fixed race condition in qdisc_graft . * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets . * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head . * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex . * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit . * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak . * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler . * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion . * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c . * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c . * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c . The following non-security bugs were fixed: * ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel * Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE . * Bluetooth: btusb: do not call kfree_skb under spin_lock_irqsave . * Input: atmel_mxt_ts - fix double free in mxt_read_info_block . * KVM: arm64: Hide system instruction access to Trace registers * NFSv4: Fix hangs when recovering open state after a server reboot . * PCI/MSI: Enforce MSI entry updates to be visible . * PCI/MSI: Enforce that MSI-X table entry is masked for update . * PCI/MSI: Mask all unused MSI-X entries . * PCI/MSI: Skip masking MSI-X on Xen PV . * PCI/PM: Always return devices to D0 when thawing . * PCI/PM: Avoid using device_may_wakeup for runtime PM . * PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints . * PCI: Add ACS quirk for iProc PAXB . * PCI: Avoid FLR for AMD Matisse HD Audio USB 3.0 . * PCI: Avoid FLR for AMD Starship USB 3.0 . * PCI: Make ACS quirk implementations more uniform . * PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently . * PCI: PM: Avoid skipping bus-level PM on platforms without ACPI . * PCI: Unify ACS quirk desired vs provided checking . * PCI: Use pci_update_current_state in pci_enable_device_flags . * PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register . * PCI: aardvark: Do not rely on jiffies while holding spinlock . * PCI: aardvark: Do not touch PCIe registers if no card connected . * PCI: aardvark: Fix a leaked reference by adding missing of_node_put . * PCI: aardvark: Fix checking for PIO Non-posted Request . * PCI: aardvark: Fix kernel panic during PIO transfer . * PCI: aardvark: Improve link training . * PCI: aardvark: Indicate error in "val" when config read fails . * PCI: aardvark: Introduce an advk_pcie_valid_device helper . * PCI: aardvark: Remove PCIe outbound window configuration . * PCI: aardvark: Train link immediately after enabling training . * PCI: aardvark: Wait for endpoint to be ready before training link . * PCI: endpoint: Cast the page number to phys_addr_t . * PCI: endpoint: Fix for concurrent memory allocation in OB address region . * PCI: hv: Add a per-bus mutex state_lock . * PCI: hv: Fix a race condition in hv_irq_unmask that can cause panic . * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev . * PCI: hv: fix a race condition bug in hv_pci_query_relations . * PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 . * PCI: tegra: Fix OF node reference leak . * PCI: xgene-msi: Fix race in installing chained irq handler . * PM: hibernate: flush swap writer after marking . * README.BRANCH: Adding myself to the maintainer list * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" . * Revert "arm64: dts: juno: add dma-ranges property" * Revert "mei: me: enable asynchronous probing" . * SUNRPC: Fix a server shutdown leak . * applicom: Fix PCI device refcount leak in applicom_init . * arm64/alternatives: do not patch up internal branches * arm64/alternatives: move length validation inside the subsection * arm64/alternatives: use subsections for replacement sequences * arm64/cpufeature: Fix field sign for DIT hwcap detection * arm64/mm: fix variable "pud" set but not used * arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE * arm64/vdso: Discard .note.gnu.property sections in vDSO * arm64: Discard .note.GNU-stack section . * arm64: Do not forget syscall when starting a new thread. * arm64: Fix compiler warning from pte_unmap with * arm64: Mark __stack_chk_guard as __ro_after_init * arm64: Use test_tsk_thread_flag for checking TIF_SINGLESTEP * arm64: cmpxchg_double*: hazard against entire exchange variable * arm64: cpu_ops: fix a leaked reference by adding missing of_node_put * arm64: fix oops in concurrently setting insn_emulation sysctls * arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region * arm64: kprobe: make page to RO mode when allocate it * arm64: kpti: ensure patched kernel text is fetched from PoU * arm64: psci: Avoid printing in cpu_psci_cpu_die * arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill * arm64: unwind: Prohibit probing on return_address * crypto: arm64 - Fix unused variable compilation warnings of * dt-bindings: reset: meson8b: fix duplicate reset IDs . * ftrace: Fix invalid address access in lookup_rec when index is 0 . * ima: Fix function name error in comment . * ipv4: route: fix inet_rtm_getroute induced crash . * kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address region . * kfifo: fix ternary sign extension bugs . * kgdb: Drop malformed kernel doc comment . * net: usb: lan78xx: Limit packet length to skb- greater than len . * net: usb: qmi_wwan: Adding support for Cinterion MV31 . * net: usb: smsc75xx: Limit packet length to skb- greater than len . * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull . * net: usb: smsc95xx: Limit packet length to skb- greater than len . * powerpc/btext: add missing of_node_put . * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE . * powerpc/pseries/lpar: add missing RTAS retry status handling . * powerpc/pseries/lparcfg: add missing RTAS retry status handling . * powerpc/rtas: ensure 4KB alignment for rtas_data_buf . * powerpc/xics: fix refcount leak in icp_opal_init . * ppc64le: HWPOISON_INJECT=m . * ring-buffer: remove obsolete comment for free_buffer_page . * s390/vfio-ap: fix memory leak in vfio_ap device driver . * sbitmap: Avoid lockups when waker gets preempted . * scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE . * scsi: qla2xxx: Synchronize the IOCB count to be in order . * timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze . * timers: Clear timer_base::must_forward_clk with * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr . * tracing: Add NULL checks for buffer in ring_buffer_free_read_page . * usb: chipidea: fix deadlock in ci_otg_del_timer . * usb: dwc3: exynos: Fix remove function . * usb: dwc3: gadget: Stop processing more requests on IMI . * usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 . * usb: typec: altmodes/displayport: Fix probe pin assign check . * x86/PCI: Fix PCI IRQ routing table memory leak . * x86/apic: Add name to irq chip . * x86/apic: Deinline x2apic functions . * x86/atomic: Fix smp_mb__{before,after}_atomic . * x86/build: Add "set -e" to mkcapflags.sh to delete broken capflags.c . * x86/ia32: Fix ia32_restore_sigcontext AC leak . * x86/ioapic: Force affinity setup before startup . * x86/irq/64: Limit IST stack overflow check to #DB stack . * x86/mm: Remove in_nmi warning from 64-bit implementation of vmalloc_fault . * x86/paravirt: Fix callee-saved function ELF sizes . * x86/power: Fix "nosmt" vs hibernation triple fault during resume . * x86/stacktrace: Prevent infinite loop in arch_stack_walk_user . * x86/uaccess, signal: Fix AC=1 bloat . * x86/x2apic: Mark set_x2apic_phys_mode as __init . * x86/xen: Fix memory leak in xen_init_lock_cpu . * x86/xen: Fix memory leak in xen_smp_intr_init{_pv} . * xen-netfront: Fix NULL sring after live migration . * xen-netfront: Fix mismatched rtnl_unlock . * xen-netfront: Fix race between device setup and open . * xen-netfront: Update features after registering netdev . * xen-netfront: enable device after manual module load . * xen-netfront: fix potential deadlock in xennet_remove . * xen-netfront: wait xenbus state change when load module manually . * xen/netfront: fix waiting for xenbus state change . * xen/netfront: stop tx queues during live migration . * xen/platform-pci: add missing free_irq in error path . ## Special Instructions and Notes: * Please reboot the system after installing this update.