SUSE 5099 Published by

The following updates are available for openSUSE Leap and SUSE Linux Enterprise:

SUSE-SU-2024:0857-1: important: Security update for the Linux Kernel
SUSE-SU-2024:0858-1: important: Security update for the Linux Kernel
SUSE-SU-2024:0834-1: important: Security update for sudo
SUSE-SU-2024:0847-1: important: Security update for java-1_8_0-openjdk
SUSE-SU-2024:0852-1: moderate: Security update for axis




SUSE-SU-2024:0857-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0857-1
Rating: important
References:

* bsc#1200599
* bsc#1207653
* bsc#1212514
* bsc#1213456
* bsc#1216223
* bsc#1218195
* bsc#1218689
* bsc#1218915
* bsc#1219127
* bsc#1219128
* bsc#1219146
* bsc#1219295
* bsc#1219653
* bsc#1219827
* bsc#1219835
* bsc#1219915
* bsc#1220009
* bsc#1220140
* bsc#1220187
* bsc#1220238
* bsc#1220240
* bsc#1220241
* bsc#1220243
* bsc#1220250
* bsc#1220253
* bsc#1220255
* bsc#1220328
* bsc#1220330
* bsc#1220344
* bsc#1220398
* bsc#1220409
* bsc#1220416
* bsc#1220418
* bsc#1220421
* bsc#1220436
* bsc#1220444
* bsc#1220459
* bsc#1220469
* bsc#1220482
* bsc#1220526
* bsc#1220538
* bsc#1220570
* bsc#1220572
* bsc#1220599
* bsc#1220627
* bsc#1220641
* bsc#1220649
* bsc#1220660
* bsc#1220689
* bsc#1220700
* bsc#1220735
* bsc#1220736
* bsc#1220737
* bsc#1220742
* bsc#1220745
* bsc#1220767
* bsc#1220796
* bsc#1220825
* bsc#1220826
* bsc#1220831
* bsc#1220845
* bsc#1220860
* bsc#1220863
* bsc#1220870
* bsc#1220917
* bsc#1220918
* bsc#1220930
* bsc#1220931
* bsc#1220932
* bsc#1221039
* bsc#1221040

Cross-References:

* CVE-2019-25162
* CVE-2020-36777
* CVE-2020-36784
* CVE-2021-46904
* CVE-2021-46905
* CVE-2021-46906
* CVE-2021-46915
* CVE-2021-46924
* CVE-2021-46929
* CVE-2021-46932
* CVE-2021-46934
* CVE-2021-46953
* CVE-2021-46964
* CVE-2021-46966
* CVE-2021-46968
* CVE-2021-46974
* CVE-2021-46989
* CVE-2021-47005
* CVE-2021-47012
* CVE-2021-47013
* CVE-2021-47054
* CVE-2021-47060
* CVE-2021-47061
* CVE-2021-47069
* CVE-2021-47076
* CVE-2021-47078
* CVE-2021-47083
* CVE-2022-20154
* CVE-2022-48627
* CVE-2023-28746
* CVE-2023-35827
* CVE-2023-46343
* CVE-2023-51042
* CVE-2023-52340
* CVE-2023-52429
* CVE-2023-52439
* CVE-2023-52443
* CVE-2023-52445
* CVE-2023-52448
* CVE-2023-52449
* CVE-2023-52451
* CVE-2023-52463
* CVE-2023-52475
* CVE-2023-52478
* CVE-2023-52482
* CVE-2023-52502
* CVE-2023-52530
* CVE-2023-52531
* CVE-2023-52532
* CVE-2023-52569
* CVE-2023-52574
* CVE-2023-52597
* CVE-2023-52605
* CVE-2023-6817
* CVE-2024-0340
* CVE-2024-0607
* CVE-2024-1151
* CVE-2024-23849
* CVE-2024-23851
* CVE-2024-26585
* CVE-2024-26586
* CVE-2024-26589
* CVE-2024-26593
* CVE-2024-26595
* CVE-2024-26602
* CVE-2024-26607
* CVE-2024-26622

CVSS scores:

* CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-36777 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2020-36784 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46905 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-46906 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-46915 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-46934 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46968 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46974 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-47005 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47012 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47060 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47061 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47076 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47078 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-47083 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2022-20154 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-20154 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46343 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46343 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26607 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2

An update that solves 67 vulnerabilities and has four security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220831).
* CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
PTR_TO_FLOW_KEYS (bsc#1220255).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220187).
* CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
* CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
(bsc#1218915).
* CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
* CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
* CVE-2021-46932: Fixed missing work initialization before device registration
(bsc#1220444)
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238).
* CVE-2023-52475: Fixed use-after-free in powermate_config_complete
(bsc#1220649)
* CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
* CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init
(bsc#1220436).
* CVE-2021-46924: Fixed fix memory leak in device probe and remove
(bsc#1220459)
* CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
* CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails
(bsc#1220570).
* CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
* CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge()
(CVE-2023-46343).
* CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
* CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
* CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
* CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
* CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send
(bsc#1220641).
* CVE-2024-26586: Fixed stack corruption (bsc#1220243).
* CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
* CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253).
* CVE-2024-1151: Fixed unlimited number of recursions from action sets
(bsc#1219835).
* CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127).
* CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
(bsc#1218689).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed
(bsc#1220863)
* CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was
supplied (bsc#1220860)
* CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
* CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to
insert delayed dir index item (bsc#1220918).
* CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors
(bsc#1220735).
* CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
* CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer
(bsc#1220845).
* CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
* CVE-2021-46934: Fixed a bug by validating user data in compat ioctl
(bsc#1220469).
* CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work()
(bsc#1212514).
* CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
* CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
(bsc#1220930).
* CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
* CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek:
(bsc#1220917).
* CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
* CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features()
(bsc#1220660).
* CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones
if the bus is destroyed (bsc#1220742).
* CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
* CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate
in hfsplus (bsc#1220737).
* CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister
failure _after_ sync'ing SRCU (bsc#1220745).

