File _patchinfo of Package patchinfo.28184

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.28184

<patchinfo incident="28184">
  <issue id="1186449" tracker="bnc">acpi-cpufreq: Skip initializtion if a cpufreq driver exists</issue>
  <issue id="1195175" tracker="bnc">L3-Question: VM Fails to Initialize CX4 VF due to Mem Fragmentation</issue>
  <issue id="1198438" tracker="bnc">qla2xxx doesn't report SAN device changes to the upper SCSI layers</issue>
  <issue id="1203331" tracker="bnc">VUL-0: CVE-2022-38096: kernel: NULL pointer dereference found in vmwgfx driver</issue>
  <issue id="1203332" tracker="bnc">VUL-0: CVE-2022-36280: kernel: out-of-bounds memory access vulnerability found in vmwgfx driver</issue>
  <issue id="1204356" tracker="bnc">udev device scanning slow in Xen - processing SEQNUM=* is taking a long time</issue>
  <issue id="1204662" tracker="bnc">[15SP5][XEN] Entry into maintenance mode after boot up 15SP5 XEN kernel for AMD Zen3 test machine</issue>
  <issue id="1206103" tracker="bnc">L3: scsi tape Error 18 (driver bt 0x0, host bt 0x0)</issue>
  <issue id="1206351" tracker="bnc">Partner-L3: Crash in scsi-midlayer in abort and device reset escalation path This issue is seen in SLES 15 SP3, but not in SLES 15 SP4.</issue>
  <issue id="1207051" tracker="bnc">Vul-0: CVE-2023-23559: kernel-source,kernel-rt,kernel-azure: Integer overflow in rndis_wlan that leads to a buffer overflow</issue>
  <issue id="1207575" tracker="bnc">SLES 15 SP3 - s390/kexec: fix ipl report address for kdump</issue>
  <issue id="1207773" tracker="bnc">VUL-0: CVE-2023-0045: kernel: missing Flush IBP in ib_prctl_set</issue>
  <issue id="1207795" tracker="bnc">VUL-0: CVE-2023-0590: kernel: use-after-free due to race condition in qdisc_graft()</issue>
  <issue id="1207845" tracker="bnc">VUL-0: CVE-2023-0597: kernel: x86/mm: Randomize per-cpu entry area</issue>
  <issue id="1207875" tracker="bnc">[Azure][MANA][IRQ] Fix IRQ Name - Add PCI And Queue Number</issue>
  <issue id="1208023" tracker="bnc">ISST-LTE:[P10 Denali]:[32TB/232c] PVM: SLES15.3:c565slestest: LPAR crashed during Memory DLPAR operation + stress-ng test-run.</issue>
  <issue id="1208153" tracker="bnc">[MSFT][MANA][NET][Patch][SLES15] Fix accessing freed irq affinity_hint</issue>
  <issue id="1208212" tracker="bnc">vmxnet3: update to latest ToT</issue>
  <issue id="1208700" tracker="bnc">VUL-0: CVE-2023-26545: kernel-source-rt,kernel-source,kernel-source-azure: double free in net/mpls/af_mpls.c upon an allocation failure</issue>
  <issue id="1208741" tracker="bnc">VUL-0: CVE-2023-22995: kernel-source-azure,kernel-source-rt,kernel-source: error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls</issue>
  <issue id="1208776" tracker="bnc">VUL-0: CVE-2023-22998: kernel-source,kernel-source-azure,kernel-source-rt: dereference of error pointer in virtio_gpu_object_shmem_init()</issue>
  <issue id="1208816" tracker="bnc">VUL-0: CVE-2023-23000: kernel: drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value</issue>
  <issue id="1208837" tracker="bnc">VUL-0: CVE-2023-1118: kernel-source,kernel-source-azure,kernel-source-rt: UAF drivers/media/rc directory</issue>
  <issue id="1208845" tracker="bnc">VUL-0: CVE-2023-23006: kernel-source-rt,kernel-source,kernel-source-azure: drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value</issue>
  <issue id="1208971" tracker="bnc">VUL-0: CVE-2023-1195: kernel-source,kernel-source-azure,kernel-source-rt: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c</issue>
  <issue id="2023-1118" tracker="cve" />
  <issue id="2023-23000" tracker="cve" />
  <issue id="2023-22998" tracker="cve" />
  <issue id="2023-23006" tracker="cve" />
  <issue id="2023-22995" tracker="cve" />
  <issue id="2023-26545" tracker="cve" />
  <issue id="2023-0597" tracker="cve" />
  <issue id="2023-23559" tracker="cve" />
  <issue id="2022-38096" tracker="cve" />
  <issue id="2022-36280" tracker="cve" />
  <issue id="2023-0045" tracker="cve" />
  <issue id="2023-0590" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>alix82</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of  per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).

The following non-security bugs were fixed:

- cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that.
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- update suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.28184

Places