Overview

File _patchinfo of Package patchinfo.28191

<patchinfo incident="28191">
  <issue id="1186449" tracker="bnc">acpi-cpufreq: Skip initializtion if a cpufreq driver exists</issue>
  <issue id="1203331" tracker="bnc">VUL-0: CVE-2022-38096: kernel: NULL pointer dereference found in vmwgfx driver</issue>
  <issue id="1203332" tracker="bnc">VUL-0: CVE-2022-36280: kernel: out-of-bounds memory access vulnerability found in vmwgfx driver</issue>
  <issue id="1204356" tracker="bnc">udev device scanning slow in Xen - processing SEQNUM=* is taking a long time</issue>
  <issue id="1204662" tracker="bnc">[15SP5][XEN] Entry into maintenance mode after boot up 15SP5 XEN kernel for AMD Zen3 test machine</issue>
  <issue id="1207051" tracker="bnc">Vul-0: CVE-2023-23559: kernel-source,kernel-rt,kernel-azure: Integer overflow in rndis_wlan that leads to a buffer overflow</issue>
  <issue id="1207773" tracker="bnc">VUL-0: CVE-2023-0045: kernel: missing Flush IBP in ib_prctl_set</issue>
  <issue id="1207795" tracker="bnc">VUL-0: CVE-2023-0590: kernel: use-after-free due to race condition in qdisc_graft()</issue>
  <issue id="1207845" tracker="bnc">VUL-0: CVE-2023-0597: kernel: x86/mm: Randomize per-cpu entry area</issue>
  <issue id="1207875" tracker="bnc">[Azure][MANA][IRQ] Fix IRQ Name - Add PCI And Queue Number</issue>
  <issue id="1207878" tracker="bnc">[ENA]  Back port DMA buffer fix in distros</issue>
  <issue id="1208023" tracker="bnc">ISST-LTE:[P10 Denali]:[32TB/232c] PVM: SLES15.3:c565slestest: LPAR crashed during Memory DLPAR operation + stress-ng test-run.</issue>
  <issue id="1208153" tracker="bnc">[MSFT][MANA][NET][Patch][SLES15] Fix accessing freed irq affinity_hint</issue>
  <issue id="1208212" tracker="bnc">vmxnet3: update to latest ToT</issue>
  <issue id="1208700" tracker="bnc">VUL-0: CVE-2023-26545: kernel-source-rt,kernel-source,kernel-source-azure: double free in net/mpls/af_mpls.c upon an allocation failure</issue>
  <issue id="1208741" tracker="bnc">VUL-0: CVE-2023-22995: kernel-source-azure,kernel-source-rt,kernel-source: error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls</issue>
  <issue id="1208813" tracker="bnc">requesting fix "nfsd: fix use-after-free due to delegation race" for 15 SP2 ESPOS</issue>
  <issue id="1208816" tracker="bnc">VUL-0: CVE-2023-23000: kernel: drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value</issue>
  <issue id="1208837" tracker="bnc">VUL-0: CVE-2023-1118: kernel-source,kernel-source-azure,kernel-source-rt: UAF drivers/media/rc directory</issue>
  <issue id="1208845" tracker="bnc">VUL-0: CVE-2023-23006: kernel-source-rt,kernel-source,kernel-source-azure: drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value</issue>
  <issue id="1208971" tracker="bnc">VUL-0: CVE-2023-1195: kernel-source,kernel-source-azure,kernel-source-rt: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c</issue>
  <issue id="2023-1118" tracker="cve" />
  <issue id="2023-23000" tracker="cve" />
  <issue id="2023-23006" tracker="cve" />
  <issue id="2023-22995" tracker="cve" />
  <issue id="2023-26545" tracker="cve" />
  <issue id="2023-0597" tracker="cve" />
  <issue id="2023-23559" tracker="cve" />
  <issue id="2022-38096" tracker="cve" />
  <issue id="2022-36280" tracker="cve" />
  <issue id="2023-0045" tracker="cve" />
  <issue id="2023-0590" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>jdelvare</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of  per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#120884).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).

The following non-security bugs were fixed:

- cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- nfsd: fix use-after-free due to delegation race (bsc#1208813).
- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places