The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2023-23454: Fixed denial or service in cbqclassify in net/sched/schcbq.c (bnc#1207036).
CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRVCTLIOCTLELEM{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
CVE-2023-0045: Fixed flush IBP in ibprctlset() (bsc#1207773).
CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332).
CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389).
CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395).
The following non-security bugs were fixed:
Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).