The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% . * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. * CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. * CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler . * CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo . * CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation . * CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service . * CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb . * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread . The following non-security bugs were fixed: * bnx2x: new flag for track HW resource allocation . * locking/rwsem: Disable reader optimistic spinning . * mkspec: Allow unsupported KMPs * scsi: qedf: Add synchronization between I/O completions and abort . * x86/pkeys: Revert a5eff7259790 . * x86/srso: Do not probe microcode in a guest . * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off . * x86/srso: Fix srso_show_state side effect . * x86/srso: Set CPUID feature bits independently of bug or mitigation status . ## Special Instructions and Notes: * Please reboot the system after installing this update.