The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization . An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system . * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges . * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% . * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio . * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation . * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation . * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system . * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service . * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system . * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread . The following non-security bugs were fixed: * ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs . * ALSA: hda/realtek: Splitting the UX3402 into two separate models . * ARM: pxa: remove use of symbol_get . * arm64: csum: Fix OoB access in IP checksum code for negative lengths . * arm64: module-plts: inline linux/moduleloader.h * arm64: module: Use module_init_layout_section to spot init sections * arm64: sdei: abort running SDEI handlers during crash * arm64: tegra: Update AHUB clock parent and rate * arm64/fpsimd: Only provide the length to cpufeature for xCR registers * arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing . * ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG . * ASoC: hdaudio.c: Add missing check for devm_kstrdup . * ASoC: imx-audmix: Fix return error with devm_clk_get . * ASoC: meson: spdifin: start hw on dai probe . * ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode . * ASoC: rt5640: Fix sleep in atomic context . * ASoC: rt5640: Revert "Fix sleep in atomic context" . * ASoC: soc-utils: Export snd_soc_dai_is_dummy symbol . * ASoC: SOF: core: Only call sof_ops_free on remove if the probe was successful . * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates . * ata: libata: disallow dev-initiated LPM transitions to unsupported states . * ata: pata_falcon: fix IO base selection for Q40 . * ata: pata_ftide010: Add missing MODULE_DESCRIPTION . * ata: sata_gemini: Add missing MODULE_DESCRIPTION . * backlight: gpio_backlight: Drop output GPIO direction check for initial power state . * blk-iocost: fix divide by 0 error in calc_lcoefs . * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost . * block/mq-deadline: use correct way to throttling write requests . * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition . * bnx2x: new flag for track HW resource allocation . * bpf: Clear the probe_addr for uprobe . * btrfs: do not hold CPU for too long when defragging a file . * clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest . * drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest . * Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor . * Drivers: hv: vmbus: Support greater than 64 VPs for a fully enlightened TDX/SNP VM . * Drivers: hv: vmbus: Support fully enlightened TDX guests . * drm: gm12u320: Fix the timeout usage for usb_bulk_msg . * drm/amd/display: Add smu write msg id fail retry process . * drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma . * drm/amd/display: fix the white screen issue when greater than = 64GB DRAM . * drm/amd/display: prevent potential division by zero errors . * drm/amd/display: register edp_backlight_control for DCN301 . * drm/amd/display: Remove wait while locked . * drm/ast: Add BMC virtual connector Backporting changes: * rename ast_device to ast_private * drm/ast: report connection status on Display Port. Backporting changes: * rename ast_device to ast_private * context changes * drm/display: Do not assume dual mode adaptors support i2c sub-addressing . * drm/i915: mark requests for GuC virtual engines to avoid use-after-free . * drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt . * drm/i915/gvt: Put the page reference obtained by KVM"s gfn_to_pfn . * drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" . * drm/meson: fix memory leak on -greater than hpd_notify callback . * drm/virtio: Correct drm_gem_shmem_get_sg_table error handling . * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb . * ext4: avoid potential data overflow in next_linear_group . * ext4: correct inline offset when handling xattrs in inode body . * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} . * ext4: fix wrong unit use in ext4_mb_clear_bb . * ext4: fix wrong unit use in ext4_mb_new_blocks . * ext4: get block from bh in ext4_free_blocks for fast commit replay . * ext4: reflect error codes from ext4_multi_mount_protect to its callers . * ext4: Remove ext4 locking of moved directory . * ext4: set goal start correctly in ext4_mb_normalize_request . * fs: do