[SUSE-SU-2023:4058-1] Security update for the Linux Kernel

Severity Important

Affected Packages 27

CVEs 18

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation (bsc#1215899).
CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (bsc#1214022).
CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).

The following non-security bugs were fixed:

ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
ARM: pxa: remove use of symbol_get() (git-fixes).
ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
ASoC: meson: spdifin: start hw on dai probe (git-fixes).
ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
ASoC: rt5640: Fix sleep in atomic context (git-fixes).
ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
Drop amdgpu patch causing spamming (bsc#1215523).
Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
NFS: Guard against XXXXXXX loop when entry names exceed MAXNAMELEN (git-fixes).
NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
PCI: Free released resource after coalescing (git-fixes).
RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (git-fixes).
Revert 'scsi: qla2xxx: Fix buffer overrun' (bsc#1214928).
SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
arm64: module-plts: inline linux/moduleloader.h (git-fixes)
arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
arm64: sdei: abort running SDEI handlers during crash (git-fixes)
arm64: tegra: Update AHUB clock parent and rate (git-fixes)
ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)
blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
bpf: Clear the probe_addr for uprobe (git-fixes).
btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
drm/amd/display: Add smu write msg id fail retry process (git-fixes).
drm/amd/display: Remove wait while locked (git-fixes).
drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
drm/amd/display: prevent potential division by zero errors (git-fixes).
drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes).
drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
ext4: Remove ext4 locking of moved directory (bsc#1214957).
ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
fs: Establish locking order for unrelated directories (bsc#1214958).
fs: Lock moved directories (bsc#1214959).
fs: do not update freeing inode i_io_list (bsc#1214813).
fs: lockd: avoid possible wrong NULL parameter (git-fixes).
fs: no need to check source (bsc#1215752).
fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
gve: Changes to add new TX queues (bsc#1214479).
gve: Control path for DQO-QPL (bsc#1214479).
gve: Fix gve interrupt names (bsc#1214479).
gve: RX path for DQO-QPL (bsc#1214479).
gve: Tx path for DQO-QPL (bsc#1214479).
gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
gve: fix frag_list chaining (bsc#1214479).
gve: trivial spell fix Recive to Receive (bsc#1214479).
gve: use vmalloc_array and vcalloc (bsc#1214479).
hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
hwrng: virtio - add an internal buffer (git-fixes).
hwrng: virtio - always add a pending request (git-fixes).
hwrng: virtio - do not wait on cleanup (git-fixes).
hwrng: virtio - do not waste entropy (git-fixes).
i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
iommu/virtio: Detach domain on endpoint release (git-fixes).
iommu/virtio: Return size mapped for a detached domain (git-fixes).
jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
jbd2: correct the end of the journal recovery scan range (bsc#1214955).
jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
jbd2: remove t_checkpoint_io_list (bsc#1214946).
jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
kabi/severities: ignore mlx4 internal symbols
s390/ipl: add support for List-Directed dump from ECKD DASD (jsc#PED-2023, jsc#PED-2025).
kconfig: fix possible buffer overflow (git-fixes).
kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
loop: Fix use-after-free issues (bsc#1214991).
loop: loop_set_status_from_info() check before assignment (bsc#1214990).
mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
mlx4: Delete custom device management logic (bsc#1187236).
mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
mlx4: Move the bond work to the core driver (bsc#1187236).
mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
module: Expose module_init_layout_section() (git-fixes)
net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
