Fixes were made to address the following CVEs:

Fixed an issue where a configd crash occurred when the Policies > Security view was updated or refreshed in the web interface.

(VM-Series firewalls on ESXi with Intel E810 NICs using PCI passthrough) Fixed an issue where the brdagent process became unresponsive during data port initialization, which resulted in system instability, interface outages, HA split-brain conditions, and unexpected reboots during failover.

Fixed an issue where the link status of log port 1 and log port 2 were unable to be monitored via SNMP due to the OIDs for the individual ports not being available.

(PA-7500 firewalls only) Fixed an issue where firewall logs were not visible in the Strata Logging Service even though cloud logging was enabled and the firewall was successfully forwarding logs.

Fixed an issue where session rematch did not properly apply updated Security policy rules to existing traffic flows after committing changes, which caused traffic to still be allowed when a new Security policy was set to Deny.

Fixed an issue where the firewall rebooted unexpectedly to the all_task_1 process repeatedly restarting.

Fixed an issue on the web interface where checkboxes for default information originate and ABR in OSPF NSSA configurations were automatically enabled which resulted in unexpected configuration changes.

(PA-7050 firewalls in HA configurations only) Fixed an issue where the firewall reached 100% disk utilization due to the logrcvr process repeatedly restarting and dumping core files due to a blocked hints processing thread, which caused a failover.

(VM-Series firewalls only) Fixed an issue where insufficient i-node space was available on the sysroot0 partition.

Fixed an issue where the dataplane stopped responding when cleaning up expired sessions currently in Advanced Threat Prevention hold mode.

Fixed an issue where the firewall did not match the correct policy for SSL forward decrypted HTTP/2 traffic when upgrading from PAN-OS 10.2.9-h1 to PAN-OS 11.2.3.