The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% . * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio . * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation . * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation . * CVE-2020-36766: Fixed a potential information leak in in the CEC driver . * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system . * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service . * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread . The following non-security bugs were fixed: * 9p/trans_virtio: Remove sysfs file on probe failure . * arm64: insn: Fix ldadd instruction encoding * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step * blk-mq: Add blk_mq_delay_run_hw_queues API call . * blk-mq: In blk_mq_dispatch_rq_list "no budget" is a reason to kick . * blk-mq: Rerun dispatching in the case of budget contention . * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC . gcc7 on SLE 15 does not support this while later gcc does. * direct-io: allow direct writes to empty inodes . * Drivers: hv: vmbus: Do not dereference ACPI root object handle . * drm/ast: Fix DRAM init on AST2200 * drm/client: Fix memory leak in drm_client_target_cloned Backporting changes: * move changes to drm_fb_helper.c * context changes * drm/client: Send hotplug event after registering a client Backporting changes: * send hotplug event from drm_client_add * remove drm_dbg_kms * drm/virtio: Fix GEM handle creation UAF . * drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes . * ext4: avoid deadlock in fs reclaim with page writeback . * ext4: correct inline offset when handling xattrs in inode body . * ext4: fix wrong unit use in ext4_mb_clear_bb . * ext4: set goal start correctly in ext4_mb_normalize_request . * fbcon: Fix null-ptr-deref in soft_cursor * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe * fbdev: imxfb: warn about invalid left/right margin * fbdev: modedb: Add 1920x1080 at 60 Hz video mode * fbdev: omapfb: lcd_mipid: Fix an error handling path in * firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe . * firmware: raspberrypi: Introduce devm_rpi_firmware_get . * firmware: raspberrypi: Keep count of all consumers . * fs: avoid softlockups in s_inodes iterators . * fuse: nlookup missing decrement in fuse_direntplus_link . * hv_utils: Fix passing zero to "PTR_ERR" warning . * idr: fix param name in idr_alloc_cyclic doc . * Input: psmouse - fix OOB access in Elantech protocol . * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe . * Input: xpad - add constants for GIP interface numbers . * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry . * jbd2: check "jh-greater than b_transaction" before removing it from checkpoint . * jbd2: fix a race when checking checkpoint buffer busy . * jbd2: fix checkpoint cleanup performance regression . * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint . * jbd2: recheck chechpointing non-dirty buffer . * jbd2: remove t_checkpoint_io_list . * jbd2: remove unused function "__cp_buffer_busy" . * jbd2: restore t_checkpoint_io_list to maintain kABI . * jbd2: simplify journal_clean_one_cp_list . * KVM: s390: vsie: Fix the initialization of the epoch extension field . * KVM: s390: vsie: fix the length of APCB bitmap . * media: b2c2: Add missing check in flexcop_pci_isr: . * media: cec-notifier: clear cec_adap in cec_notifier_unregister . * media: cec: copy sequence field for the reply . * media: cec: integrate cec_validate_phys_addr in cec-api.c . * media: cec: make cec_get_edid_spa_location an inline function . * media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init . * media: mceusb: return without resubmitting URB in case of -EPROTO error . * media: s5p_cec: decrement usage count if disabled . * media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds . * mkspec: Allow unsupported KMPs * net: accept UFOv6 packages in virtio_net_hdr_to_skb . * net: check if protocol extracted by virtio_net_hdr_set_proto is correct . * net: do not allow gso_size to be set to GSO_BY_FRAGS . * net: ensure mac header is set in virtio_net_hdr_to_skb . * net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-greater than dev is null . * net: usb: qmi_wwan: add Quectel EM05GV2 . * net: virtio_vsock: Enhance connection semantics . * net/mlx5: Fix size field in bufferx_reg struct . * NFS/pNFS: Report EINVAL errors from connect to the server . * NFSD: fix change_info in NFSv4 RENAME replies . * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info . * powerpc/64s/exception: machine check use correct cfar for late handler . * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses . * powerpc/xics: Remove unnecessary endian conversion . * quota: fix warning in dqgrab . * quota: Properly disable quotas when add_dquot_ref fails . * remoteproc: Add missing "\n" in log messages . * remoteproc: Fix NULL pointer dereference in rproc_virtio_notify . * s390: add z16 elf platform . * s390/dasd: fix hanging device after request requeue . * s390/zcrypt: do not leak memory if dev_set_name fails . * scsi: qla2xxx: Fix NULL vs IS_ERR bug for debugfs_create_dir . * scsi: qla2xxx: Use raw_smp_processor_id instead of smp_processor_id . * scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN . * tools/virtio: fix the vringh test for virtio ring changes . * tracing: Reverse the order of trace_types_lock and event_mutex . * udf: Fix extension of the last extent in the file . * udf: Fix file corruption when appending just after end of preallocated extent . * udf: Fix off-by-one error when discarding preallocation . * udf: Fix uninitialized array access for some pathnames . * usb: serial: option: add FOXCONN T99W368/T99W373 product . * usb: serial: option: add Quectel EM05G variant . * usb: typec: altmodes/displayport: Add pin assignment helper . * usb: typec: altmodes/displayport: Fix pin assignment calculation . * vhost_net: fix ubuf refcount incorrectly when sendmsg fails . * vhost: Do not call access_ok when using IOTLB . * vhost: fix range used in translate_desc . * vhost: Fix vhost_vq_reset . * vhost: introduce helpers to get the size of metadata area . * vhost: missing __user tags . * vhost: Use vhost_get_used_size in vhost_vring_set_addr . * vhost: vsock: kick send_pkt worker once device is started . * vhost/net: Clear the pending messages when the backend is removed . * vhost/test: stop device before reset . * vhost/vsock: Fix error handling in vhost_vsock_init . * virtio_balloon: prevent pfn array overflow . * virtio_mmio: Add missing PM calls to freeze/restore . * virtio_mmio: Restore guest page size on resume . * virtio_net: add checking sq is full inside xdp xmit . * virtio_net: fix memory leak inside XPD_TX with mergeable . * virtio_net: Fix probe failed when modprobe virtio_net . * virtio_net: Remove BUG to avoid machine dead . * virtio_net: reorder some funcs . * virtio_net: separate the logic of checking whether sq is full . * virtio_net: suppress cpu stall when free_unused_bufs . * virtio_pci_modern: Fix the comment of virtio_pci_find_capability . * virtio_pci: Support surprise removal of virtio pci device . * virtio_ring: Avoid loop when vq is broken in virtqueue_poll . * virtio-gpu: fix a missing check to avoid NULL dereference . * virtio-gpu: fix possible memory allocation failure . * virtio-net: execute xdp_do_flush before napi_complete_done . * virtio-net: fix race between ndo_open and virtio_device_ready . * virtio-net: fix race between set queues and probe . * virtio-net: fix the race between refill work and close . * virtio-net: set queues after driver_ok . * virtio-rng: make device ready before making request . * virtio: acknowledge all features before access . * vringh: Fix loop descriptors check in the indirect cases . * VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST . * vsock/virtio: avoid potential deadlock when vsock device remove . * vsock/virtio: enable VQs early on probe . * vsock/virtio: free queued packets when closing socket . * vsock/virtio: update credit only if socket is not closed . * word-at-a-time: use the same return type for has_zero regardless of endianness . * x86/hyperv: Fix NULL deref in set_hv_tscchange_cb if Hyper-V setup fails . * x86/srso: Do not probe microcode in a guest . * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off . * x86/srso: Fix srso_show_state side effect . * x86/srso: Set CPUID feature bits independently of bug or mitigation status . * xen: remove a confusing comment on auto-translated guest I/O . ## Special Instructions and Notes: * Please reboot the system after installing this update.