net: mana: Add page pool for RX buffers (bsc#1214040).
net: mana: Configure hwc timeout from hardware (bsc#1214037).
net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
nfs/blocklayout: Use the passed in gfp flags (git-fixes).
nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
ntb: Clean up tx tail index on link down (git-fixes).
ntb: Drop packets when qp link is down (git-fixes).
ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
pNFS: Fix assignment of xprtdata.cred (git-fixes).
platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
quota: add new helper dquot_active() (bsc#1214998).
quota: factor out dquot_write_dquot() (bsc#1214995).
quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
quota: fix warning in dqgrab() (bsc#1214962).
quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
s390/dasd: fix hanging device after request requeue (git-fixes bsc#1215124).
s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
s390: add z16 elf platform (git-fixes bsc#1215956, bsc#1215957).
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
scsi: 53c700: Check that command slot is not NULL (git-fixes).
scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
scsi: qedf: Fix NULL dereference in error handling (git-fixes).
scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
scsi: qla2xxx: Remove unused declarations (bsc#1214928).
scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
scsi: scsi_debug: Remove dead code (git-fixes).
scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
scsi: storvsc: Handle additional SRB status values (git-fixes).
scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
spi: Add TPM HW flow flag (bsc#1213534)
spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
spi: tegra210-quad: set half duplex flag (bsc#1213534)
tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
tpm_tis_spi: Add hardware wait polling (bsc#1213534)
tracing: Fix race issue between cpu buffer write and swap (git-fixes).
tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
udf: Fix extension of the last extent in the file (bsc#1214964).
udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
udf: Fix uninitialized array access for some pathnames (bsc#1214967).
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
usb: typec: tcpci: clear the fault status bit (git-fixes).
usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
vhost-scsi: unbreak any layout for response (git-fixes).
vhost: allow batching hint without size (git-fixes).
vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
vhost: handle error while adding split ranges to iotlb (git-fixes).
vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
virtio-net: fix race between set queues and probe (git-fixes).
virtio-net: set queues after driver_ok (git-fixes).
virtio-rng: make device ready before making request (git-fixes).
virtio: acknowledge all features before access (git-fixes).
virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
virtio_net: add checking sq is full inside xdp xmit (git-fixes).
virtio_net: reorder some funcs (git-fixes).
virtio_net: separate the logic of checking whether sq is full (git-fixes).
virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
x86/alternative: Fix race in try_get_desc() (git-fixes).
x86/boot/e820: Fix typo in e820.c comment (git-fixes).
x86/bugs: Reset speculation control settings on init (git-fixes).
x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
x86/coco: Export cc_vendor (bsc#1206453).
x86/cpu: Add Lunar Lake M (git-fixes).
x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
x86/mce: Retrieve poison range from hardware (git-fixes).
x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
x86/purgatory: remove PGO flags (git-fixes).
x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
x86/resctl: fix scheduler confusion with 'current' (git-fixes).
x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
x86/rtc: Remove __init for runtime functions (git-fixes).
x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
x86/sgx: Reduce delay and interference of enclave release (git-fixes).
x86/srso: Do not probe microcode in a guest (git-fixes).
x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
x86/srso: Fix srso_show_state() side effect (git-fixes).
x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
xprtrdma: Remap Receive buffers after a reconnect (git-fixes).

