The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095).
CVE-2023-51779: Fixed a use-after-free because of a btsockioctl race condition in btsockrecvmsg (bsc#1218559).
CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
The following non-security bugs were fixed:
Fix termination state for idrforeachentryul() (bsc#1109837).
Input: powermate - fix use-after-free in powermateconfigcomplete (git-fixes).
KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217936).
Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622).
Resolve build warnings from previous series due to missing commit for Ice Lake freerunning counters perf/x86/intel/uncore: Add box_offsets for free-running counters (jsc#PED-5023 bsc#1211439).
Revert 'Limit kernel-source-azure build to architectures for which we build binaries (bsc#1108281).'
bcache: Fix _bchbtreenodealloc to make the failure behavior consistent (git-fixes).
bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
bcache: add code comments for bchbtreenodeget() and _bchbtreenode_alloc() (git-fixes).
bcache: check return value from btreenodealloc_replacement() (git-fixes).
bcache: prevent potential division by zero error (git-fixes).
bcache: replace a mistaken ISERR() by ISERRORNULL() in btreegccoalesce() (git-fixes).
bcache: revert replacing ISERRORNULL with ISERR (git-fixes).
dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
dm cache: add cond_resched() to various workqueue loops (git-fixes).
dm crypt: add condresched() to dmcryptwrite() (git-fixes).
dm flakey: do not corrupt the zero page (git-fixes).
dm flakey: fix a crash with invalid table line (git-fixes).
dm flakey: fix logic when corrupting a bio (git-fixes).
dm integrity: call kmemcachedestroy() in dmintegrityinit() error path (git-fixes).
dm: remove flushscheduledwork() during local_exit() (git-fixes).
doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
gve: Changes to add new TX queues (bsc#1214479).
gve: Control path for DQO-QPL (bsc#1214479).
gve: Do not fully free QPL pages on prefill errors (bsc#1214479).
gve: Fix gve interrupt names (bsc#1214479).
gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
gve: RX path for DQO-QPL (bsc#1214479).
gve: Set default duplex configuration to full (bsc#1214479).
gve: Tx path for DQO-QPL (bsc#1214479).
gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
gve: fix frag_list chaining (bsc#1214479).
gve: trivial spell fix Recive to Receive (bsc#1214479).
gve: unify driver name usage (bsc#1214479).
ip6gre: proper dev{hold|put} in ndo_[un]init methods (git-fixes).
ip6tunnel: sit: proper dev{hold|put} in ndo_[un]init methods (git-fixes).
ip6vti: proper dev{hold|put} in ndo_[un]init methods (git-fixes).
ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
md/raid0: add discard support for the 'original' layout (git-fixes).
md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
md/raid1: hold the barrier until handlereaderror() finishes (git-fixes).
md: do not leave 'MDRECOVERYFROZEN' in error path of mdsetreadonly() (git-fixes).
md: raid1: fix potential OOB in raid1removedisk() (git-fixes).
md: restore 'noioflag' for the last mddevresume() (git-fixes).
mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
nbd: Add the maximum limit of allocated index in nbddevadd (git-fixes).