SUSE-SU-2023:2808-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2023/suse-su-20232808-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2808-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2023:2808-1

Related

Published

2023-07-11T13:23:32Z

Modified

2023-07-11T13:23:32Z

Summary

Security update for the Linux Kernel

Details

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-1077: Fixed a type confusion in picknextrt_entity(), that could cause memory corruption (bsc#1208600).
CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asuskbdbacklight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
CVE-2023-3111: Fixed a use-after-free vulnerability in preparetorelocate in fs/btrfs/relocation.c (bsc#1212051).
CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outboundphypacket_callback (bsc#1212128).
CVE-2023-3161: Fixed shift-out-of-bounds in fbconsetfont() (bsc#1212154).
CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relayfilereadstartpos in kernel/relay.c (bsc#1212502).
CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).

The following non-security bugs were fixed:

Also include kernel-docs build requirements for ALP
Avoid unsuported tar parameter on SLE12
CDC-NCM: avoid overflow in sanity checking (git-fixes).
CIFS: Spelling s/EACCESS/EACCES/ (bsc#1190317).
Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317).
Fix formatting of client smbdirect RDMA logging (bsc#1190317).
Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
Generalize kernel-doc build requirements.
Handle variable number of SGEs in client smbdirect send (bsc#1190317).
Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
Move setting %%build_html to config.sh
Move setting %%split_optional to config.sh
Move setting %%supportedmodulescheck to config.sh
Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
PCI/MSI: Clear PCIMSIXFLAGS_MASKALL on error (git-fixes).
PCI/MSI: Destroy sysfs before freeing entries (git-fixes).
PCI/MSI: Fix pciirqvector()/pciirqget_affinity() (git-fixes).
PCI/MSI: Mask MSI-X vectors only on success (git-fixes).
PCI: Add PCIEXPDEVCTLPAYLOAD* macros (git-fixes).
PCI: aardvark: Clear all MSIs at setup (git-fixes).
PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
PCI: aardvark: Do not unmask unused interrupts (git-fixes).
PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
PCI: aardvark: Read all 16-bits from PCIEMSIPAYLOAD_REG (git-fixes).
PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (git-fixes).
PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes).
README.BRANCH: Add Miroslav Franc as a co-maintainer
Reduce client smbdirect max receive segment size (bsc#1190317).
Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
USB: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
USB: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes).
USB: idmouse: fix an uninit-value in idmouse_open (git-fixes).
USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
USB: xhci: add XHCISPURIOUSSUCCESS to ASM1042 despite being a V0.96 controller.
USB: xhci: rework grace period logic (git-fixes).
affs: initialize fsdata in affs_truncate() (git-fixes).
bnx2x: Check if transceiver implements DDM before access (git-fixes).
bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes).
bnxt_en: Fix typo in PCI id to device description string mapping (git-fixes).
bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
bnxten: Remove debugfs when pciregister_driver failed (git-fixes).
bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (git-fixes).
bnxten: fix potentially incorrect return value for ndorxflowsteer (git-fixes).
bnxt_en: reclaim max resources if sriov enable fails (git-fixes).
ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212938).
cifs: Add helper function to check smb1+ server (bsc#1190317).
cifs: Convert struct fealist away from 1-element array (bsc#1190317).
cifs: Fix connections leak when tlink setup failed (bsc#1190317).
cifs: Fix lost destroy smbd connection when MR allocate failed (bsc#1190317).
cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1190317).
cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#1190317).
cifs: Fix pages array leak when writedata alloc failed in cifswritedataalloc() (bsc#1190317).