The following non-security bugs were fixed:

* EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
* ext4: fix deadlock due to mbcache entry corruption (bsc#1207653
bsc#1219915).
* ibmvfc: make 'max_sectors' a module option (bsc#1216223).
* KVM: Destroy target device if coalesced MMIO unregistration fails (git-
fixes).
* KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio
(git-fixes).
* KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
* KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-
fixes).
* KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(git-fixes).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
* scsi: Update max_hw_sectors on rescan (bsc#1216223).
* x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
* x86/bugs: Add asm helpers for executing VERW (git-fixes).
* x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-
fixes). Also add the removed mds_user_clear symbol to kABI severities as it
is exposed just for KVM module and is generally a core kernel component so
removing it is low risk.
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
* x86/entry_32: Add VERW just before userspace transition (git-fixes).
* x86/entry_64: Add VERW just before userspace transition (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-857=1

* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-857=1

* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-857=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-857=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-857=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-857=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-857=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-857=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-857=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-857=1

## Package List:

* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (noarch)
* kernel-devel-5.3.18-150300.59.153.2
* kernel-docs-html-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-source-5.3.18-150300.59.153.2
* kernel-source-vanilla-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-kvmsmall-5.3.18-150300.59.153.2
* kernel-debug-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.3.18-150300.59.153.2
* kernel-debug-debuginfo-5.3.18-150300.59.153.2
* kernel-kvmsmall-devel-5.3.18-150300.59.153.2
* kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.153.2
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.153.2
* kernel-kvmsmall-debugsource-5.3.18-150300.59.153.2
* kernel-debug-livepatch-devel-5.3.18-150300.59.153.2
* kernel-debug-devel-5.3.18-150300.59.153.2
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.153.2
* kernel-debug-debugsource-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* dlm-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-livepatch-devel-5.3.18-150300.59.153.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-extra-debuginfo-5.3.18-150300.59.153.2
* kernel-obs-build-5.3.18-150300.59.153.2
* kernel-obs-qa-5.3.18-150300.59.153.1
* kernel-default-optional-5.3.18-150300.59.153.2
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kselftests-kmp-default-5.3.18-150300.59.153.2
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.153.2
* cluster-md-kmp-default-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-extra-5.3.18-150300.59.153.2
* dlm-kmp-default-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-default-livepatch-5.3.18-150300.59.153.2
* kernel-syms-5.3.18-150300.59.153.1
* kernel-default-debugsource-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-default-5.3.18-150300.59.153.2
* kernel-default-optional-debuginfo-5.3.18-150300.59.153.2
* ocfs2-kmp-default-5.3.18-150300.59.153.2
* kernel-default-base-rebuild-5.3.18-150300.59.153.2.150300.18.90.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_153-default-debuginfo-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_153-default-1-150300.7.3.2
* kernel-livepatch-SLE15-SP3_Update_42-debugsource-1-150300.7.3.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_153-preempt-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_153-preempt-debuginfo-1-150300.7.3.2
* openSUSE Leap 15.3 (aarch64 x86_64)
* kselftests-kmp-preempt-5.3.18-150300.59.153.2
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-optional-5.3.18-150300.59.153.2
* dlm-kmp-preempt-5.3.18-150300.59.153.2
* ocfs2-kmp-preempt-5.3.18-150300.59.153.2
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-extra-5.3.18-150300.59.153.2
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-preempt-5.3.18-150300.59.153.2
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-preempt-5.3.18-150300.59.153.2
* cluster-md-kmp-preempt-5.3.18-150300.59.153.2
* kernel-preempt-livepatch-devel-5.3.18-150300.59.153.2
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.153.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.153.2
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.153.1
* openSUSE Leap 15.3 (aarch64)
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-sprd-5.3.18-150300.59.153.1
* dtb-exynos-5.3.18-150300.59.153.1
* dtb-zte-5.3.18-150300.59.153.1
* dtb-broadcom-5.3.18-150300.59.153.1
* gfs2-kmp-64kb-5.3.18-150300.59.153.2
* reiserfs-kmp-64kb-5.3.18-150300.59.153.2
* kernel-64kb-extra-5.3.18-150300.59.153.2
* ocfs2-kmp-64kb-5.3.18-150300.59.153.2
* kselftests-kmp-64kb-5.3.18-150300.59.153.2
* dtb-cavium-5.3.18-150300.59.153.1
* dtb-socionext-5.3.18-150300.59.153.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.153.2
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-rockchip-5.3.18-150300.59.153.1
* cluster-md-kmp-64kb-5.3.18-150300.59.153.2
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-allwinner-5.3.18-150300.59.153.1
* dtb-hisilicon-5.3.18-150300.59.153.1
* dtb-amlogic-5.3.18-150300.59.153.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dlm-kmp-64kb-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.153.2
* dtb-nvidia-5.3.18-150300.59.153.1
* kernel-64kb-livepatch-devel-5.3.18-150300.59.153.2
* dtb-qcom-5.3.18-150300.59.153.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.153.2
* dtb-mediatek-5.3.18-150300.59.153.1
* dtb-arm-5.3.18-150300.59.153.1
* dtb-apm-5.3.18-150300.59.153.1
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-optional-5.3.18-150300.59.153.2
* dtb-altera-5.3.18-150300.59.153.1
* dtb-renesas-5.3.18-150300.59.153.1
* dtb-marvell-5.3.18-150300.59.153.1
* kernel-64kb-devel-5.3.18-150300.59.153.2
* dtb-xilinx-5.3.18-150300.59.153.1
* dtb-lg-5.3.18-150300.59.153.1
* dtb-al-5.3.18-150300.59.153.1
* dtb-freescale-5.3.18-150300.59.153.1
* dtb-amd-5.3.18-150300.59.153.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.153.2
* kernel-default-livepatch-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* kernel-livepatch-5_3_18-150300_59_153-default-1-150300.7.3.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.3.18-150300.59.153.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.153.2
* cluster-md-kmp-default-5.3.18-150300.59.153.2
* gfs2-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.153.2
* dlm-kmp-default-5.3.18-150300.59.153.2
* ocfs2-kmp-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-devel-5.3.18-150300.59.153.2
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-devel-5.3.18-150300.59.153.2
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.153.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.153.2
* kernel-64kb-devel-5.3.18-150300.59.153.2
* kernel-64kb-debuginfo-5.3.18-150300.59.153.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.153.2
* kernel-default-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.153.2
* kernel-syms-5.3.18-150300.59.153.1
* kernel-obs-build-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-5.3.18-150300.59.153.2
* kernel-preempt-debugsource-5.3.18-150300.59.153.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.153.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-devel-5.3.18-150300.59.153.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-obs-build-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-source-5.3.18-150300.59.153.2
* kernel-macros-5.3.18-150300.59.153.2
* kernel-devel-5.3.18-150300.59.153.2
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.153.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.153.2.150300.18.90.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.153.2
* kernel-default-debugsource-5.3.18-150300.59.153.2

