The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tpcreate of l2tpppp.c (bsc#1208850).
CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
CVE-2023-1390: Fixed remote DoS vulnerability in tipclinkxmit() (bsc#1209289).
CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
CVE-2023-23455: Fixed a denial of service inside atmtcenqueue in net/sched/schatm.c because of type confusion (non-negative numbers can sometimes indicate a TCACT_SHOT condition rather than valid classification results) (bsc#1207125).
CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hciconncleanup in net/bluetooth/hci_conn.c (bsc#1209052).
CVE-2023-28772: Fixed buffer overflow in seqbufputmemhex in lib/seqbuf.c (bsc#1209549).
The following non-security bugs were fixed:
ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git-fixes)
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
Bluetooth: btusb: do not call kfreeskb() under spinlock_irqsave() (git-fixes).
Input: atmelmxtts - fix double free in mxtreadinfo_block (git-fixes).
KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
PCI/MSI: Mask all unused MSI-X entries (git-fixes).
PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
PCI/PM: Always return devices to D0 when thawing (git-fixes).
PCI/PM: Avoid using devicemaywakeup() for runtime PM (git-fixes).