cifs: Fix pages leak when writedata alloc failed in cifswritefrom_iter() (bsc#1190317).
cifs: Fix smb2setpath_size() (bsc#1190317).
cifs: Fix the error length of VALIDATENEGOTIATEINFO message (bsc#1190317).
cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#1190317).
cifs: Fix uninitialized memory read in smb3qfstcon() (bsc#1190317).
cifs: Fix uninitialized memory reads for oparms.mode (bsc#1190317).
cifs: Fix use-after-free in rdata->readintopages() (bsc#1190317).
cifs: Fix warning and UAF when destroy the MR list (bsc#1190317).
cifs: Fix wrong return value checking when GETFLAGS (bsc#1190317).
cifs: Fix xid leak in cifscopyfile_range() (bsc#1190317).
cifs: Fix xid leak in cifs_create() (bsc#1190317).
cifs: Fix xid leak in cifs_flock() (bsc#1190317).
cifs: Get rid of unneeded conditional in the smb2getaead_req() (bsc#1190317).
cifs: Move the insend statistic to _smbsendrqst() (bsc#1190317).
cifs: Remove duplicated include in cifsglob.h (bsc#1190317).
cifs: Replace zero-length arrays with flexible-array members (bsc#1190317).
cifs: Use help macro to get the header preamble size (bsc#1190317).
cifs: Use help macro to get the mid header size (bsc#1190317).
cifs: Use kstrtobool() instead of strtobool() (bsc#1190317).
cifs: add check for returning value of SMB2closeinit (bsc#1190317).
cifs: add check for returning value of SMB2setinfo_init (bsc#1190317).
cifs: add missing spinlock around tcon refcount (bsc#1190317).
cifs: always initialize struct msghdr smb_msg completely (bsc#1190317).
cifs: avoid re-lookups in dfscachefind() (bsc#1190317).
cifs: avoid use of global locks for high contention data (bsc#1190317).
cifs: destage dirty pages before re-reading them for cache=none (bsc#1190317).
cifs: do not include page data when checking signature (bsc#1190317).
cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1190317).
cifs: do not take exclusive lock for updating target hints (bsc#1190317).
cifs: do not try to use rdma offload on encrypted connections (bsc#1190317).
cifs: fix DFS traversal oops without CONFIGCIFSDFS_UPCALL (bsc#1190317).
cifs: fix confusing debug message (bsc#1190317).
cifs: fix double free on failed kerberos auth (bsc#1190317).
cifs: fix double-fault crash during ntlmssp (bsc#1190317).
cifs: fix indentation in make menuconfig options (bsc#1190317).
cifs: fix memory leaks in session setup (bsc#1190317).
cifs: fix missing display of three mount options (bsc#1190317).
cifs: fix mount on old smb servers (bsc#1190317).
cifs: fix oops during encryption (bsc#1190317).
cifs: fix pcchunk length type in smb2copychunkrange (bsc#1190317).
cifs: fix potential deadlock in cacherefreshpath() (bsc#1190317).
cifs: fix potential memory leaks in session setup (bsc#1190317).
cifs: fix race in assemblenegcontexts() (bsc#1190317).
cifs: fix return of uninitialized rc in dfscacheupdate_tgthint() (bsc#1190317).
cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317).
cifs: fix use-after-free caused by invalid pointer hostname (bsc#1190317).
cifs: fix various whitespace errors in headers (bsc#1190317).
cifs: get rid of dns resolve worker (bsc#1190317).
cifs: get rid of unneeded conditional in cifsgetnum_sgs() (bsc#1190317).
cifs: handle cache lookup errors different than -ENOENT (bsc#1190317).
cifs: ignore ipc reconnect failures during dfs failover (bsc#1190317).
cifs: introduce cifsioparms in smb2asyncwritev() (bsc#1190317).
cifs: lease key is uninitialized in smb1 paths (bsc#1190317).
cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1190317).
cifs: match even the scope id for ipv6 addresses (bsc#1190317).
cifs: minor cleanup of some headers (bsc#1190317).
cifs: misc: fix spelling typo in comment (bsc#1190317).
cifs: prevent copying past input buffer boundaries (bsc#1190317).
cifs: prevent data race in cifsreconnecttcon() (bsc#1190317).
cifs: prevent data race in smb2_reconnect() (bsc#1190317).
cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317).
cifs: print last update time for interface list (bsc#1190317).
cifs: protect access of TCPServerInfo::{dstaddr,hostname} (bsc#1190317).
cifs: remove ->writepage (bsc#1190317).
cifs: remove duplicate code in _refreshtcon() (bsc#1190317).
cifs: remove initialization value (bsc#1190317).
