The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity, that could cause memory corruption . * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device . * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system . * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM . * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication . * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver . * CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c . * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect . * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback . * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font . * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in kernel/relay.c . * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub driver . * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c . The following non-security bugs were fixed: * Also include kernel-docs build requirements for ALP * Avoid unsuported tar parameter on SLE12 * CDC-NCM: avoid overflow in sanity checking . * CIFS: Spelling s/EACCESS/EACCES/ . * Decrease the number of SMB3 smbdirect client SGEs . * Fix formatting of client smbdirect RDMA logging . * Fix missing top level chapter numbers on SLE12 SP5 . * Generalize kernel-doc build requirements. * Handle variable number of SGEs in client smbdirect send . * Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. * Move setting %%build_html to config.sh * Move setting %%split_optional to config.sh * Move setting %%supported_modules_check to config.sh * Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. * PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error . * PCI/MSI: Destroy sysfs before freeing entries . * PCI/MSI: Fix pci_irq_vector/pci_irq_get_affinity . * PCI/MSI: Mask MSI-X vectors only on success . * PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros . * PCI: aardvark: Clear all MSIs at setup . * PCI: aardvark: Do not clear status bits of masked interrupts . * PCI: aardvark: Do not unmask unused interrupts . * PCI: aardvark: Fix return value of MSI domain .alloc method . * PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG . * PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros . * PCI: pciehp: Clear cmd_busy bit in polling mode . * PCI: pciehp: Fix infinite loop in IRQ handler upon power fault . * README.BRANCH: Add Miroslav Franc as a co-maintainer * Reduce client smbdirect max receive segment size . * Squashfs: fix handling and sanity checking of xattr_ids count . * Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. * USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM . * USB: core: hub: disable autosuspend for TI TUSB8041 . * USB: hub: Fix the broken detection of USB3 device in SMSC hub . * USB: idmouse: fix an uninit-value in idmouse_open . * USB: serial: option: add Quectel EM05-G modem . * USB: serial: qcserial: add new usb-id for Dell branded EM7455 . * USB: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller. * USB: xhci: rework grace period logic . * affs: initialize fsdata in affs_truncate . * bnx2x: Check if transceiver implements DDM before access . * bnxt_en: Fix mqprio and XDP ring checking logic . * bnxt_en: Fix typo in PCI id to device description string mapping . * bnxt_en: Query default VLAN before VNIC setup on a VF . * bnxt_en: Remove debugfs when pci_register_driver failed . * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips . * bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer . * bnxt_en: reclaim max resources if sriov enable fails . * ceph: fix use-after-free bug for inodes when flushing capsnaps . * cifs: Add helper function to check smb1+ server . * cifs: Convert struct fealist away from 1-element array . * cifs: Fix connections leak when tlink setup failed . * cifs: Fix lost destroy smbd connection when MR allocate failed . * cifs: Fix memory leak when build ntlmssp negotiate blob failed . * cifs: Fix oops due to uncleared server- greater than;smbd_conn in reconnect . * cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc . * cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter . * cifs: Fix smb2_set_path_size . * cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message . * cifs: Fix uninitialized memory read for smb311 posix symlink create . * cifs: Fix uninitialized memory read in smb3_qfs_tcon . * cifs: Fix uninitialized memory reads for oparms.mode . * cifs: Fix use-after-free in rdata- greater than;read_into_pages . * cifs: Fix warning and UAF when destroy the MR list . * cifs: Fix wrong return value checking when GETFLAGS . * cifs: Fix xid leak in cifs_copy_file_range . * cifs: Fix xid leak in cifs_create . * cifs: Fix xid leak in cifs_flock . * cifs: Get rid of unneeded conditional in the smb2_get_aead_req . * cifs: Move the in_send statistic to __smb_send_rqst . * cifs: Remove duplicated include in cifsglob.h . * cifs: Replace zero-length arrays with flexible-array members . * cifs: Use help macro to get the header preamble size . * cifs: Use help macro to get the mid header size . * cifs: Use kstrtobool instead of strtobool . * cifs: add check for returning value of SMB2_close_init . * cifs: add check for returning value of SMB2_set_info_init . * cifs: add missing spinlock around tcon refcount . * cifs: always initialize struct msghdr smb_msg completely . * cifs: avoid re-lookups in dfs_cache_find . * cifs: avoid use of global locks for high contention data . * cifs: destage dirty pages before re-reading them for cache=none . * cifs: do not include page data when checking signature . * cifs: do not send down the destination address to sendmsg for a SOCK_STREAM . * cifs: do not take exclusive lock for updating target hints . * cifs: do not try to use rdma offload on encrypted connections . * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL . * cifs: fix confusing debug message . * cifs: fix double free on failed kerberos auth . * cifs: fix double-fault crash during ntlmssp . * cifs: fix indentation in make menuconfig options . * cifs: fix memory leaks in session setup . * cifs: fix missing display of three mount options . * cifs: fix mount on old smb servers . * cifs: fix oops during encryption . * cifs: fix pcchunk length type in smb2_copychunk_range . * cifs: fix potential deadlock in cache_refresh_path . * cifs: fix potential memory leaks in session setup . * cifs: fix race in assemble_neg_contexts . * cifs: fix return of uninitialized rc in dfs_cache_update_tgthint . * cifs: fix small mempool leak in SMB2_negotiate . * cifs: fix use-after-free caused by invalid pointer 'hostname' . * cifs: fix various whitespace errors in headers . * cifs: get rid of dns resolve worker . * cifs: get rid of unneeded conditional in cifs_get_num_sgs . * cifs: handle cache lookup errors different than -ENOENT . * cifs: ignore ipc reconnect failures during dfs failover . * cifs: introduce cifs_io_parms in smb2_async_writev . * cifs: lease key is uninitialized in smb1 paths . * cifs: lease key is uninitialized in two additional functions when smb1 . * cifs: match even the scope id for ipv6 addresses . * cifs: minor cleanup of some headers . * cifs: misc: fix spelling typo in comment . * cifs: prevent copying past input buffer boundaries . * cifs: prevent data race in cifs_reconnect_tcon . * cifs: prevent data race in smb2_reconnect . * cifs: prevent infinite recursion in CIFSGetDFSRefer . * cifs: print last update time for interface list . * cifs: protect access of TCP_Server_Info::{dstaddr,hostname} . * cifs: remove - greater than;writepage . * cifs: remove duplicate code in __refresh_tcon . * cifs: remove initialization value . * cifs: remove redundant assignment to the variable match . * cifs: remove unneeded 2bytes of padding from smb2 tree connect . * cifs: return ENOENT for DFS lookup_cache_entry . * cifs: return correct error in - greater than;calc_signature . * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too . * cifs: revalidate mapping when doing direct writes . * cifs: sanitize paths in cifs_update_super_prepath . * cifs: secmech: use shash_desc directly, remove sdesc . * cifs: set correct ipc status after initial tree connect . * cifs: set correct tcon status after initial tree connect . * cifs: set resolved ip in sockaddr . * cifs: skip alloc when request has no pages . * cifs: skip extra NULL byte in filenames . * cifs: split out ses and tcon retrieval from mount_get_conns . * cifs: split out smb3_use_rdma_offload helper . * cifs: stop using generic_writepages . * cifs: update Kconfig description . * cifs: update internal module number . * cifs: use ALIGN and round_up macros . * cifs: use stub posix acl handlers . * cifs_atomic_open: fix double-put on late allocation failure . * coda: add error handling for fget . * coda: fix build using bare-metal toolchain . * coda: pass the host file in vma- greater than;vm_file on mmap . * cxgb4: fix a memory leak bug . * dim: initialize all struct fields . * e1000e: Correct NVM checksum verification flow . * e1000e: Disable TSO on i219-LM card to increase speed . * e1000e: Fix TX dispatch condition . * e1000e: Fix possible overflow in LTR decoding . * fs/adfs: super: fix use-after-free bug . * fs/affs: release old buffer head on error path . * fs/hfs/extent.c: fix array out of bounds read of array extent . * fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle . * fs/ufs: avoid potential u32 multiplication overflow . * fs: hfsplus: fix UAF issue in hfsplus_put_super . * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc . * fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock . * fs: sysv: Fix sysv_nblocks returns wrong value . * google/gve:fix repeated words in comments . * gve: Adding a new AdminQ command to verify driver . * gve: Cache link_speed value from device . * gve: Fix GFP flags when allocing pages . * gve: Fix error return code in gve_prefill_rx_pages . * gve: Fix spelling mistake 'droping' - greater than; 'dropping' . * gve: Handle alternate miss completions . * gve: Reduce alloc and copy costs in the GQ rx path . * gve: Remove the code of clearing PBA bit . * gve: Secure enough bytes in the first TX desc for all TCP pkts . * gve: enhance no queue page