not update freeing inode i_io_list . * fs: Establish locking order for unrelated directories . * fs: Lock moved directories . * fs: lockd: avoid possible wrong NULL parameter . * fs: no need to check source . * fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE . * fuse: nlookup missing decrement in fuse_direntplus_link . * gve: Add AF_XDP zero-copy support for GQI-QPL format . * gve: Add XDP DROP and TX support for GQI-QPL format . * gve: Add XDP REDIRECT support for GQI-QPL format . * gve: Changes to add new TX queues . * gve: Control path for DQO-QPL . * gve: fix frag_list chaining . * gve: Fix gve interrupt names . * gve: RX path for DQO-QPL . * gve: trivial spell fix Recive to Receive . * gve: Tx path for DQO-QPL . * gve: Unify duplicate GQ min pkt desc size constants . * gve: use vmalloc_array and vcalloc . * gve: XDP support GQI-QPL: helper function changes . * hwrng: virtio - add an internal buffer . * hwrng: virtio - always add a pending request . * hwrng: virtio - do not wait on cleanup . * hwrng: virtio - do not waste entropy . * hwrng: virtio - Fix race on data_avail and actual data . * i2c: aspeed: Reset the i2c controller when timeout occurs . * i3c: master: svc: fix probe failure when no i3c device exist . * i915/pmu: Move execlist stats initialization to execlist specific setup . * idr: fix param name in idr_alloc_cyclic doc . * Input: tca6416-keypad - fix interrupt enable disbalance . * iommu/virtio: Detach domain on endpoint release . * iommu/virtio: Return size mapped for a detached domain . * jbd2: check "jh-greater than b_transaction" before removing it from checkpoint . * jbd2: correct the end of the journal recovery scan range . * jbd2: fix a race when checking checkpoint buffer busy . * jbd2: fix checkpoint cleanup performance regression . * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint . * jbd2: recheck chechpointing non-dirty buffer . * jbd2: remove journal_clean_one_cp_list . * jbd2: remove t_checkpoint_io_list . * jbd2: restore t_checkpoint_io_list to maintain kABI . * kabi: hide changes in enum ipl_type and struct sclp_info . * kabi/severities: ignore mlx4 internal symbols * kconfig: fix possible buffer overflow . * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * kselftest/runner.sh: Propagate SIGTERM to runner child . * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes . * KVM: s390: interrupt: use READ_ONCE before cmpxchg . * KVM: s390: pv: fix external interruption loop not always detected . * KVM: s390: vsie: Fix the initialization of the epoch extension field . * KVM: s390: vsie: fix the length of APCB bitmap . * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler . * KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK . * KVM: VMX: Fix header file dependency of asm/vmx.h . * KVM: x86: Fix KVM_CAP_SYNC_REGS"s sync_regs TOCTOU issues . * KVM: x86/mmu: Include mmu.h in spte.h . * loop: Fix use-after-free issues . * loop: loop_set_status_from_info check before assignment . * mlx4: Avoid resetting MLX4_INTFF_BONDING per driver . * mlx4: Connect the ethernet part to the auxiliary bus . * mlx4: Connect the infiniband part to the auxiliary bus . * mlx4: Delete custom device management logic . * mlx4: Get rid of the mlx4_interface.activate callback . * mlx4: Get rid of the mlx4_interface.get_dev callback . * mlx4: Move the bond work to the core driver . * mlx4: Register mlx4 devices to an auxiliary virtual bus . * mlx4: Rename member mlx4_en_dev.nb to netdev_nb . * mlx4: Replace the mlx4_interface.event callback with a notifier . * mlx4: Use "void *" as the event param of mlx4_dispatch_event . * module: Expose module_init_layout_section * net: do not allow gso_size to be set to GSO_BY_FRAGS . * net: mana: Add page pool for RX buffers . * net: mana: Configure hwc timeout from hardware . * net: phy: micrel: Correct bit assignments for phy_device flags . * net: usb: qmi_wwan: add Quectel EM05GV2 . * net/mlx4: Remove many unnecessary NULL values . * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN . * NFS/blocklayout: Use the passed in gfp flags . * NFS/pNFS: Report EINVAL errors from connect to the server . * NFSD: da_addr_body field missing in some GETDEVICEINFO replies . * NFSD: fix change_info in NFSv4 RENAME replies . * NFSD: Fix race to FREE_STATEID and cl_revoked . * NFSv4: Fix dropped lock for racing OPEN and delegation return . * NFSv4: fix out path in __nfs4_get_acl_uncached . * NFSv4.2: fix error handling in nfs42_proc_getxattr . * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ . * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info . * ntb: Clean up tx tail index on link down . * ntb: Drop packets when qp link is down . * ntb: Fix calculation