cifs: remove redundant assignment to the variable match (bsc#1190317).
cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1190317).
cifs: return ENOENT for DFS lookupcacheentry() (bsc#1190317).
cifs: return correct error in ->calc_signature() (bsc#1190317).
cifs: reuse cifsmatchipaddr for comparison of dstaddr too (bsc#1190317).
cifs: revalidate mapping when doing direct writes (bsc#1190317).
cifs: sanitize paths in cifsupdatesuper_prepath (bsc#1190317).
cifs: secmech: use shash_desc directly, remove sdesc (bsc#1190317).
cifs: set correct ipc status after initial tree connect (bsc#1190317).
cifs: set correct tcon status after initial tree connect (bsc#1190317).
cifs: set resolved ip in sockaddr (bsc#1190317).
cifs: skip alloc when request has no pages (bsc#1190317).
cifs: skip extra NULL byte in filenames (bsc#1190317).
cifs: split out ses and tcon retrieval from mountgetconns() (bsc#1190317).
cifs: split out smb3userdma_offload() helper (bsc#1190317).
cifs: stop using generic_writepages (bsc#1190317).
cifs: update Kconfig description (bsc#1190317).
cifs: update internal module number (bsc#1190317).
cifs: use ALIGN() and round_up() macros (bsc#1190317).
cifs: use stub posix acl handlers (bsc#1190317).
cifsatomicopen(): fix double-put on late allocation failure (bsc#1190317).
coda: add error handling for fget (git-fixes).
coda: fix build using bare-metal toolchain (git-fixes).
coda: pass the host file in vma->vm_file on mmap (git-fixes).
cxgb4: fix a memory leak bug (git-fixes).
dim: initialize all struct fields (bsc#1174852).
e1000e: Correct NVM checksum verification flow (git-fixes).
e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
e1000e: Fix TX dispatch condition (git-fixes).
e1000e: Fix possible overflow in LTR decoding (git-fixes).
fs/adfs: super: fix use-after-free bug (git-fixes).
fs/affs: release old buffer head on error path (git-fixes).
fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes).
fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlmprintone_mle() (git-fixes).
fs/ufs: avoid potential u32 multiplication overflow (git-fixes).
fs: hfsplus: fix UAF issue in hfsplusputsuper (git-fixes).
fs: ocfs2: fix a possible null-pointer dereference in ocfs2infoscaninodealloc() (git-fixes).
fs: ocfs2: fix a possible null-pointer dereference in ocfs2writeend_nolock() (git-fixes).
fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
google/gve:fix repeated words in comments (bsc#1211519).
gve: Adding a new AdminQ command to verify driver (bsc#1211519).
gve: Cache link_speed value from device (bsc#1211519).
gve: Fix GFP flags when allocing pages (bsc#1211519).
gve: Fix error return code in gveprefillrx_pages() (bsc#1211519).
gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
gve: Handle alternate miss completions (bsc#1211519).
gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
gve: Remove the code of clearing PBA bit (bsc#1211519).
gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
gve: enhance no queue page list detection (bsc#1211519).
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
hfs: add lock nesting notation to hfsfindinit (git-fixes).
hfs: add missing clean-up in hfsfillsuper (git-fixes).
hfs: fix BUG on bnode parent update (git-fixes).
hfs: fix OOB Read in _hfsbrec_find (git-fixes).
hfs: fix high memory mapping in hfsbnoderead (git-fixes).
hfs: fix missing hfsbnodeget() in _hfsbnode_create (git-fixes).
hfs: fix return value of hfsgetblock() (git-fixes).
hfs: prevent btree data loss on ENOSPC (git-fixes).
hfs: update timestamp on truncate() (git-fixes).
hfsplus: fix BUG on bnode parent update (git-fixes).
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
hfsplus: fix crash and filesystem corruption when deleting files (git-fixes).
hfsplus: fix return value of hfsplusgetblock() (git-fixes).
hfsplus: prevent btree data loss on ENOSPC (git-fixes).
hfsplus: update timestamps on truncate() (git-fixes).
igb: Add lock to avoid data race (git-fixes).
igb: Allocate MSI-X vector when testing (git-fixes).
igb: Enable SR-IOV after reinit (git-fixes).
igb: Initialize mailbox message for VF reset (git-fixes).
igb: Make DMA faster when CPU is active on the PCIe link (git-fixes).
igb: fix bit_shift to be in [1..8] range (git-fixes).