## References:

* https://www.suse.com/security/cve/CVE-2019-25162.html
* https://www.suse.com/security/cve/CVE-2020-36777.html
* https://www.suse.com/security/cve/CVE-2020-36784.html
* https://www.suse.com/security/cve/CVE-2021-46904.html
* https://www.suse.com/security/cve/CVE-2021-46905.html
* https://www.suse.com/security/cve/CVE-2021-46906.html
* https://www.suse.com/security/cve/CVE-2021-46915.html
* https://www.suse.com/security/cve/CVE-2021-46924.html
* https://www.suse.com/security/cve/CVE-2021-46929.html
* https://www.suse.com/security/cve/CVE-2021-46932.html
* https://www.suse.com/security/cve/CVE-2021-46934.html
* https://www.suse.com/security/cve/CVE-2021-46953.html
* https://www.suse.com/security/cve/CVE-2021-46964.html
* https://www.suse.com/security/cve/CVE-2021-46966.html
* https://www.suse.com/security/cve/CVE-2021-46968.html
* https://www.suse.com/security/cve/CVE-2021-46974.html
* https://www.suse.com/security/cve/CVE-2021-46989.html
* https://www.suse.com/security/cve/CVE-2021-47005.html
* https://www.suse.com/security/cve/CVE-2021-47012.html
* https://www.suse.com/security/cve/CVE-2021-47013.html
* https://www.suse.com/security/cve/CVE-2021-47054.html
* https://www.suse.com/security/cve/CVE-2021-47060.html
* https://www.suse.com/security/cve/CVE-2021-47061.html
* https://www.suse.com/security/cve/CVE-2021-47069.html
* https://www.suse.com/security/cve/CVE-2021-47076.html
* https://www.suse.com/security/cve/CVE-2021-47078.html
* https://www.suse.com/security/cve/CVE-2021-47083.html
* https://www.suse.com/security/cve/CVE-2022-20154.html
* https://www.suse.com/security/cve/CVE-2022-48627.html
* https://www.suse.com/security/cve/CVE-2023-28746.html
* https://www.suse.com/security/cve/CVE-2023-35827.html
* https://www.suse.com/security/cve/CVE-2023-46343.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52429.html
* https://www.suse.com/security/cve/CVE-2023-52439.html
* https://www.suse.com/security/cve/CVE-2023-52443.html
* https://www.suse.com/security/cve/CVE-2023-52445.html
* https://www.suse.com/security/cve/CVE-2023-52448.html
* https://www.suse.com/security/cve/CVE-2023-52449.html
* https://www.suse.com/security/cve/CVE-2023-52451.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52475.html
* https://www.suse.com/security/cve/CVE-2023-52478.html
* https://www.suse.com/security/cve/CVE-2023-52482.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52530.html
* https://www.suse.com/security/cve/CVE-2023-52531.html
* https://www.suse.com/security/cve/CVE-2023-52532.html
* https://www.suse.com/security/cve/CVE-2023-52569.html
* https://www.suse.com/security/cve/CVE-2023-52574.html
* https://www.suse.com/security/cve/CVE-2023-52597.html
* https://www.suse.com/security/cve/CVE-2023-52605.html
* https://www.suse.com/security/cve/CVE-2023-6817.html
* https://www.suse.com/security/cve/CVE-2024-0340.html
* https://www.suse.com/security/cve/CVE-2024-0607.html
* https://www.suse.com/security/cve/CVE-2024-1151.html
* https://www.suse.com/security/cve/CVE-2024-23849.html
* https://www.suse.com/security/cve/CVE-2024-23851.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26586.html
* https://www.suse.com/security/cve/CVE-2024-26589.html
* https://www.suse.com/security/cve/CVE-2024-26593.html
* https://www.suse.com/security/cve/CVE-2024-26595.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26607.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200599
* https://bugzilla.suse.com/show_bug.cgi?id=1207653
* https://bugzilla.suse.com/show_bug.cgi?id=1212514
* https://bugzilla.suse.com/show_bug.cgi?id=1213456
* https://bugzilla.suse.com/show_bug.cgi?id=1216223
* https://bugzilla.suse.com/show_bug.cgi?id=1218195
* https://bugzilla.suse.com/show_bug.cgi?id=1218689
* https://bugzilla.suse.com/show_bug.cgi?id=1218915
* https://bugzilla.suse.com/show_bug.cgi?id=1219127
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219146
* https://bugzilla.suse.com/show_bug.cgi?id=1219295
* https://bugzilla.suse.com/show_bug.cgi?id=1219653
* https://bugzilla.suse.com/show_bug.cgi?id=1219827
* https://bugzilla.suse.com/show_bug.cgi?id=1219835
* https://bugzilla.suse.com/show_bug.cgi?id=1219915
* https://bugzilla.suse.com/show_bug.cgi?id=1220009
* https://bugzilla.suse.com/show_bug.cgi?id=1220140
* https://bugzilla.suse.com/show_bug.cgi?id=1220187
* https://bugzilla.suse.com/show_bug.cgi?id=1220238
* https://bugzilla.suse.com/show_bug.cgi?id=1220240
* https://bugzilla.suse.com/show_bug.cgi?id=1220241
* https://bugzilla.suse.com/show_bug.cgi?id=1220243
* https://bugzilla.suse.com/show_bug.cgi?id=1220250
* https://bugzilla.suse.com/show_bug.cgi?id=1220253
* https://bugzilla.suse.com/show_bug.cgi?id=1220255
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220330
* https://bugzilla.suse.com/show_bug.cgi?id=1220344
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220409
* https://bugzilla.suse.com/show_bug.cgi?id=1220416
* https://bugzilla.suse.com/show_bug.cgi?id=1220418
* https://bugzilla.suse.com/show_bug.cgi?id=1220421
* https://bugzilla.suse.com/show_bug.cgi?id=1220436
* https://bugzilla.suse.com/show_bug.cgi?id=1220444
* https://bugzilla.suse.com/show_bug.cgi?id=1220459
* https://bugzilla.suse.com/show_bug.cgi?id=1220469
* https://bugzilla.suse.com/show_bug.cgi?id=1220482
* https://bugzilla.suse.com/show_bug.cgi?id=1220526
* https://bugzilla.suse.com/show_bug.cgi?id=1220538
* https://bugzilla.suse.com/show_bug.cgi?id=1220570
* https://bugzilla.suse.com/show_bug.cgi?id=1220572
* https://bugzilla.suse.com/show_bug.cgi?id=1220599
* https://bugzilla.suse.com/show_bug.cgi?id=1220627
* https://bugzilla.suse.com/show_bug.cgi?id=1220641
* https://bugzilla.suse.com/show_bug.cgi?id=1220649
* https://bugzilla.suse.com/show_bug.cgi?id=1220660
* https://bugzilla.suse.com/show_bug.cgi?id=1220689
* https://bugzilla.suse.com/show_bug.cgi?id=1220700
* https://bugzilla.suse.com/show_bug.cgi?id=1220735
* https://bugzilla.suse.com/show_bug.cgi?id=1220736
* https://bugzilla.suse.com/show_bug.cgi?id=1220737
* https://bugzilla.suse.com/show_bug.cgi?id=1220742
* https://bugzilla.suse.com/show_bug.cgi?id=1220745
* https://bugzilla.suse.com/show_bug.cgi?id=1220767
* https://bugzilla.suse.com/show_bug.cgi?id=1220796
* https://bugzilla.suse.com/show_bug.cgi?id=1220825
* https://bugzilla.suse.com/show_bug.cgi?id=1220826
* https://bugzilla.suse.com/show_bug.cgi?id=1220831
* https://bugzilla.suse.com/show_bug.cgi?id=1220845
* https://bugzilla.suse.com/show_bug.cgi?id=1220860
* https://bugzilla.suse.com/show_bug.cgi?id=1220863
* https://bugzilla.suse.com/show_bug.cgi?id=1220870
* https://bugzilla.suse.com/show_bug.cgi?id=1220917
* https://bugzilla.suse.com/show_bug.cgi?id=1220918
* https://bugzilla.suse.com/show_bug.cgi?id=1220930
* https://bugzilla.suse.com/show_bug.cgi?id=1220931
* https://bugzilla.suse.com/show_bug.cgi?id=1220932
* https://bugzilla.suse.com/show_bug.cgi?id=1221039
* https://bugzilla.suse.com/show_bug.cgi?id=1221040



