The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

• CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
  net/sched/sch_atm.c because of type confusion (non-negative numbers can
  sometimes indicate a TC_ACT_SHOT condition rather than valid
  classification results) (bsc#1207125).
• CVE-2023-23454: Fixed denial or service in cbq_classify in
  net/sched/sch_cbq.c (bnc#1207036).
• CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
• CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
  package. SNDRV_CTL_IOCTL_ELEM_ {READ|WRITE}

  32 was missing locks that
  could have been used in a use-after-free that could have resulted in a
  priviledge escalation to gain ring0 access from the system user
  (bsc#1207134).

• CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header
  bits (bsc#1207034).
• CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in
  nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth
  Denial of Service (DoS) attack on a remote machine (bnc#1207050).
• CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race
  condition among the superblock operations inside the gadgetfs code
  (bsc#1206258).
• CVE-2020-24588: Fixed injection of arbitrary network packets against
  devices that support receiving non-SSP A-MSDU frames (which is mandatory
  as part of 802.11n) (bsc#1199701).

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013801.html