igb: fix netpoll exit with traffic (git-fixes).
igb: fix nvm.ops.read() error handling (git-fixes).
igb: skip phy status check where unavailable (git-fixes).
igbvf: Regard vf reset nack as success (git-fixes).
igbvf: fix double free in igbvf_probe (git-fixes).
igc: Fix BUG: scheduling while atomic (git-fixes).
igc: Fix infinite loop in releaseswfwsync (git-fixes).
igc: igcreadphyreggpy: drop premature return (git-fixes).
igc: igcwritephyreggpy: drop premature return (git-fixes).
intel/igbvf: free irq on the error path in igbvfrequestmsix() (git-fixes).
ipv4: fix uninit-value in iprouteoutputkeyhash_rcu() (git-fixes).
ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes).
ixgbe: Allow flow hash to be set via ethtool (git-fixes).
ixgbe: Check DDM existence in transceiver before access (git-fixes).
ixgbe: Enable setting RSS table to default values (git-fixes).
ixgbe: do not reserve excessive XDPPACKETHEADROOM on XSK Rx to skb (git-fixes).
ixgbe: ensure IPsec VF<->PF compatibility (git-fixes).
ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes).
ixgbe: fix pci device refcount leak (git-fixes).
ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
ixgbe: stop resetting SYSTIME in ixgbeptpstart_cyclecounter (git-fixes).
kprobes: Do not call BUG_ON() if there is a kprobe in use on free list (git-fixes).
kprobes: Do not use local variable when creating debugfs file (git-fixes).
kprobes: Fix NULL pointer dereference at kprobeftracehandler (git-fixes).
kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
kprobes: Fix error check when reusing optimized probes (git-fixes).
kprobes: Fix optimizekprobe()/unoptimizekprobe() cancellation logic (git-fixes).
kprobes: Fix to check probe enabled before disarmkprobeftrace() (git-fixes).
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
kprobes: Fix to protect kickkprobeoptimizer() by kprobe_mutex (git-fixes).
kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
kprobes: Prohibit probes in gate area (git-fixes).
kprobes: Prohibit probing on BUG() and WARN() address (git-fixes).
kprobes: Remove pointless BUGON() from reuseunused_kprobe() (git-fixes).
kprobes: Set unoptimized flag after unoptimizing code (git-fixes).
kprobes: Use synchronizercutasks() for optprobe with CONFIG_PREEMPT=y (git-fixes).
kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
kprobes: fix kill kprobe which has been marked as gone (git-fixes).
kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes).
l2tp: hold reference on tunnels in netlink dumps (git-fixes).
l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file (git-fixes).
l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes).
mlx5: count all link events (git-fixes).
net/ethernet/qlogic/qed: force the string buffer NULL-terminated (git-fixes).
net/mlx4: Check retval of mlx4bitmapinit (git-fixes).
net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
net/mlx4en: Fix an use-after-free bug in mlx4entryalloc_resources() (git-fixes).
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
net/mlx4_en: Resolve bad operstate value (git-fixes).
net/usb/drivers: Remove useless hrtimer_active check (git-fixes).
net: axienet: Fix race condition causing TX hang (git-fixes).
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes).
net: cxgb3main: Fix a resource leak in a error path in 'initone()' (git-fixes).
net: dev: Use unsigned integer as an argument to left-shift (git-fixes).
net: fec: fix rare tx timeout (git-fixes).
net: fix warning in af_unix (git-fixes).
net: hisilicon: Fix 'Trying to free already-free IRQ' (git-fixes).
net: ks8851: Dequeue RX packets explicitly (git-fixes).
net: macb: Clean 64b dma addresses if they are not detected (git-fixes).
net: marvell: mvneta: fix DMA debug warning (git-fixes).
net: myri10ge: fix memory leaks (git-fixes).
net: set static variable an initial value in atl2_probe() (git-fixes).
net: thunderx: make CFG_DONE message to run through generic send-ack sequence (git-fixes).
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
netfilter: xtables: add and use xtcheckprocname (git-fixes).
netlabel: If PFINET6, check skbuff ip header version (git-fixes).
ocfs2/dlm: do not handle migrate lockres if already in shutdown (git-fixes).