SUSE-SU-2024:0858-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0858-1
Rating: important
References:

* bsc#1194869
* bsc#1206453
* bsc#1209412
* bsc#1213456
* bsc#1216776
* bsc#1217927
* bsc#1218195
* bsc#1218216
* bsc#1218450
* bsc#1218527
* bsc#1218663
* bsc#1218915
* bsc#1219126
* bsc#1219127
* bsc#1219141
* bsc#1219146
* bsc#1219295
* bsc#1219443
* bsc#1219653
* bsc#1219827
* bsc#1219835
* bsc#1219839
* bsc#1219840
* bsc#1219934
* bsc#1220003
* bsc#1220009
* bsc#1220021
* bsc#1220030
* bsc#1220106
* bsc#1220140
* bsc#1220187
* bsc#1220238
* bsc#1220240
* bsc#1220241
* bsc#1220243
* bsc#1220250
* bsc#1220251
* bsc#1220253
* bsc#1220254
* bsc#1220255
* bsc#1220257
* bsc#1220267
* bsc#1220277
* bsc#1220317
* bsc#1220326
* bsc#1220328
* bsc#1220330
* bsc#1220335
* bsc#1220344
* bsc#1220348
* bsc#1220350
* bsc#1220364
* bsc#1220392
* bsc#1220393
* bsc#1220398
* bsc#1220409
* bsc#1220444
* bsc#1220457
* bsc#1220459
* bsc#1220649
* bsc#1220796
* bsc#1220825
* jsc#PED-7618

Cross-References:

* CVE-2019-25162
* CVE-2021-46923
* CVE-2021-46924
* CVE-2021-46932
* CVE-2023-28746
* CVE-2023-5197
* CVE-2023-52340
* CVE-2023-52429
* CVE-2023-52439
* CVE-2023-52443
* CVE-2023-52445
* CVE-2023-52447
* CVE-2023-52448
* CVE-2023-52449
* CVE-2023-52451
* CVE-2023-52452
* CVE-2023-52456
* CVE-2023-52457
* CVE-2023-52463
* CVE-2023-52464
* CVE-2023-52475
* CVE-2023-52478
* CVE-2023-6817
* CVE-2024-0607
* CVE-2024-1151
* CVE-2024-23849
* CVE-2024-23850
* CVE-2024-23851
* CVE-2024-25744
* CVE-2024-26585
* CVE-2024-26586
* CVE-2024-26589
* CVE-2024-26591
* CVE-2024-26593
* CVE-2024-26595
* CVE-2024-26598
* CVE-2024-26602
* CVE-2024-26603
* CVE-2024-26622

CVSS scores:

* CVE-2019-25162 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-46923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46924 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46932 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52443 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52445 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52447 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52448 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52451 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52452 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52456 ( SUSE ): 4.0 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52457 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52475 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52478 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23850 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26589 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26593 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5

An update that solves 39 vulnerabilities, contains one feature and has 23
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

* CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
* CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
* CVE-2021-46924: Fixed fix memory leak in device probe and remove
(bsc#1220459)
* CVE-2021-46932: Fixed missing work initialization before device registration
(bsc#1220444)
* CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
* CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from
chain bindings within the same transaction (bsc#1218216).
* CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the
Linux kernel by forcing 100% CPU (bsc#1219295).
* CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-
table.c (bsc#1219827).
* CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
* CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
* CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
* CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
(bsc#1220251).
* CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump
(bsc#1220253).
* CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier
(bsc#1220238).
* CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
* CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
* CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
* CVE-2023-52457: Fixed skipped resource freeing if
pm_runtime_resume_and_get() failed (bsc#1220350).
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
* CVE-2023-52475: Fixed use-after-free in powermate_config_complete
(bsc#1220649)
* CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
* CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
* CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval()
(bsc#1218915).
* CVE-2024-1151: Fixed unlimited number of recursions from action sets
(bsc#1219835).
* CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv
(bsc#1219127).
* CVE-2024-23850: Fixed double free of anonymous device after snapshot
creation failure (bsc#1219126).
* CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c
(bsc#1219146).
* CVE-2024-25744: Fixed Security issue with int 80 interrupt vector
(bsc#1217927).
* CVE-2024-26585: Fixed race between tx work scheduling and socket close
(bsc#1220187).
* CVE-2024-26586: Fixed stack corruption (bsc#1220243).
* CVE-2024-26589: Fixed out of bounds read due to variable offset alu on
PTR_TO_FLOW_KEYS (bsc#1220255).
* CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach
(bsc#1220254).
* CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
* CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
* CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
* CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
* CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
* CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).

The following non-security bugs were fixed:

* acpi: apei: set memory failure flags as mf_action_required on synchronous
events (git-fixes).
* acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
* acpi: extlog: fix null pointer dereference check (git-fixes).
* acpi: resource: add asus model s5402za to quirks (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
* acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
* acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
* acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2
(git-fixes).
* acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371
amd version) (git-fixes).
* acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
* add reference to recently released cve
* afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-
fixes).
* afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
(git-fixes).
* afs: hide silly-rename files from userspace (git-fixes).
* afs: increase buffer size in afs_update_volume_status() (git-fixes).
* ahci: asm1166: correct count of reported ports (git-fixes).
* alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
* alsa: firewire-lib: fix to check cycle continuity (git-fixes).
* alsa: hda/conexant: add quirk for sws js201d (git-fixes).
* alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads
(git-fixes).
* alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
* alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-
fixes).
* alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
* alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
* alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
* alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
* alsa: hda/realtek: fix the external mic not being recognised for acer swift
1 sf114-32 (git-fixes).
* alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
* alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
* alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
* alsa: usb-audio: check presence of valid altsetting control (git-fixes).
* alsa: usb-audio: ignore clock selector errors for single connection (git-
fixes).
* alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
* alsa: usb-audio: sort quirk table entries (git-fixes).
* arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
* arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
* arm64: entry: simplify tramp_alias macro and tramp_exit routine
(bsc#1219443)
* arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443)
enable workaround.
* arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443)
enable workaround without kabi break.
* arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes)
enable ampere_erratum_ac03_cpu_38 workaround without kabi break
* arm64: irq: set the correct node for shadow call stack (git-fixes)
* arm64: irq: set the correct node for vmap stack (git-fixes)
* arm64: rename arm64_workaround_2966298 (bsc#1219443)
* arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-
fixes)
* asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
* asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
* asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
* asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
* atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
* bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
* bluetooth: enforce validation on max value of connection interval (git-
fixes).
* bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
* bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
* bluetooth: hci_sync: check the correct flag before starting a scan (git-
fixes).
* bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
* bluetooth: l2cap: fix possible multiple reject send (git-fixes).
* bluetooth: qca: fix wrong event type for patch config command (git-fixes).
* bpf: fix verification of indirect var-off stack access (git-fixes).
* bpf: guard stack limits against 32bit overflow (git-fixes).
* bpf: minor logging improvement (bsc#1220257).
* bus: moxtet: add spi device table (git-fixes).
* cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
* can: j1939: fix uaf in j1939_sk_match_filter during
setsockopt(so_j1939_filter) (git-fixes).
* crypto: api - disallow identical driver names (git-fixes).
* crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked
(git-fixes).
* crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
* crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
* dmaengine: fsl-qdma: fix a memory leak related to the queue command dma
(git-fixes).
* dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
* dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
* dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
* dmaengine: ptdma: use consistent dma masks (git-fixes).
* dmaengine: shdma: increase size of 'dev_id' (git-fixes).
* dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-
fixes).
* driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
* drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
* drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()'
(git-fixes).
* drm/amd/display: fix possible null dereference on device remove/driver
unload (git-fixes).
* drm/amd/display: increase frame-larger-than for all display_mode_vba files
(git-fixes).
* drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
* drm/amd/display: preserve original aspect ratio in create stream (git-
fixes).
* drm/amdgpu/display: initialize gamma correction mode variable in
dcn30_get_gamcor_current() (git-fixes).
* drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
* drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
* drm/buddy: fix range bias (git-fixes).
* drm/crtc: fix uninitialized variable use even harder (git-fixes).
* drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
* drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case
(git-fixes).
* drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-
fixes).
* drm/msms/dp: fixed link clock divider bits be over written in bpc unknown
case (git-fixes).
* drm/prime: support page array >= 4gb (git-fixes).
* drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set
(git-fixes).
* drm/ttm: fix an invalid freeing on already freed page in error path (git-
fixes).
* drop bcm5974 input patch causing a regression (bsc#1220030)
* efi/capsule-loader: fix incorrect allocation size (git-fixes).
* efi: do not add memblocks for soft-reserved memory (git-fixes).
* efi: runtime: fix potential overflow of soft-reserved region size (git-
fixes).
* fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
* fbdev: savage: error out if pixclock equals zero (git-fixes).
* fbdev: sis: error out if pixclock equals zero (git-fixes).
* firewire: core: send bus reset promptly on gap count error (git-fixes).
* fs: dlm: fix build with config_ipv6 disabled (git-fixes).
* fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
* gpio: 74x164: enable output pins after registers are reset (git-fixes).
* gpio: fix resource unwinding order in error path (git-fixes).
* gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
* gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-
fixes).
* hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
* hid: apple: add support for the 2021 magic keyboard (git-fixes).
* hid: wacom: do not register input devices until after hid_hw_start (git-
fixes).
* hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-
fixes).
* hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
* hwmon: (coretemp) enlarge per package core count limit (git-fixes).
* hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
* hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
* i2c: i801: fix block process call transactions (git-fixes).
* i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
* i2c: imx: add timer for handling the stop condition (git-fixes).
* i2c: imx: when being a target, mark the last read as processed (git-fixes).
* i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
* ib/hfi1: fix a memleak in init_credit_return (git-fixes)
* ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
* iio: accel: bma400: fix a compilation problem (git-fixes).
* iio: adc: ad7091r: set alert bit in config register (git-fixes).
* iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
* iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-
fixes).
* iio: magnetometer: rm3100: add boundary check for the value read from
rm3100_reg_tmrc (git-fixes).
* input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr()
(git-fixes).
* input: xpad - add lenovo legion go controllers (git-fixes).
* irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes).
* irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
* jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
* jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
* jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
* jfs: fix uaf in jfs_evict_inode (git-fixes).
* kbuild: fix changing elf file type for output of gen_btf for big endian
(git-fixes).
* kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
* kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
* kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
* kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
* kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-
fixes).
* lan78xx: enable auto speed configuration for lan7850 if no eeprom is
detected (git-fixes).
* leds: trigger: panic: do not register panic notifier if creating the trigger
failed (git-fixes).
* lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
* lib/stackdepot: add refcount for records (jsc-ped#7423).
* lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
* lib/stackdepot: move stack_record struct definition into the header (jsc-
ped#7423).
* libsubcmd: fix memory leak in uniq() (git-fixes).
* media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
* media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
* media: rc: bpf attach/detach requires write permission (git-fixes).
* media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
* media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
* mfd: syscon: fix null pointer dereference in of_syscon_register() (git-
fixes).
* mm,page_owner: display all stacks and their count (jsc-ped#7423).
* mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
* mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
* mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
* mm,page_owner: update documentation regarding page_owner_stacks (jsc-
ped#7423).
* mm/hwpoison: fix unpoison_memory() (bsc#1218663).
* mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
* mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
* mm: memory-failure: fix potential unexpected return value from
unpoison_memory() (git-fixes).
* mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
* mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
* mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
* mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
* mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
* mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