Package	Affected Version
pkg:rpm/suse/reiserfs-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/reiserfs-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/ocfs2-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/ocfs2-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kselftests-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kselftests-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-syms-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-vdso?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-optional?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-optional?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-livepatch-devel?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-livepatch-devel?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-extra?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-extra?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/kernel-azure-devel?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/gfs2-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/gfs2-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/dlm-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/dlm-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/cluster-md-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1
pkg:rpm/suse/cluster-md-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	< 5.14.21-150500.33.20.1

ID

SUSE-SU-2023:4058-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2023/suse-su-20234058-1/

Published

2023-10-12T08:00:01
(11 months ago)

Modified

2023-10-12T08:00:01
(11 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4058-1.json
Suse	URL for SUSE-SU-2023:4058-1	https://www.suse.com/support/update/announcement/2023/suse-su-20234058-1/
Suse	E-Mail link for SUSE-SU-2023:4058-1	https://lists.suse.com/pipermail/sle-security-updates/2023-October/016647.html
Bugzilla	SUSE Bug 1065729	https://bugzilla.suse.com/1065729
Bugzilla	SUSE Bug 1152472	https://bugzilla.suse.com/1152472
Bugzilla	SUSE Bug 1187236	https://bugzilla.suse.com/1187236
Bugzilla	SUSE Bug 1201284	https://bugzilla.suse.com/1201284
Bugzilla	SUSE Bug 1202845	https://bugzilla.suse.com/1202845
Bugzilla	SUSE Bug 1206453	https://bugzilla.suse.com/1206453
Bugzilla	SUSE Bug 1208995	https://bugzilla.suse.com/1208995
Bugzilla	SUSE Bug 1210169	https://bugzilla.suse.com/1210169
Bugzilla	SUSE Bug 1210643	https://bugzilla.suse.com/1210643
Bugzilla	SUSE Bug 1210658	https://bugzilla.suse.com/1210658
Bugzilla	SUSE Bug 1212639	https://bugzilla.suse.com/1212639
Bugzilla	SUSE Bug 1212703	https://bugzilla.suse.com/1212703
Bugzilla	SUSE Bug 1213123	https://bugzilla.suse.com/1213123
Bugzilla	SUSE Bug 1213534	https://bugzilla.suse.com/1213534
Bugzilla	SUSE Bug 1213808	https://bugzilla.suse.com/1213808
Bugzilla	SUSE Bug 1214022	https://bugzilla.suse.com/1214022
Bugzilla	SUSE Bug 1214037	https://bugzilla.suse.com/1214037
Bugzilla	SUSE Bug 1214040	https://bugzilla.suse.com/1214040
Bugzilla	SUSE Bug 1214233	https://bugzilla.suse.com/1214233
Bugzilla	SUSE Bug 1214351	https://bugzilla.suse.com/1214351
Bugzilla	SUSE Bug 1214479	https://bugzilla.suse.com/1214479
Bugzilla	SUSE Bug 1214543	https://bugzilla.suse.com/1214543
Bugzilla	SUSE Bug 1214635	https://bugzilla.suse.com/1214635
Bugzilla	SUSE Bug 1214813	https://bugzilla.suse.com/1214813
Bugzilla	SUSE Bug 1214873	https://bugzilla.suse.com/1214873
Bugzilla	SUSE Bug 1214928	https://bugzilla.suse.com/1214928
Bugzilla	SUSE Bug 1214940	https://bugzilla.suse.com/1214940
Bugzilla	SUSE Bug 1214941	https://bugzilla.suse.com/1214941
Bugzilla	SUSE Bug 1214942	https://bugzilla.suse.com/1214942
Bugzilla	SUSE Bug 1214943	https://bugzilla.suse.com/1214943
Bugzilla	SUSE Bug 1214944	https://bugzilla.suse.com/1214944
Bugzilla	SUSE Bug 1214945	https://bugzilla.suse.com/1214945
Bugzilla	SUSE Bug 1214946	https://bugzilla.suse.com/1214946
Bugzilla	SUSE Bug 1214947	https://bugzilla.suse.com/1214947
Bugzilla	SUSE Bug 1214948	https://bugzilla.suse.com/1214948
Bugzilla	SUSE Bug 1214949	https://bugzilla.suse.com/1214949