ocfs2: call journal flush to mark journal as empty after journal recovery when mount (git-fixes).
ocfs2: clear dinode links count in case of error (git-fixes).
ocfs2: clear journal dirty flag after shutdown journal (git-fixes).
ocfs2: clear zero in unaligned direct IO (git-fixes).
ocfs2: dlmfs: fix error handling of userdlmdestroy_lock (git-fixes).
ocfs2: do not clear bh uptodate for block read (git-fixes).
ocfs2: do not put and assigning null to bh allocated outside (git-fixes).
ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes).
ocfs2: fix a NULL pointer dereference when call ocfs2updateinodefsynctrans() (git-fixes).
ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes).
ocfs2: fix clusters leak in ocfs2defragextent() (git-fixes).
ocfs2: fix deadlock caused by ocfs2defragextent() (git-fixes).
ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
ocfs2: fix memory leak in ocfs2stackglue_init() (git-fixes).
ocfs2: fix non-auto defrag path not working issue (git-fixes).
ocfs2: fix panic due to unrecovered local alloc (git-fixes).
ocfs2: fix potential use after free (git-fixes).
ocfs2: remove set but not used variable 'last_hash' (git-fixes).
ocfs2: take inode cluster lock before moving reflinked inode from orphan dir (git-fixes).
ocfs2: wait for recovering done after direct unlock request (git-fixes).
openvswitch: fix linking without CONFIGNFCONNTRACK_LABELS (git-fixes).
powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
powerpc/iommu: Limit number of TCEs to 512 for HSTUFFTCE hcall (bsc#1212701).
put quirkdisableautosuspend into a hole (git-fixes).
qed: Add cleanup in qedslowpathstart() (git-fixes).
qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes).
reiserfs: Add missing calls to reiserfssecurityfree() (git-fixes).
reiserfs: Add security prefix to xattr name in reiserfssecuritywrite() (git-fixes).
reiserfs: Fix memory leak in reiserfsparseoptions() (git-fixes).
reiserfs: add check for invalid 1st journal block (git-fixes).
reiserfs: add check for rootinode in reiserfsfill_super (git-fixes).
reiserfs: change jtimestamp type to time64t (git-fixes).
reiserfs: check directory items on read from disk (git-fixes).
reiserfs: only call unlocknewinode() if I_NEW (git-fixes).
reiserfs: prevent NULL pointer dereference in reiserfsinsertitem() (git-fixes).
reiserfs: propagate errors from fillwithdentries() properly (git-fixes).
revert 'squashfs: harden sanity check in squashfsreadxattridtable' (git-fixes).
rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185).
s390/dasd: Use correct lock while counting channel queue length (LTC#202775 bsc#1212443).
s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1212165).
s390/dasd: fix no record found for rawtrackaccess (git-fixes bsc#1212266).
s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244).
s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1212167).
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1212170).
s390/lcs: Fix return type of lcsstartxmit() (git-fixes bsc#1212173).
s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175).
s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1212164).
s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236).
samples/kretprobes: Fix return value if register_kretprobe() failed (git-fixes).
sched/core: Use smpmb() in wakewoken_function() (git-fixes)
sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes)
scsi: aic94xx: Add missing check for dmamapsingle() (git-fixes).
scsi: core: Add BLISTSKIPVPD_PAGES for SKhynix H28U74301AMR (git-fixes).
scsi: core: Improve scsivpdinquiry() checks (git-fixes).
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
scsi: ipr: Work around fortify-string warning (git-fixes).
scsi: libsas: Remove useless devlist delete in sasexdiscoverend_dev() (git-fixes).
scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup() (git-fixes).
scsi: megaraid: Fix megacmddone() CMDIDINTCMDS (git-fixes).
scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
scsi: megaraidsas: Fix fwcrashbuffershow() (git-fixes).
scsi: mpt3sas: Fix NULL pointer access in mpt3sastransportport_add() (git-fixes).
scsi: mpt3sas: Fix a memory leak (git-fixes).
scsi: scsidhalua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
scsi: ses: Do not attach if enclosure has no components (git-fixes).