* modpost: trim leading spaces when processing source files list (git-fixes).
* mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
* net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
* netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
* nilfs2: fix data corruption in dsync block recovery for small block sizes
(git-fixes).
* nilfs2: replace warn_ons for invalid dat metadata block requests (git-
fixes).
* nouveau/svm: fix kvcalloc() argument order (git-fixes).
* nouveau: fix function cast warnings (git-fixes).
* ntfs: check overflow when iterating attr_records (git-fixes).
* ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
* nvme-fabrics: fix i/o connect error handling (git-fixes).
* nvme-host: fix the updating of the firmware version (git-fixes).
* pci/aer: decode requester id when no error info found (git-fixes).
* pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
* pci: add pci_header_type_mfd definition (bsc#1220021).
* pci: fix 64gt/s effective data rate calculation (git-fixes).
* pci: only override amd usb controller if required (git-fixes).
* pci: switchtec: fix stdev_release() crash after surprise hot remove (git-
fixes).
* platform/x86: thinkpad_acpi: only update profile if successfully converted
(git-fixes).
* platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet
(git-fixes).
* platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names
(git-fixes).
* pm: core: remove unnecessary (void *) conversions (git-fixes).
* pm: runtime: have devm_pm_runtime_enable() handle
pm_runtime_dont_use_autosuspend() (git-fixes).
* pnp: acpi: fix fortify warning (git-fixes).
* power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
* powerpc/64: set task pt_regs->link to the lr value on scv entry
(bsc#1194869).
* powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
* powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser
(bsc#1220348).
* powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt
(bsc#1194869).
* powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features
(bsc#1220348).
* powerpc/watchpoint: disable pagefaults when getting user instruction
(bsc#1194869).
* powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
* powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
* powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
* powerpc: do not include lppaca.h in paca.h (bsc#1194869).
* pstore/ram: fix crash when setting number of cpus to an odd number (git-
fixes).
* ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
* ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
* ras: introduce a fru memory poison manager (jsc#ped-7618).
* rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
* rdma/bnxt_re: return error for srq resize (git-fixes)
* rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
* rdma/core: get ib width and speed from netdev (bsc#1219934).
* rdma/irdma: add ae for too many rnrs (git-fixes)
* rdma/irdma: fix kasan issue with tasklet (git-fixes)
* rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
* rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
* rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
* rdma/srpt: fix function pointer cast warnings (git-fixes)
* rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
* refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io
(bsc#1216776, bsc#1220277)
* regulator: core: only increment use_count when enable_count changes (git-
fixes).
* regulator: pwm-regulator: add validity checks in continuous .get_voltage
(git-fixes).
* revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-
fixes).
* revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
* revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
* rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
(bsc#1219653) they are put into -devel subpackage. and a proper link to
/usr/share/gdb/auto-load/ is created.
* s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes
bsc#1219840).
* s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
* sched/membarrier: reduce the ability to hammer on sys_membarrier (git-
fixes).
* scsi: core: move scsi_host_busy() out of host lock for waking up eh handler
(git-fixes).
* scsi: core: move scsi_host_busy() out of host lock if it is for per-command
(git-fixes).
* scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes
bsc#1219141).
* scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
* scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
* scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
* scsi: isci: fix an error code problem in isci_io_request_build() (git-
fixes).
* scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an
abts (bsc#1220021).
* scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric
nodes (bsc#1220021).
* scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
* scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
* scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
* scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
* scsi: lpfc: fix failure to delete vports when discovery is in progress
(bsc#1220021).
* scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
* scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list()
(bsc#1220021).
* scsi: lpfc: move handling of reset congestion statistics events
(bsc#1220021).
* scsi: lpfc: protect vport fc_nodes list with an explicit spin lock
(bsc#1220021).
* scsi: lpfc: remove d_id swap log message from trace event logger
(bsc#1220021).
* scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for
ndlps (bsc#1220021).
* scsi: lpfc: remove shost_lock protection for fc_host_port shost apis
(bsc#1220021).
* scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
* scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn
notifications (bsc#1220021).
* scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
* scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
* scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length
(bsc#1220021).
* scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
* scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git-
fixes bsc#1219141).
* serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
* spi-mxs: fix chipselect glitch (git-fixes).
* spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-
fixes).
* spi: ppc4xx: drop write-only variable (git-fixes).
* spi: sh-msiof: avoid integer overflow in constants (git-fixes).
* staging: iio: ad5933: fix type mismatch regression (git-fixes).
* supported.conf: remove external flag from ibm supported modules.
(bsc#1209412)
* tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
* tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
* topology/sysfs: add format parameter to macro defining "show" functions for
proc (jsc#ped-7618).
* topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
* tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
* ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
* usb: cdns3: fix memory double free when handle zero packet (git-fixes).
* usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-
fixes).
* usb: cdns3: modify the return value of cdns_set_active () to void when
config_pm_sleep is disabled (git-fixes).
* usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
* usb: cdns: readd old api (git-fixes).
* usb: cdnsp: blocked some cdns3 specific code (git-fixes).
* usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers
(git-fixes).
* usb: dwc3: gadget: do not disconnect if not started (git-fixes).
* usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
* usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
* usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
* usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api
(git-fixes).
* usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-
fixes).
* usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
* usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
* usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
* usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
* usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
* usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
* usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
* usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
* usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-
fixes).
* usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
* usb: gadget: udc: handle gadget_connect failure during bind operation (git-
fixes).
* usb: hub: check for alternate port before enabling a_alt_hnp_support
(bsc#1218527).
* usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
* usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-
fixes).
* usb: roles: fix null pointer issue when put module's reference (git-fixes).
* usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
* usb: serial: option: add fibocom fm101-gl variant (git-fixes).
* usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
* watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-
fixes).
* wifi: ath11k: fix registration of 6ghz-only phy without the full channel
range (git-fixes).
* wifi: ath9k: fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (git-fixes).
* wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
* wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
* wifi: iwlwifi: fix some error codes (git-fixes).
* wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
* wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-
fixes).
* wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
* wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
* wifi: nl80211: reject iftype change with mesh id change (git-fixes).
* wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
* wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
* wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
* wifi: wext-core: fix -wstringop-overflow warning in
ioctl_standard_iw_point() (git-fixes).
* x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
* x86/bugs: add asm helpers for executing verw (git-fixes).
* x86/bugs: use alternative() instead of mds_user_clear static key (git-
fixes). also add mds_user_clear to kabi severities since it's strictly
mitigation related so should be low risk.
* x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
* x86/entry_32: add verw just before userspace transition (git-fixes).
* x86/entry_64: add verw just before userspace transition (git-fixes).
* x86/mm: fix memory encryption features advertisement (bsc#1206453).
* xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
* xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-858=1 openSUSE-SLE-15.5-2024-858=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-858=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-858=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-858=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-858=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-858=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-858=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-858=1