list detection . * hfs/hfsplus: avoid WARN_ON for sanity check, use proper error handling . * hfs/hfsplus: use WARN_ON for sanity check . * hfs: Fix OOB Write in hfs_asc2mac . * hfs: add lock nesting notation to hfs_find_init . * hfs: add missing clean-up in hfs_fill_super . * hfs: fix BUG on bnode parent update . * hfs: fix OOB Read in __hfs_brec_find . * hfs: fix high memory mapping in hfs_bnode_read . * hfs: fix missing hfs_bnode_get in __hfs_bnode_create . * hfs: fix return value of hfs_get_block . * hfs: prevent btree data loss on ENOSPC . * hfs: update timestamp on truncate . * hfsplus: fix BUG on bnode parent update . * hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount . * hfsplus: fix crash and filesystem corruption when deleting files . * hfsplus: fix return value of hfsplus_get_block . * hfsplus: prevent btree data loss on ENOSPC . * hfsplus: update timestamps on truncate . * igb: Add lock to avoid data race . * igb: Allocate MSI-X vector when testing . * igb: Enable SR-IOV after reinit . * igb: Initialize mailbox message for VF reset . * igb: Make DMA faster when CPU is active on the PCIe link . * igb: fix bit_shift to be in [1..8] range . * igb: fix netpoll exit with traffic . * igb: fix nvm.ops.read error handling . * igb: skip phy status check where unavailable . * igbvf: Regard vf reset nack as success . * igbvf: fix double free in 'igbvf_probe' . * igc: Fix BUG: scheduling while atomic . * igc: Fix infinite loop in release_swfw_sync . * igc: igc_read_phy_reg_gpy: drop premature return . * igc: igc_write_phy_reg_gpy: drop premature return . * intel/igbvf: free irq on the error path in igbvf_request_msix . * ipv4: fix uninit-value in ip_route_output_key_hash_rcu . * ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero . * ixgbe: Allow flow hash to be set via ethtool . * ixgbe: Check DDM existence in transceiver before access . * ixgbe: Enable setting RSS table to default values . * ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb . * ixgbe: ensure IPsec VF less than;- greater than;PF compatibility . * ixgbe: fix bcast packets Rx on VF after promisc removal . * ixgbe: fix pci device refcount leak . * ixgbe: fix unexpected VLAN Rx in promisc mode on VF . * ixgbe: set X550 MDIO speed before talking to PHY . * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter . * kprobes: Do not call BUG_ON if there is a kprobe in use on free list . * kprobes: Do not use local variable when creating debugfs file . * kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler . * kprobes: Fix check for probe enabled in kill_kprobe . * kprobes: Fix error check when reusing optimized probes . * kprobes: Fix optimize_kprobe/unoptimize_kprobe cancellation logic . * kprobes: Fix to check probe enabled before disarm_kprobe_ftrace . * kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list . * kprobes: Fix to protect kick_kprobe_optimizer by kprobe_mutex . * kprobes: Forbid probing on trampoline and BPF code areas . * kprobes: Prohibit probes in gate area . * kprobes: Prohibit probing on BUG and WARN address . * kprobes: Remove pointless BUG_ON from reuse_unused_kprobe . * kprobes: Set unoptimized flag after unoptimizing code . * kprobes: Use synchronize_rcu_tasks for optprobe with CONFIG_PREEMPT=y . * kprobes: do not call disarm_kprobe for disabled kprobes . * kprobes: fix kill kprobe which has been marked as gone . * kretprobe: Avoid re-registration of the same kretprobe earlier . * l2tp: hold reference on tunnels in netlink dumps . * l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file . * l2tp: hold reference on tunnels printed in pppol2tp proc file . * mlx5: count all link events . * net/ethernet/qlogic/qed: force the string buffer NULL-terminated . * net/mlx4: Check retval of mlx4_bitmap_init . * net/mlx4_en: Do not allow aRFS for encapsulated packets . * net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources . * net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure . * net/mlx4_en: Resolve bad operstate value . * net/usb/drivers: Remove useless hrtimer_active check . * net: axienet: Fix race condition causing TX hang . * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize . * net: cdc_ncm: remove set but not used variable "ctx" . * net: cxgb3_main: Fix a resource leak in a error path in "init_one" . * net: dev: Use unsigned integer as an argument to left-shift . * net: fec: fix rare tx timeout . * net: fix warning in af_unix . * net: hisilicon: Fix 'Trying to free already-free IRQ' . * net: ks8851: Dequeue RX packets explicitly . * net: macb: Clean 64b dma addresses if they are not detected . * net: marvell: mvneta: fix DMA debug warning . * net: myri10ge: fix memory leaks . * net: set static variable an initial value in atl2_probe . * net: thunderx: make CFG_DONE message to run through generic send-ack sequence . * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 . * netfilter: x_tables: add and use xt_check_proc_name . * netlabel: If PF_INET6, check sk_buff ip header version . * ocfs2/dlm: do not handle migrate lockres if already in shutdown . * ocfs2: call journal flush to mark journal as empty after journal recovery when mount . * ocfs2: clear dinode links count in case of error . * ocfs2: clear journal dirty flag after shutdown journal . * ocfs2: clear zero in unaligned direct IO . * ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock . * ocfs2: do not clear bh uptodate for block read . * ocfs2: do not put and assigning null to bh allocated outside . * ocfs2: fix BUG when iput after ocfs2_mknod fails . * ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans . * ocfs2: fix a panic problem caused by o2cb_ctl . * ocfs2: fix clusters leak in ocfs2_defrag_extent . * ocfs2: fix deadlock caused by ocfs2_defrag_extent . * ocfs2: fix defrag path triggering jbd2 ASSERT . * ocfs2: fix memory leak in ocfs2_stack_glue_init . * ocfs2: fix non-auto defrag path not working issue . * ocfs2: fix panic due to unrecovered local alloc . * ocfs2: fix potential use after free . * ocfs2: remove set but not used variable "last_hash" . * ocfs2: take inode cluster lock before moving reflinked inode from orphan dir . * ocfs2: wait for recovering done after direct unlock request . * openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS . * powerpc/64s/radix: Fix soft dirty tracking . * powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall . * put quirk_disable_autosuspend into a hole . * qed: Add cleanup in qed_slowpath_start . * qed: RDMA - Fix the hw_ver returned in device attributes . * reiserfs: Add missing calls to reiserfs_security_free . * reiserfs: Add security prefix to xattr name in reiserfs_security_write . * reiserfs: Fix memory leak in reiserfs_parse_options . * reiserfs: add check for invalid 1st journal block . * reiserfs: add check for root_inode in reiserfs_fill_super . * reiserfs: change j_timestamp type to time64_t . * reiserfs: check directory items on read from disk . * reiserfs: only call unlock_new_inode if I_NEW . * reiserfs: prevent NULL pointer dereference in reiserfs_insert_item . * reiserfs: propagate errors from fill_with_dentries properly . * revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' . * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error * s390/ctcm: Fix return type of ctc{mp,}m_tx . * s390/dasd: Use correct lock while counting channel queue length . * s390/dasd: fix hanging blockdevice after request requeue . * s390/dasd: fix no record found for raw_track_access . * s390/kasan: avoid vdso instrumentation . * s390/kprobes: fix current_kprobe never cleared after kprobes reenter . * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler . * s390/lcs: Fix return type of lcs_start_xmit . * s390/netiucv: Fix return type of netiucv_tx . * s390/qdio: fix do_sqbs inline assembly constraint . * s390/smsgiucv: disable SMSG on module unload . * samples/kretprobes: Fix return value if register_kretprobe failed . * sched/core: Use smp_mb in wake_woken_function * sched/fair: Fix util_avg of new tasks for asymmetric systems * scsi: aic94xx: Add missing check for dma_map_single . * scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR . * scsi: core: Improve scsi_vpd_inquiry checks . * scsi: core: Remove the /proc/scsi/${proc_name} directory earlier . * scsi: ipr: Work around fortify-string warning . * scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev . * scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup . * scsi: megaraid: Fix mega_cmd_done CMDID_INT_CMDS . * scsi: megaraid_sas: Fix crash after a double completion . * scsi: megaraid_sas: Fix fw_crash_buffer_show . * scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add . * scsi: mpt3sas: Fix a memory leak . * scsi: scsi_dh_alua: Fix memleak for "qdata" in alua_activate . * scsi: ses: Do not attach if enclosure has no components . * scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses . * scsi: ses: Fix possible desc_ptr out-of-bounds accesses . * scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process . * scsi: ses: Fix slab-out-of-bounds in ses_intf_remove . * scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger . * smb3: fix oops in calculating shash_setkey . * smb3: fix problem remounting a share after shutdown . * smb3: fix temporary data corruption in collapse range . * smb3: fix temporary data corruption in insert range . * smb3: improve SMB3 change notification support . * smb3: must initialize two ACL struct fields to zero . * smb3: rename encryption/decryption TFMs . * squashfs: harden sanity check in squashfs_read_xattr_id_table . * sysv: use BUILD_BUG_ON instead of runtime check . * uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers . * update internal module version number for cifs.ko . * x86/kprobes: Fix __recover_optprobed_insn check optimizing logic . * x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range . * xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems . * xfs: fix rm_offset flag handling in rmap keys . * xhci: Add grace period after xHC start to prevent premature runtime suspend . ## Special Instructions and Notes: * Please reboot the system after installing this update.