The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: A transient execution attack called 'Gather Data Sampling' affecting is mitigated, together with respective Intel CPU Microcode updates . * CVE-2023-0459: Fixed that copy_from_user on 64-bit versions of the Linux kernel did not implement the __uaccess_begin_nospec allowing a user to bypass the 'access_ok' check which could be used to leak information . * CVE-2023-20569: A side channel attack known as 'Inception' or 'RAS Poisoning' may allow an attacker to influence branch prediction, potentially leading to information disclosure. * CVE-2023-3567: A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen. This flaw allowed an attacker with local user access to cause a system crash or leak internal kernel information . * CVE-2023-3609: A use-after-free vulnerability was fixed in net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev fails, u32_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use- after-free vulnerability. * CVE-2023-3611: An out-of-bounds write vulnerability was fixed in net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg function in net/sched/sch_qfq.c allowed an out-of- bounds write because lmax is updated according to packet sizes without bounds checks. * CVE-2023-3776: A use-after-free vulnerability was fixed in net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev fails, fw_set_parms will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter. If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use- after-free vulnerability. The following non-security bugs were fixed: * Fix double fget in vhost_net_set_backend . * NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease . * SUNRPC: Fix UAF in svc_tcp_listen_data_ready . * SUNRPC: remove the maximum number of retries in call_bind_status . * block: Fix a source code comment in include/uapi/linux/blkzoned.h . * livepatch: check kzalloc return values . * media: videodev2.h: Fix struct v4l2_input tuner index comment . * net/sched: sch_qfq: refactor parsing of netlink parameters . * net: skip virtio_net_hdr_set_proto if protocol already set . * net: virtio_net_hdr_to_skb: count transport header in UFO . * nfsd: fix double fget bug in __write_ports_addfd . * powerpc/64: Update Speculation_Store_Bypass in /proc/ less than;pid greater than;/status . * powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 . * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * s390/cio: add dev_busid sysfs entry for each subchannel . * s390/cio: check the subchannel validity for dev_busid . * s390/cio: introduce io_subchannel_type . * s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits . * s390/maccess: add no DAT mode to kernel_write . * s390/numa: move initial setup of node_to_cpumask_map . * scsi: qla2xxx: Adjust IOCB resource on qpair create . * scsi: qla2xxx: Array index may go out of bound . * scsi: qla2xxx: Avoid fcport pointer dereference . * scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport . * scsi: qla2xxx: Correct the index of array . * scsi: qla2xxx: Drop useless LIST_HEAD . * scsi: qla2xxx: Fix NULL pointer dereference in target mode . * scsi: qla2xxx: Fix TMF leak through . * scsi: qla2xxx: Fix buffer overrun . * scsi: qla2xxx: Fix command flush during TMF . * scsi: qla2xxx: Fix deletion race condition . * scsi: qla2xxx: Fix end of loop test . * scsi: qla2xxx: Fix erroneous link up failure . * scsi: qla2xxx: Fix error code in qla2x00_start_sp . * scsi: qla2xxx: Fix potential NULL pointer dereference . * scsi: qla2xxx: Fix session hang in gnl . * scsi: qla2xxx: Limit TMF to 8 per function . * scsi: qla2xxx: Pointer may be dereferenced . * scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue . * scsi: qla2xxx: Silence a static checker warning . * scsi: qla2xxx: Turn off noisy message log . * scsi: qla2xxx: Update version to 10.02.08.400-k . * scsi: qla2xxx: Update version to 10.02.08.500-k . * scsi: qla2xxx: fix inconsistent TMF timeout . * svcrdma: Prevent page release when nothing was received . * vfio-ccw: Prevent quiesce function going into an infinite loop . * vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev . * vhost/test: fix build for vhost test . * vhost/vsock: Use kvmalloc/kvfree for larger packets . * vhost/vsock: do not check owner in vhost_vsock_stop while releasing . * vhost/vsock: fix incorrect used length reported to the guest . * vhost/vsock: fix packet delivery order to monitoring devices . * vhost/vsock: split packets to send using multiple buffers . * vhost: Fix the calculation in vhost_overflow . * vhost_net: disable zerocopy by default . * vhost_net: fix OoB on sendmsg failure . * virtio-balloon: fix managed page counts when migrating pages between zones . * virtio-mmio: fix missing put_device when vm_cmdline_parent registration failed . * virtio-net: Keep stop to follow mirror sequence of open . * virtio-pci: Remove wrong address verification in vp_del_vqs . * virtio: Improve vq- greater than;broken access to avoid any compiler optimization . * virtio_net: Fix error handling in virtnet_restore . * virtio_net: bugfix overflow inside xdp_linearize_page . * virtio_net: fix xdp_rxq_info bug after suspend/resume . * virtio_ring: Fix querying of maximum DMA mapping size for virtio device . * vringh: Use wiov- greater than;used to check for read/write desc order . * vringh: fix __vringh_iov when riov and wiov are different . * vsock/virtio: stop workers during the .remove . * vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock . * xen/blkfront: Only check REQ_FUA for writes . ## Special Instructions and Notes: * Please reboot the system after installing this update.