CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
CVE-2023-0459: Fixed information leak in _uaccessbegin_nospec (bsc#1211738).
CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplusputsuper in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAPNETADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
CVE-2023-31248: Fixed an use-after-free vulnerability in nftchainlookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nftablesapi.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
CVE-2023-3567: Fixed a use-after-free in vcsread in drivers/tty/vt/vcscreen.c (bsc#1213167).
CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
arm: cpu: switch to archcpufinalize_init() (bsc#1206418).
get module prefix from kmod (bsc#1212835).
remove more packaging cruft for sle < 12 sp3
block, bfq: fix division by zero error on zero wsum (bsc#1213653).
init, x86: move memencryptinit() into archcpufinalize_init() (bsc#1206418).