File _patchinfo of Package patchinfo.31728
<patchinfo incident="31728"> <issue id="1084909" tracker="bnc">trackerbug: packages do not build reproducibly from hostname</issue> <issue id="1210780" tracker="bnc">VUL-0: CVE-2023-31083: kernel: drivers/bluetooth/hci_ldisc.c race condition in hci_uart_tty_ioctl</issue> <issue id="1214037" tracker="bnc">[MANA] net: mana: Configure hwc timeout from hardware</issue> <issue id="1214344" tracker="bnc">liburing/defer.t hangs</issue> <issue id="1214764" tracker="bnc">net: mana: Fix MANA VF unload when hardware is unresponsive</issue> <issue id="1215371" tracker="bnc">L3-Question: BTRFS: Transaction aborted -> btrfs_run_delayed_items</issue> <issue id="1216058" tracker="bnc">VUL-0: CVE-2023-45863: kernel: renaming a network device can cause a buffer overflow on the kernel heap, upstream 3bb2a01caa81</issue> <issue id="1216259" tracker="bnc">VUL-0: CVE-2023-45871: kernel: buffer size may not be adequate for frames larger than the MTU</issue> <issue id="1216584" tracker="bnc">VUL-0: CVE-2023-5717: kernel: heap out-of-bounds write vulnerability related to perf_read_group() can be exploited to achieve local privilege escalation</issue> <issue id="1216965" tracker="bnc">VUL-0: CVE-2023-39198: kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()</issue> <issue id="1216976" tracker="bnc">VUL-0: CVE-2023-39197: kernel: DCCP: conntrack out-of-bounds read in nf_conntrack_dccp_packet()</issue> <issue id="1217140" tracker="bnc">Partner-L3: aplay hangs after so many iterations of playing any wav file</issue> <issue id="1217332" tracker="bnc">VUL-0: CVE-2023-6176: kernel-source,kernel-source-azure,kernel-source-rt: local dos vulnerability in scatterwalk_copychunks</issue> <issue id="1217408" tracker="bnc">L3: VFS: file-max limit 2409228 reached - server becomes unresponsive - need core analyzed</issue> <issue id="1217780" tracker="bnc">5e1d824f9a28 powerpc: Don't clobber f0/vs0 during fp|altivec register save</issue> <issue id="2023-39197" tracker="cve" /> <issue id="2023-6176" tracker="cve" /> <issue id="2023-45863" tracker="cve" /> <issue id="2023-45871" tracker="cve" /> <issue id="2023-39198" tracker="cve" /> <issue id="2023-31083" tracker="cve" /> <issue id="2023-5717" tracker="cve" /> <issue id="PED-3184" tracker="jsc" /> <issue id="PED-5021" tracker="jsc" /> <category>security</category> <rating>important</rating> <packager>alix82</packager> <reboot_needed/> <description>The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
