The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity, that could cause memory corruption . * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system . * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication . * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver . * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect . * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback . * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font . * CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in kernel/relay.c . * CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub driver . * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c . * CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c . * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c . * CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c . The following non-security bugs were fixed: * Also include kernel-docs build requirements for ALP * Avoid unsuported tar parameter on SLE12 * Fix missing top level chapter numbers on SLE12 SP5 . * Fix usrmerge error * Generalize kernel-doc build requirements. * Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. * Move setting %%build_html to config.sh * Move setting %%split_optional to config.sh * Move setting %%supported_modules_check to config.sh * Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. * Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore * Remove usrmerge compatibility symlink in buildroot . * Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. * cifs: do not include page data when checking signature . * cifs: fix open leaks in open_cached_dir . * google/gve:fix repeated words in comments . * gve: Adding a new AdminQ command to verify driver . * gve: Cache link_speed value from device . * gve: Fix GFP flags when allocing pages . * gve: Fix error return code in gve_prefill_rx_pages . * gve: Fix spelling mistake "droping" - greater than "dropping" . * gve: Handle alternate miss completions . * gve: Reduce alloc and copy costs in the GQ rx path . * gve: Remove the code of clearing PBA bit . * gve: Secure enough bytes in the first TX desc for all TCP pkts . * gve: enhance no queue page list detection . * kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi * kernel-binary: install expoline.o * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly . rpm only supports full length release, no provides * rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Add Provides of kernel-preempt For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. * rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides * rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error * usrmerge: Compatibility with earlier rpm * x86/build: Avoid relocation information in final vmlinux . ## Special Instructions and Notes: * Please reboot the system after installing this update.