ntb_transport_tx_free_entry . * nvme-auth: use chap-greater than s2 to indicate bidirectional authentication . * nvme-tcp: add recovery_delay to sysfs . * nvme-tcp: delay error recovery until the next KATO interval . * nvme-tcp: Do not terminate commands when in RESETTING . * nvme-tcp: make "err_work" a delayed work . * PCI: Free released resource after coalescing . * platform/mellanox: mlxbf-pmc: Fix potential buffer overflows . * platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events . * platform/mellanox: mlxbf-tmfifo: Drop jumbo frames . * platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors . * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop . * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt . * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command . * platform/x86: intel_scu_ipc: Fail IPC send if still busy . * pNFS: Fix assignment of xprtdata.cred . * powerpc/fadump: make is_kdump_kernel return false when fadump is active . * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses . * powerpc/xics: Remove unnecessary endian conversion . * printk: ringbuffer: Fix truncating buffer size min_t cast . * pwm: lpc32xx: Remove handling of PWM channels . * quota: add new helper dquot_active . * quota: factor out dquot_write_dquot . * quota: fix dqput to follow the guarantees dquot_srcu should provide . * quota: fix warning in dqgrab . * quota: Properly disable quotas when add_dquot_ref fails . * quota: rename dquot_active to inode_quota_active . * RDMA/siw: Fabricate a GID on tun and loopback devices * s390/dasd: fix command reject error on ESE devices . * s390/dasd: fix hanging device after request requeue . * s390/ipl: add DEFINE_GENERIC_LOADPARM . * s390/ipl: add eckd dump support . * s390/ipl: add eckd support . * s390/ipl: add loadparm parameter to eckd ipl/reipl data . * s390/ipl: use octal values instead of S_* macros . * s390/qeth: Do not call dev_close/dev_open . * s390/zcrypt: do not leak memory if dev_set_name fails . * scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe . * scsi: 53c700: Check that command slot is not NULL . * scsi: core: Fix legacy /proc parsing buffer overflow . * scsi: core: Fix possible memory leak if device_add fails . * scsi: fnic: Replace return codes in fnic_clean_pending_aborts . * scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE . * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo . * scsi: lpfc: Fix the NULL vs IS_ERR bug for debugfs_create_file . * scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN . * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports . * scsi: lpfc: Remove reftag check in DIF paths . * scsi: qedf: Add synchronization between I/O completions and abort . * scsi: qedf: Fix firmware halt over suspend and resume . * scsi: qedf: Fix NULL dereference in error handling . * scsi: qedi: Fix firmware halt over suspend and resume . * scsi: qla2xxx: Add logs for SFP temperature monitoring . * scsi: qla2xxx: Allow 32-byte CDBs . * scsi: qla2xxx: Error code did not return to upper layer . * scsi: qla2xxx: Fix firmware resource tracking . * scsi: qla2xxx: Fix NULL vs IS_ERR bug for debugfs_create_dir . * scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit . * scsi: qla2xxx: Flush mailbox commands on chip reset . * scsi: qla2xxx: Move resource to allow code reuse . * scsi: qla2xxx: Remove unsupported ql2xenabledif option . * scsi: qla2xxx: Remove unused declarations . * scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs . * scsi: qla2xxx: Update version to 10.02.09.100-k . * scsi: qla2xxx: Use raw_smp_processor_id instead of smp_processor_id . * scsi: scsi_debug: Remove dead code . * scsi: snic: Fix double free in snic_tgt_create . * scsi: snic: Fix possible memory leak if device_add fails . * scsi: storvsc: Handle additional SRB status values . * scsi: zfcp: Fix a double put in zfcp_port_enqueue . * selftests: mlxsw: Fix test failure on Spectrum-4 . * selftests: tracing: Fix to unmount tracefs for recovering environment . * spi: Add TPM HW flow flag * spi: tegra210-quad: Enable TPM wait polling * spi: tegra210-quad: set half duplex flag * SUNRPC: Mark the cred for revalidation if the server rejects it . * tcpm: Avoid soft reset when partner does not support get_status . * tpm_tis_spi: Add hardware wait polling * tracing: Fix race issue between cpu buffer write and swap . * tracing: Remove extra space at the end of hwlat_detector/mode . * tracing: Remove unnecessary copying of tr-greater than current_trace . * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ . * udf: Fix extension of the last extent in the file . * udf: Fix file corruption when appending just after end of preallocated extent . * udf: Fix off-by-one error when discarding preallocation . * udf: Fix uninitialized array access for some pathnames . * Update metadata * uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix . * usb: ehci: add workaround for chipidea PORTSC.PEC bug . * usb: ehci: move new member has_ci_pec_bug into hole . * usb: serial: option: add FOXCONN T99W368/T99W373 product . * usb: serial: option: add Quectel EM05G variant . * usb: typec: tcpci: clear the fault status bit . * usb: typec: tcpci: move tcpci.h to include/linux/usb/ . * vhost_vdpa: fix the crash in unmap a large memory . * vhost-scsi: unbreak any layout for response . * vhost: allow batching hint without size . * vhost: allow batching hint without size . * vhost: fix hung thread due to erroneous iotlb entries . * vhost: handle error while adding split ranges to iotlb . * virtio_net: add checking sq is full inside xdp xmit . * virtio_net: Fix probe failed when modprobe virtio_net . * virtio_net: reorder some funcs . * virtio_net: separate the logic of checking whether sq is full . * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed . * virtio-blk: set req-greater than state to MQ_RQ_COMPLETE after polling I/O is finished . * virtio-mmio: do not break lifecycle of vm_dev . * virtio-net: fix race between set queues and probe . * virtio-net: set queues after driver_ok . * virtio-rng: make device ready before making request . * virtio: acknowledge all features before access . * vmcore: remove dependency with is_kdump_kernel for exporting vmcore . * watchdog: intel-mid_wdt: add MODULE_ALIAS to allow auto-load . * word-at-a-time: use the same return type for has_zero regardless of endianness . * x86/alternative: Fix race in try_get_desc . * x86/boot/e820: Fix typo in e820.c comment . * x86/bugs: Reset speculation control settings on init . * x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V . * x86/coco: Export cc_vendor . * x86/cpu: Add Lunar Lake M . * x86/cpu: Add model number for Intel Arrow Lake processor . * x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate . * x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed . * x86/hyperv: Add hv_isolation_type_tdx to detect TDX guests . * x86/hyperv: Add hv_write_efer for a TDX VM with the paravisor . * x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES . * x86/hyperv: Add missing "inline" to hv_snp_boot_ap stub . * x86/hyperv: Add sev-snp enlightened guest static key * x86/hyperv: Add smp support for SEV-SNP guest . * x86/hyperv: Add VTL specific structs and hypercalls . * x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline . * x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests . * x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV . * x86/hyperv: Introduce a global variable hyperv_paravisor_present . * x86/hyperv: Mark hv_ghcb_terminate as noreturn . * x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest . * x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef"s . * x86/hyperv: Remove hv_isolation_type_en_snp . * x86/hyperv: Set Virtual Trust Level in VMBus init message . * x86/hyperv: Support hypercalls for fully enlightened TDX guests . * x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor . * x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest . * x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL . * x86/ioapic: Do not return 0 from arch_dynirq_lower_bound . * x86/ioremap: Fix page aligned size calculation in __ioremap_caller . * x86/mce: Retrieve poison range from hardware . * x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build . * x86/mm: Avoid incomplete Global INVLPG flushes . * x86/mm: Do not shuffle CPU entry areas without KASLR . * x86/purgatory: remove PGO flags . * x86/PVH: avoid 32-bit build warning when obtaining VGA console info . * x86/reboot: Disable virtualization in an emergency if SVM is supported . * x86/resctl: fix scheduler confusion with "current" . * x86/resctrl: Fix task CLOSID/RMID update race . * x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register . * x86/rtc: Remove __init for runtime functions . * x86/sev: Make enc_dec_hypercall accept a size instead of npages . * x86/sgx: Reduce delay and interference of enclave release . * x86/srso: Do not probe microcode in a guest . * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off . * x86/srso: Fix srso_show_state side effect . * x86/srso: Set CPUID feature bits independently of bug or mitigation status . * x86/virt: Force GIF=1 prior to disabling SVM . * xen: remove a confusing comment on auto-translated guest I/O . * xprtrdma: Remap Receive buffers after a reconnect . ## Special Instructions and Notes: * Please reboot the system after installing this update.