The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre vulnerability in prlimit . * CVE-2022-3566: Fixed race condition in the TCP Handler . * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops . * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected . * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free . * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call . * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event . * CVE-2023-0590: Fixed race condition in qdisc_graft . * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity, that could cause memory corruption . * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head . * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim in media/rc . * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system . * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies . * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit . * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak . * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot . * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system . * CVE-2023-1989: Fixed a use after free in btsdio_remove . * CVE-2023-1990: Fixed a use after free in ndlc_remove . * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress . * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation . * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create . * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver . * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler . * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion . * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem . * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c . * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c . * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c . * CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove . * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver . * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect . * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class because lmax can exceed QFQ_MIN_LMAX . * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback . * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font . * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept was also allowed for a successfully connected AF_NETROM socket . * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c . The following non-security bugs were fixed: * Do not sign the vanilla kernel . * Drop dvb-core fix patch due to regression . * Revert CVE-2018-20784 due to regression . * binfmt_elf: Take the mmap lock when walking the VMA list . * bluetooth: Fix double free in hci_conn_cleanup . * bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work . * btrfs: fix race between quota disable and quota assign ioctls . * do not fallthrough in cbq_classify and stop on TC_ACT_SHOT . * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h . * ext4: fix use-after-free in ext4_xattr_set_entry . * fbcon: Check font dimension limits . * firewire: fix potential uaf in outbound_phy_packet_callback . * fix a mistake in the CVE-2023-0590 / bsc#1207795 backport * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer . * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames . * ipvlan:Fix out-of-bounds caused by unclear skb- greater than;cb . * kernel/sys.c: fix potential Spectre v1 issue . * kvm: initialize all of the kvm_debugregs structure before sending it to userspace . * media: dm1105: Fix use after free bug in dm1105_remove due to race condition . * media: dvb-core: Fix use-after-free due on race condition at dvb_net . * media: dvb-core: Fix use-after-free due to race at dvb_register_device . * media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 . * media: dvb-core: Fix use-after-free on race condition at dvb_frontend . * media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer . * media: dvb_frontend: kABI workaround . * media: dvb_net: kABI workaround . * media: dvbdev: fix error logic at dvb_register_device . * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim . * media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb . * memstick: r592: Fix UAF bug in r592_remove due to race condition . * net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg . * netfilter: nf_tables: fix null deref due to zeroed list head . * netrom: Fix use-after-free caused by accept on already connected socket . * nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition . * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition . * prlimit: do_prlimit needs to have a speculation check . * sched/rt: pick_next_rt_entity: check list_entry . * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress . * seq_buf: Fix overflow in seq_buf_putmem_hex . * tcp: Fix data races around icsk- greater than;icsk_af_ops . * tipc: fix NULL deref in tipc_link_xmit . * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies . * x86/speculation: Allow enabling STIBP with legacy IBRS . * xfs: verify buffer contents when we skip log replay . * xirc2ps_cs: Fix use after free bug in xirc2ps_detach . ## Special Instructions and Notes: * Please reboot the system after installing this update.