The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- Reverted 'constraints: increase disk space for all architectures' (bsc#1203693).
- HID: betop: check shape of output reports (bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186).
- HID: check empty report_list in hid_validate_values() (bsc#1206784).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).