Bugzilla	SUSE Bug 1214950	https://bugzilla.suse.com/1214950
Bugzilla	SUSE Bug 1214951	https://bugzilla.suse.com/1214951
Bugzilla	SUSE Bug 1214952	https://bugzilla.suse.com/1214952
Bugzilla	SUSE Bug 1214953	https://bugzilla.suse.com/1214953
Bugzilla	SUSE Bug 1214954	https://bugzilla.suse.com/1214954
Bugzilla	SUSE Bug 1214955	https://bugzilla.suse.com/1214955
Bugzilla	SUSE Bug 1214957	https://bugzilla.suse.com/1214957
Bugzilla	SUSE Bug 1214958	https://bugzilla.suse.com/1214958
Bugzilla	SUSE Bug 1214959	https://bugzilla.suse.com/1214959
Bugzilla	SUSE Bug 1214961	https://bugzilla.suse.com/1214961
Bugzilla	SUSE Bug 1214962	https://bugzilla.suse.com/1214962
Bugzilla	SUSE Bug 1214963	https://bugzilla.suse.com/1214963
Bugzilla	SUSE Bug 1214964	https://bugzilla.suse.com/1214964
Bugzilla	SUSE Bug 1214965	https://bugzilla.suse.com/1214965
Bugzilla	SUSE Bug 1214966	https://bugzilla.suse.com/1214966
Bugzilla	SUSE Bug 1214967	https://bugzilla.suse.com/1214967
Bugzilla	SUSE Bug 1214986	https://bugzilla.suse.com/1214986
Bugzilla	SUSE Bug 1214988	https://bugzilla.suse.com/1214988
Bugzilla	SUSE Bug 1214990	https://bugzilla.suse.com/1214990
Bugzilla	SUSE Bug 1214991	https://bugzilla.suse.com/1214991
Bugzilla	SUSE Bug 1214992	https://bugzilla.suse.com/1214992
Bugzilla	SUSE Bug 1214993	https://bugzilla.suse.com/1214993
Bugzilla	SUSE Bug 1214995	https://bugzilla.suse.com/1214995
Bugzilla	SUSE Bug 1214997	https://bugzilla.suse.com/1214997
Bugzilla	SUSE Bug 1214998	https://bugzilla.suse.com/1214998
Bugzilla	SUSE Bug 1215115	https://bugzilla.suse.com/1215115
Bugzilla	SUSE Bug 1215117	https://bugzilla.suse.com/1215117
Bugzilla	SUSE Bug 1215123	https://bugzilla.suse.com/1215123
Bugzilla	SUSE Bug 1215124	https://bugzilla.suse.com/1215124
Bugzilla	SUSE Bug 1215148	https://bugzilla.suse.com/1215148
Bugzilla	SUSE Bug 1215150	https://bugzilla.suse.com/1215150
Bugzilla	SUSE Bug 1215221	https://bugzilla.suse.com/1215221
Bugzilla	SUSE Bug 1215275	https://bugzilla.suse.com/1215275
Bugzilla	SUSE Bug 1215322	https://bugzilla.suse.com/1215322
Bugzilla	SUSE Bug 1215467	https://bugzilla.suse.com/1215467
Bugzilla	SUSE Bug 1215523	https://bugzilla.suse.com/1215523
Bugzilla	SUSE Bug 1215581	https://bugzilla.suse.com/1215581
Bugzilla	SUSE Bug 1215752	https://bugzilla.suse.com/1215752
Bugzilla	SUSE Bug 1215858	https://bugzilla.suse.com/1215858
Bugzilla	SUSE Bug 1215860	https://bugzilla.suse.com/1215860
Bugzilla	SUSE Bug 1215861	https://bugzilla.suse.com/1215861
Bugzilla	SUSE Bug 1215875	https://bugzilla.suse.com/1215875
Bugzilla	SUSE Bug 1215877	https://bugzilla.suse.com/1215877
Bugzilla	SUSE Bug 1215894	https://bugzilla.suse.com/1215894
Bugzilla	SUSE Bug 1215895	https://bugzilla.suse.com/1215895
Bugzilla	SUSE Bug 1215896	https://bugzilla.suse.com/1215896
Bugzilla	SUSE Bug 1215899	https://bugzilla.suse.com/1215899
Bugzilla	SUSE Bug 1215911	https://bugzilla.suse.com/1215911
Bugzilla	SUSE Bug 1215915	https://bugzilla.suse.com/1215915
Bugzilla	SUSE Bug 1215916	https://bugzilla.suse.com/1215916
Bugzilla	SUSE Bug 1215941	https://bugzilla.suse.com/1215941
Bugzilla	SUSE Bug 1215956	https://bugzilla.suse.com/1215956
Bugzilla	SUSE Bug 1215957	https://bugzilla.suse.com/1215957
CVE	SUSE CVE CVE-2023-1192 page	https://www.suse.com/security/cve/CVE-2023-1192/
CVE	SUSE CVE CVE-2023-1206 page	https://www.suse.com/security/cve/CVE-2023-1206/
CVE	SUSE CVE CVE-2023-1859 page	https://www.suse.com/security/cve/CVE-2023-1859/
CVE	SUSE CVE CVE-2023-2177 page	https://www.suse.com/security/cve/CVE-2023-2177/
CVE	SUSE CVE CVE-2023-37453 page	https://www.suse.com/security/cve/CVE-2023-37453/
CVE	SUSE CVE CVE-2023-39192 page	https://www.suse.com/security/cve/CVE-2023-39192/
CVE	SUSE CVE CVE-2023-39193 page	https://www.suse.com/security/cve/CVE-2023-39193/
CVE	SUSE CVE CVE-2023-39194 page	https://www.suse.com/security/cve/CVE-2023-39194/
CVE	SUSE CVE CVE-2023-40283 page	https://www.suse.com/security/cve/CVE-2023-40283/
CVE	SUSE CVE CVE-2023-4155 page	https://www.suse.com/security/cve/CVE-2023-4155/
CVE	SUSE CVE CVE-2023-42753 page	https://www.suse.com/security/cve/CVE-2023-42753/
