SUSE-SU-2023:3329-1

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
• CVE-2023-0459: Fixed information leak in _uaccessbegin_nospec (bsc#1211738).
• CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
• CVE-2023-3567: Fixed a use-after-free in vcsread in drivers/tty/vt/vcscreen.c (bsc#1213167).
• CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
• CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
• CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).

The following non-security bugs were fixed:

• fix double fget() in vhostnetset_backend() (git-fixes).
• nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
• sunrpc: fix uaf in svctcplistendataready() (git-fixes).
• sunrpc: remove the maximum number of retries in callbindstatus (git-fixes).
• update suse/s390-dasd-fix-no-record-found-for-rawtrackaccess (git-fixes bsc#1212266 bsc#1207528).
• update suse/scsi-zfcp-fix-missing-auto-port-scan-and-thus-missing-target-ports (git-fixes bsc#1202670).
• block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
• kabi fix test
• kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
• livepatch: check kzalloc return values (git-fixes).
• media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
• net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
• net: skip virtionethdrsetproto if protocol already set (git-fixes).
• net: virtionethdrtoskb: count transport header in ufo (git-fixes).
• nfsd: fix double fget() bug in _writeports_addfd() (git-fixes).
• powerpc/64: update speculationstorebypass in /proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes).
• powerpc/security: fix speculationstorebypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
• rpm/check-for-config-changes: ignore also riscvisa* and dynamicsigframe they depend on configtoolchainhas*.
• s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526).
• s390/cio: check the subchannel validity for dev_busid (bsc#1207526).
• s390/cio: introduce iosubchanneltype (bsc#1207526).
• s390/cpum_sf: adjust sampling interval to avoid hitting sample limits (git-fixes bsc#1213827).
• s390/maccess: add no dat mode to kernel_write (git-fixes bsc#1213825).
• s390/numa: move initial setup of nodetocpumask_map (git-fixes bsc#1213766).
• scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
• scsi: qla2xxx: array index may go out of bound (bsc#1213747).
• scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
• scsi: qla2xxx: check valid rport returned by fcbsgto_rport() (bsc#1213747).
• scsi: qla2xxx: correct the index of array (bsc#1213747).
• scsi: qla2xxx: drop useless list_head (bsc#1213747).
• scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
• scsi: qla2xxx: fix tmf leak through (bsc#1213747).
• scsi: qla2xxx: fix buffer overrun (bsc#1213747).
• scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
• scsi: qla2xxx: fix deletion race condition (bsc#1213747).
• scsi: qla2xxx: fix end of loop test (bsc#1213747).
• scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
• scsi: qla2xxx: fix error code in qla2x00startsp() (bsc#1213747).
• scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
• scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
• scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
• scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
• scsi: qla2xxx: remove unused nvmelswaitq wait queue (bsc#1213747).
• scsi: qla2xxx: silence a static checker warning (bsc#1213747).
• scsi: qla2xxx: turn off noisy message log (bsc#1213747).
• scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
• scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
• scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
• svcrdma: prevent page release when nothing was received (git-fixes).
• vfio-ccw: prevent quiesce function going into an infinite loop (git-fixes bsc#1213819).
• vfio-ccw: release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823).
• vhost/test: fix build for vhost test (git-fixes).
• vhost/vsock: use kvmalloc/kvfree for larger packets (git-fixes).
• vhost/vsock: do not check owner in vhostvsockstop() while releasing (git-fixes).
• vhost/vsock: fix incorrect used length reported to the guest (git-fixes).
• vhost/vsock: fix packet delivery order to monitoring devices (git-fixes).
• vhost/vsock: split packets to send using multiple buffers (git-fixes).
• vhost: fix the calculation in vhost_overflow() (git-fixes).
• vhost_net: disable zerocopy by default (git-fixes).
• vhost_net: fix oob on sendmsg() failure (git-fixes).
• virtio-balloon: fix managed page counts when migrating pages between zones (git-fixes).
• virtio-mmio: fix missing putdevice() when vmcmdline_parent registration failed (git-fixes).
• virtio-net: keep stop() to follow mirror sequence of open() (git-fixes).
• virtio-pci: remove wrong address verification in vpdelvqs() (git-fixes).
• virtio: improve vq->broken access to avoid any compiler optimization (git-fixes).
• virtionet: fix error handling in virtnetrestore() (git-fixes).
• virtionet: bugfix overflow inside xdplinearize_page() (git-fixes).
• virtionet: fix xdprxq_info bug after suspend/resume (git-fixes).
• virtio_ring: fix querying of maximum dma mapping size for virtio device (git-fixes).
• vringh: use wiov->used to check for read/write desc order (git-fixes).
• vringh: fix _vringhiov() when riov and wiov are different (git-fixes).
• vsock/virtio: stop workers during the .remove() (git-fixes).
• vsock/virtio: use rcu to avoid use-after-free on thevirtiovsock (git-fixes).
• xen/blkfront: Only check REQ_FUA for writes (git-fixes).