The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
CVE-2023-3567: Fixed a use-after-free in vcsread in drivers/tty/vt/vcscreen.c (bsc#1213167).
CVE-2023-0459: Fixed information leak in _uaccessbegin_nospec (bsc#1211738).
CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplusputsuper in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
The following non-security bugs were fixed:
Get module prefix from kmod (bsc#1212835).
USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).