CVE	SUSE CVE CVE-2023-42754 page	https://www.suse.com/security/cve/CVE-2023-42754/
CVE	SUSE CVE CVE-2023-4389 page	https://www.suse.com/security/cve/CVE-2023-4389/
CVE	SUSE CVE CVE-2023-4622 page	https://www.suse.com/security/cve/CVE-2023-4622/
CVE	SUSE CVE CVE-2023-4623 page	https://www.suse.com/security/cve/CVE-2023-4623/
CVE	SUSE CVE CVE-2023-4881 page	https://www.suse.com/security/cve/CVE-2023-4881/
CVE	SUSE CVE CVE-2023-4921 page	https://www.suse.com/security/cve/CVE-2023-4921/
CVE	SUSE CVE CVE-2023-5345 page	https://www.suse.com/security/cve/CVE-2023-5345/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/reiserfs-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	reiserfs-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/reiserfs-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	reiserfs-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/ocfs2-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	ocfs2-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/ocfs2-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	ocfs2-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kselftests-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	kselftests-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kselftests-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	kselftests-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-syms-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-syms-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	kernel-syms-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=opensuse-leap-15.5	suse	kernel-source-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	noarch
Affected	pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=opensuse-leap-15.5	suse	kernel-devel-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	noarch
Affected	pkg:rpm/suse/kernel-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	kernel-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kernel-azure-vdso?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-azure-vdso	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-azure-optional?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-azure-optional	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-azure-optional?arch=aarch64&distro=opensuse-leap-15.5	suse	kernel-azure-optional	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kernel-azure-livepatch-devel?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-azure-livepatch-devel	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-azure-livepatch-devel?arch=aarch64&distro=opensuse-leap-15.5	suse	kernel-azure-livepatch-devel	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kernel-azure-extra?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-azure-extra	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-azure-extra?arch=aarch64&distro=opensuse-leap-15.5	suse	kernel-azure-extra	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=opensuse-leap-15.5	suse	kernel-azure-devel	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/kernel-azure-devel?arch=aarch64&distro=opensuse-leap-15.5	suse	kernel-azure-devel	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/gfs2-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	gfs2-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/gfs2-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	gfs2-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/dlm-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	dlm-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/dlm-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	dlm-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64
Affected	pkg:rpm/suse/cluster-md-kmp-azure?arch=x86_64&distro=opensuse-leap-15.5	suse	cluster-md-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	x86_64
Affected	pkg:rpm/suse/cluster-md-kmp-azure?arch=aarch64&distro=opensuse-leap-15.5	suse	cluster-md-kmp-azure	< 5.14.21-150500.33.20.1	opensuse-leap-15.5	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date