## Package List:

* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-vanilla-5.14.21-150500.55.52.1
* kernel-docs-html-5.14.21-150500.55.52.1
* kernel-devel-5.14.21-150500.55.52.1
* kernel-macros-5.14.21-150500.55.52.1
* kernel-source-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150500.55.52.1
* kernel-debug-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-debug-debuginfo-5.14.21-150500.55.52.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.52.1
* kernel-debug-devel-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-5.14.21-150500.55.52.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.52.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.52.1
* kernel-debug-vdso-5.14.21-150500.55.52.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.52.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.52.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.52.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.52.1
* kernel-kvmsmall-devel-5.14.21-150500.55.52.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-default-base-rebuild-5.14.21-150500.55.52.1.150500.6.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.52.1
* kernel-default-optional-5.14.21-150500.55.52.1
* dlm-kmp-default-5.14.21-150500.55.52.1
* kernel-default-livepatch-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.52.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.52.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-5.14.21-150500.55.52.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.52.1
* kernel-obs-qa-5.14.21-150500.55.52.1
* kernel-obs-build-5.14.21-150500.55.52.1
* kernel-syms-5.14.21-150500.55.52.1
* kernel-default-livepatch-devel-5.14.21-150500.55.52.1
* cluster-md-kmp-default-5.14.21-150500.55.52.1
* ocfs2-kmp-default-5.14.21-150500.55.52.1
* kernel-default-extra-5.14.21-150500.55.52.1
* reiserfs-kmp-default-5.14.21-150500.55.52.1
* kselftests-kmp-default-5.14.21-150500.55.52.1
* kernel-obs-build-debugsource-5.14.21-150500.55.52.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_52-default-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.52.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64)
* kernel-64kb-optional-5.14.21-150500.55.52.1
* dtb-qcom-5.14.21-150500.55.52.1
* dtb-amd-5.14.21-150500.55.52.1
* dtb-altera-5.14.21-150500.55.52.1
* dtb-socionext-5.14.21-150500.55.52.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* dtb-apple-5.14.21-150500.55.52.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-extra-5.14.21-150500.55.52.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* dtb-apm-5.14.21-150500.55.52.1
* dtb-hisilicon-5.14.21-150500.55.52.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.52.1
* dtb-renesas-5.14.21-150500.55.52.1
* dtb-arm-5.14.21-150500.55.52.1
* gfs2-kmp-64kb-5.14.21-150500.55.52.1
* kernel-64kb-devel-5.14.21-150500.55.52.1
* kselftests-kmp-64kb-5.14.21-150500.55.52.1
* dtb-lg-5.14.21-150500.55.52.1
* dlm-kmp-64kb-5.14.21-150500.55.52.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.52.1
* dtb-amlogic-5.14.21-150500.55.52.1
* dtb-amazon-5.14.21-150500.55.52.1
* kernel-64kb-debugsource-5.14.21-150500.55.52.1
* dtb-sprd-5.14.21-150500.55.52.1
* dtb-xilinx-5.14.21-150500.55.52.1
* dtb-cavium-5.14.21-150500.55.52.1
* dtb-nvidia-5.14.21-150500.55.52.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.52.1
* dtb-mediatek-5.14.21-150500.55.52.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.52.1
* dtb-allwinner-5.14.21-150500.55.52.1
* kernel-64kb-debuginfo-5.14.21-150500.55.52.1
* cluster-md-kmp-64kb-5.14.21-150500.55.52.1
* dtb-freescale-5.14.21-150500.55.52.1
* dtb-marvell-5.14.21-150500.55.52.1
* dtb-rockchip-5.14.21-150500.55.52.1
* dtb-broadcom-5.14.21-150500.55.52.1
* ocfs2-kmp-64kb-5.14.21-150500.55.52.1
* reiserfs-kmp-64kb-5.14.21-150500.55.52.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.52.1
* dtb-exynos-5.14.21-150500.55.52.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-devel-5.14.21-150500.55.52.1
* kernel-64kb-debuginfo-5.14.21-150500.55.52.1
* kernel-64kb-debugsource-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.52.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.52.1
* kernel-macros-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.52.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.52.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.52.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.52.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-syms-5.14.21-150500.55.52.1
* kernel-obs-build-5.14.21-150500.55.52.1
* kernel-obs-build-debugsource-5.14.21-150500.55.52.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.52.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150500.55.52.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_11-debugsource-1-150500.11.3.1
* kernel-default-livepatch-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1
* kernel-default-livepatch-devel-5.14.21-150500.55.52.1
* kernel-livepatch-5_14_21-150500_55_52-default-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_52-default-debuginfo-1-150500.11.3.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.52.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.52.1
* cluster-md-kmp-default-5.14.21-150500.55.52.1
* dlm-kmp-default-5.14.21-150500.55.52.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* gfs2-kmp-default-5.14.21-150500.55.52.1
* ocfs2-kmp-default-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.52.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.52.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-5.14.21-150500.55.52.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debuginfo-5.14.21-150500.55.52.1
* kernel-default-debugsource-5.14.21-150500.55.52.1

## References:

* https://www.suse.com/security/cve/CVE-2019-25162.html
* https://www.suse.com/security/cve/CVE-2021-46923.html
* https://www.suse.com/security/cve/CVE-2021-46924.html
* https://www.suse.com/security/cve/CVE-2021-46932.html
* https://www.suse.com/security/cve/CVE-2023-28746.html
* https://www.suse.com/security/cve/CVE-2023-5197.html
* https://www.suse.com/security/cve/CVE-2023-52340.html
* https://www.suse.com/security/cve/CVE-2023-52429.html
* https://www.suse.com/security/cve/CVE-2023-52439.html
* https://www.suse.com/security/cve/CVE-2023-52443.html
* https://www.suse.com/security/cve/CVE-2023-52445.html
* https://www.suse.com/security/cve/CVE-2023-52447.html
* https://www.suse.com/security/cve/CVE-2023-52448.html
* https://www.suse.com/security/cve/CVE-2023-52449.html
* https://www.suse.com/security/cve/CVE-2023-52451.html
* https://www.suse.com/security/cve/CVE-2023-52452.html
* https://www.suse.com/security/cve/CVE-2023-52456.html
* https://www.suse.com/security/cve/CVE-2023-52457.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52464.html
* https://www.suse.com/security/cve/CVE-2023-52475.html
* https://www.suse.com/security/cve/CVE-2023-52478.html
* https://www.suse.com/security/cve/CVE-2023-6817.html
* https://www.suse.com/security/cve/CVE-2024-0607.html
* https://www.suse.com/security/cve/CVE-2024-1151.html
* https://www.suse.com/security/cve/CVE-2024-23849.html
* https://www.suse.com/security/cve/CVE-2024-23850.html
* https://www.suse.com/security/cve/CVE-2024-23851.html
* https://www.suse.com/security/cve/CVE-2024-25744.html
* https://www.suse.com/security/cve/CVE-2024-26585.html
* https://www.suse.com/security/cve/CVE-2024-26586.html
* https://www.suse.com/security/cve/CVE-2024-26589.html
* https://www.suse.com/security/cve/CVE-2024-26591.html
* https://www.suse.com/security/cve/CVE-2024-26593.html
* https://www.suse.com/security/cve/CVE-2024-26595.html
* https://www.suse.com/security/cve/CVE-2024-26598.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26603.html
* https://www.suse.com/security/cve/CVE-2024-26622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1206453
* https://bugzilla.suse.com/show_bug.cgi?id=1209412
* https://bugzilla.suse.com/show_bug.cgi?id=1213456
* https://bugzilla.suse.com/show_bug.cgi?id=1216776
* https://bugzilla.suse.com/show_bug.cgi?id=1217927
* https://bugzilla.suse.com/show_bug.cgi?id=1218195
* https://bugzilla.suse.com/show_bug.cgi?id=1218216
* https://bugzilla.suse.com/show_bug.cgi?id=1218450
* https://bugzilla.suse.com/show_bug.cgi?id=1218527
* https://bugzilla.suse.com/show_bug.cgi?id=1218663
* https://bugzilla.suse.com/show_bug.cgi?id=1218915
* https://bugzilla.suse.com/show_bug.cgi?id=1219126
* https://bugzilla.suse.com/show_bug.cgi?id=1219127
* https://bugzilla.suse.com/show_bug.cgi?id=1219141
* https://bugzilla.suse.com/show_bug.cgi?id=1219146
* https://bugzilla.suse.com/show_bug.cgi?id=1219295
* https://bugzilla.suse.com/show_bug.cgi?id=1219443
* https://bugzilla.suse.com/show_bug.cgi?id=1219653
* https://bugzilla.suse.com/show_bug.cgi?id=1219827
* https://bugzilla.suse.com/show_bug.cgi?id=1219835
* https://bugzilla.suse.com/show_bug.cgi?id=1219839
* https://bugzilla.suse.com/show_bug.cgi?id=1219840
* https://bugzilla.suse.com/show_bug.cgi?id=1219934
* https://bugzilla.suse.com/show_bug.cgi?id=1220003
* https://bugzilla.suse.com/show_bug.cgi?id=1220009
* https://bugzilla.suse.com/show_bug.cgi?id=1220021
* https://bugzilla.suse.com/show_bug.cgi?id=1220030
* https://bugzilla.suse.com/show_bug.cgi?id=1220106
* https://bugzilla.suse.com/show_bug.cgi?id=1220140
* https://bugzilla.suse.com/show_bug.cgi?id=1220187
* https://bugzilla.suse.com/show_bug.cgi?id=1220238
* https://bugzilla.suse.com/show_bug.cgi?id=1220240
* https://bugzilla.suse.com/show_bug.cgi?id=1220241
* https://bugzilla.suse.com/show_bug.cgi?id=1220243
* https://bugzilla.suse.com/show_bug.cgi?id=1220250
* https://bugzilla.suse.com/show_bug.cgi?id=1220251
* https://bugzilla.suse.com/show_bug.cgi?id=1220253
* https://bugzilla.suse.com/show_bug.cgi?id=1220254
* https://bugzilla.suse.com/show_bug.cgi?id=1220255
* https://bugzilla.suse.com/show_bug.cgi?id=1220257
* https://bugzilla.suse.com/show_bug.cgi?id=1220267
* https://bugzilla.suse.com/show_bug.cgi?id=1220277
* https://bugzilla.suse.com/show_bug.cgi?id=1220317
* https://bugzilla.suse.com/show_bug.cgi?id=1220326
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220330
* https://bugzilla.suse.com/show_bug.cgi?id=1220335
* https://bugzilla.suse.com/show_bug.cgi?id=1220344
* https://bugzilla.suse.com/show_bug.cgi?id=1220348
* https://bugzilla.suse.com/show_bug.cgi?id=1220350
* https://bugzilla.suse.com/show_bug.cgi?id=1220364
* https://bugzilla.suse.com/show_bug.cgi?id=1220392
* https://bugzilla.suse.com/show_bug.cgi?id=1220393
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220409
* https://bugzilla.suse.com/show_bug.cgi?id=1220444
* https://bugzilla.suse.com/show_bug.cgi?id=1220457
* https://bugzilla.suse.com/show_bug.cgi?id=1220459
* https://bugzilla.suse.com/show_bug.cgi?id=1220649
* https://bugzilla.suse.com/show_bug.cgi?id=1220796
* https://bugzilla.suse.com/show_bug.cgi?id=1220825
* https://jira.suse.com/browse/PED-7618