scsi: ses: Fix possible addldescptr out-of-bounds accesses (git-fixes).
scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
scsi: ses: Fix slab-out-of-bounds in sesenclosuredata_process() (git-fixes).
scsi: ses: Fix slab-out-of-bounds in sesintfremove() (git-fixes).
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger (git-fixes bsc#1212240).
smb3: fix oops in calculating shash_setkey (bsc#1190317).
smb3: fix problem remounting a share after shutdown (bsc#1190317).
smb3: fix temporary data corruption in collapse range (bsc#1190317).
smb3: fix temporary data corruption in insert range (bsc#1190317).
smb3: improve SMB3 change notification support (bsc#1190317).
smb3: must initialize two ACL struct fields to zero (bsc#1190317).
smb3: rename encryption/decryption TFMs (bsc#1190317).
squashfs: harden sanity check in squashfsreadxattridtable (git-fixes).
sysv: use BUILDBUGON instead of runtime check (git-fixes).
uapi linux/codapsdev.h: move upcreq definition from uapi to kernel side headers (git-fixes).
update internal module version number for cifs.ko (bsc#1190317).
x86/kprobes: Fix _recoveroptprobed_insn check optimizing logic (git-fixes).
x86/kprobes: Fix archcheckoptimizedkprobe check within optimizedkprobe range (git-fixes).
xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (git-fixes).
xfs: fix rm_offset flag handling in rmap keys (git-fixes).
xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name: kernel-azure
Purl: purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-16.139.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.139.1",
            "kernel-azure-devel": "4.12.14-16.139.1",
            "kernel-devel-azure": "4.12.14-16.139.1",
            "kernel-syms-azure": "4.12.14-16.139.1",
            "kernel-azure-base": "4.12.14-16.139.1",
            "kernel-source-azure": "4.12.14-16.139.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name: kernel-source-azure
Purl: purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-16.139.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.139.1",
            "kernel-azure-devel": "4.12.14-16.139.1",
            "kernel-devel-azure": "4.12.14-16.139.1",
            "kernel-syms-azure": "4.12.14-16.139.1",
            "kernel-azure-base": "4.12.14-16.139.1",
            "kernel-source-azure": "4.12.14-16.139.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name: kernel-syms-azure
Purl: purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-16.139.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.139.1",
            "kernel-azure-devel": "4.12.14-16.139.1",
            "kernel-devel-azure": "4.12.14-16.139.1",
            "kernel-syms-azure": "4.12.14-16.139.1",
            "kernel-azure-base": "4.12.14-16.139.1",
            "kernel-source-azure": "4.12.14-16.139.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name: kernel-azure
Purl: purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-16.139.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.139.1",
            "kernel-azure-devel": "4.12.14-16.139.1",
            "kernel-devel-azure": "4.12.14-16.139.1",
            "kernel-syms-azure": "4.12.14-16.139.1",
            "kernel-azure-base": "4.12.14-16.139.1",
            "kernel-source-azure": "4.12.14-16.139.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name: kernel-source-azure
Purl: purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-16.139.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.139.1",
            "kernel-azure-devel": "4.12.14-16.139.1",
            "kernel-devel-azure": "4.12.14-16.139.1",
            "kernel-syms-azure": "4.12.14-16.139.1",
            "kernel-azure-base": "4.12.14-16.139.1",
            "kernel-source-azure": "4.12.14-16.139.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name: kernel-syms-azure
Purl: purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-16.139.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.139.1",
            "kernel-azure-devel": "4.12.14-16.139.1",
            "kernel-devel-azure": "4.12.14-16.139.1",
            "kernel-syms-azure": "4.12.14-16.139.1",
            "kernel-azure-base": "4.12.14-16.139.1",
            "kernel-source-azure": "4.12.14-16.139.1"
        }
    ]
}