SUSE-SU-2024:0834-1: important: Security update for sudo


# Security update for sudo

Announcement ID: SUSE-SU-2024:0834-1
Rating: important
References:

* bsc#1219026
* bsc#1220389

Cross-References:

* CVE-2023-42465

CVSS scores:

* CVE-2023-42465 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42465 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for sudo fixes the following issues:

* CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks
(bsc#1219026).

Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-834=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-834=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-834=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-834=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-834=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-834=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-834=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-834=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* sudo-test-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* sudo-devel-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-1.9.5p2-150300.3.33.1
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-plugin-python-debuginfo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* sudo-debugsource-1.9.5p2-150300.3.33.1
* sudo-debuginfo-1.9.5p2-150300.3.33.1
* sudo-1.9.5p2-150300.3.33.1

## References:

* https://www.suse.com/security/cve/CVE-2023-42465.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219026
* https://bugzilla.suse.com/show_bug.cgi?id=1220389



SUSE-SU-2024:0847-1: important: Security update for java-1_8_0-openjdk


# Security update for java-1_8_0-openjdk

Announcement ID: SUSE-SU-2024:0847-1
Rating: important
References:

* bsc#1218903
* bsc#1218905
* bsc#1218906
* bsc#1218907
* bsc#1218909
* bsc#1218911

Cross-References:

* CVE-2024-20918
* CVE-2024-20919
* CVE-2024-20921
* CVE-2024-20926
* CVE-2024-20945
* CVE-2024-20952

CVSS scores:

* CVE-2024-20918 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-20919 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-20921 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20926 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20945 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-20952 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for java-1_8_0-openjdk fixes the following issues:

* CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack
against TLS (8317547) (bsc#1218911).
* CVE-2024-20921: Fixed range check loop optimization issue (8314307)
(bsc#1218905).
* CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn (8314284)
(bsc#1218906).
* CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified byte
code execution (8314295) (bsc#1218903).
* CVE-2024-20918: Fixed array out-of-bounds access due to missing range check
in C1 compiler (8314468) (bsc#1218907).
* CVE-2024-20945: Fixed logging of digital signature private keys (8316976)
(bsc#1218909).

Update to version jdk8u402 (icedtea-3.30.0).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-847=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-847=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-847=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-847=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-847=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-847=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-847=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-847=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-847=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-847=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-847=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-847=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-accessibility-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-src-1.8.0.402-150000.3.88.1
* openSUSE Leap 15.5 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.402-150000.3.88.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-debugsource-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.402-150000.3.88.1
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.402-150000.3.88.1

## References:

* https://www.suse.com/security/cve/CVE-2024-20918.html
* https://www.suse.com/security/cve/CVE-2024-20919.html
* https://www.suse.com/security/cve/CVE-2024-20921.html
* https://www.suse.com/security/cve/CVE-2024-20926.html
* https://www.suse.com/security/cve/CVE-2024-20945.html
* https://www.suse.com/security/cve/CVE-2024-20952.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218903
* https://bugzilla.suse.com/show_bug.cgi?id=1218905
* https://bugzilla.suse.com/show_bug.cgi?id=1218906
* https://bugzilla.suse.com/show_bug.cgi?id=1218907
* https://bugzilla.suse.com/show_bug.cgi?id=1218909
* https://bugzilla.suse.com/show_bug.cgi?id=1218911



SUSE-SU-2024:0852-1: moderate: Security update for axis


# Security update for axis

Announcement ID: SUSE-SU-2024:0852-1
Rating: moderate
References:

* bsc#1218605

Cross-References:

* CVE-2023-51441

CVSS scores:

* CVE-2023-51441 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-51441 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for axis fixes the following issues:

* CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service
admin HTTP API (bsc#1218605).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-852=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-852=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* axis-1.4-150200.13.9.1
* axis-manual-1.4-150200.13.9.1
* Basesystem Module 15-SP5 (noarch)
* axis-1.4-150200.13.9.1

## References:

* https://www.suse.com/security/cve/CVE-2023-51441.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218605