[SUSE-SU-2023:1892-1] Security update for the Linux Kernel

Severity Important

Affected Packages 1

CVEs 17

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
CVE-2023-28464: Fixed use-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).

The following non-security bugs were fixed:

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
net: ena: optimize data access in fast-path code (bsc#1208137).
PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785).
PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785).
PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785).

Package	Affected Version
pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5	< 5.3.18-150300.124.1

ID

SUSE-SU-2023:1892-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2023/suse-su-20231892-1/

Published

2023-07-06T01:58:50
(14 months ago)

Modified

2023-07-06T01:58:50
(14 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1892-1.json
Suse	URL for SUSE-SU-2023:1892-1	https://www.suse.com/support/update/announcement/2023/suse-su-20231892-1/
Suse	E-Mail link for SUSE-SU-2023:1892-1	https://lists.suse.com/pipermail/sle-updates/2023-April/028848.html
Bugzilla	SUSE Bug 1207168	https://bugzilla.suse.com/1207168
Bugzilla	SUSE Bug 1208137	https://bugzilla.suse.com/1208137
Bugzilla	SUSE Bug 1208598	https://bugzilla.suse.com/1208598
Bugzilla	SUSE Bug 1208601	https://bugzilla.suse.com/1208601
Bugzilla	SUSE Bug 1208787	https://bugzilla.suse.com/1208787
Bugzilla	SUSE Bug 1209052	https://bugzilla.suse.com/1209052
Bugzilla	SUSE Bug 1209256	https://bugzilla.suse.com/1209256
Bugzilla	SUSE Bug 1209288	https://bugzilla.suse.com/1209288
Bugzilla	SUSE Bug 1209289	https://bugzilla.suse.com/1209289
Bugzilla	SUSE Bug 1209290	https://bugzilla.suse.com/1209290
Bugzilla	SUSE Bug 1209291	https://bugzilla.suse.com/1209291
Bugzilla	SUSE Bug 1209366	https://bugzilla.suse.com/1209366
Bugzilla	SUSE Bug 1209532	https://bugzilla.suse.com/1209532
Bugzilla	SUSE Bug 1209547	https://bugzilla.suse.com/1209547
Bugzilla	SUSE Bug 1209549	https://bugzilla.suse.com/1209549
Bugzilla	SUSE Bug 1209634	https://bugzilla.suse.com/1209634
Bugzilla	SUSE Bug 1209635	https://bugzilla.suse.com/1209635
Bugzilla	SUSE Bug 1209636	https://bugzilla.suse.com/1209636
Bugzilla	SUSE Bug 1209778	https://bugzilla.suse.com/1209778
Bugzilla	SUSE Bug 1209785	https://bugzilla.suse.com/1209785
CVE	SUSE CVE CVE-2017-5753 page	https://www.suse.com/security/cve/CVE-2017-5753/
CVE	SUSE CVE CVE-2021-3923 page	https://www.suse.com/security/cve/CVE-2021-3923/
CVE	SUSE CVE CVE-2022-4744 page	https://www.suse.com/security/cve/CVE-2022-4744/
CVE	SUSE CVE CVE-2023-0394 page	https://www.suse.com/security/cve/CVE-2023-0394/
CVE	SUSE CVE CVE-2023-0461 page	https://www.suse.com/security/cve/CVE-2023-0461/
CVE	SUSE CVE CVE-2023-1075 page	https://www.suse.com/security/cve/CVE-2023-1075/
CVE	SUSE CVE CVE-2023-1078 page	https://www.suse.com/security/cve/CVE-2023-1078/
CVE	SUSE CVE CVE-2023-1281 page	https://www.suse.com/security/cve/CVE-2023-1281/
CVE	SUSE CVE CVE-2023-1382 page	https://www.suse.com/security/cve/CVE-2023-1382/
CVE	SUSE CVE CVE-2023-1390 page	https://www.suse.com/security/cve/CVE-2023-1390/
CVE	SUSE CVE CVE-2023-1513 page	https://www.suse.com/security/cve/CVE-2023-1513/
CVE	SUSE CVE CVE-2023-1582 page	https://www.suse.com/security/cve/CVE-2023-1582/
CVE	SUSE CVE CVE-2023-28327 page	https://www.suse.com/security/cve/CVE-2023-28327/
CVE	SUSE CVE CVE-2023-28328 page	https://www.suse.com/security/cve/CVE-2023-28328/
CVE	SUSE CVE CVE-2023-28464 page	https://www.suse.com/security/cve/CVE-2023-28464/
CVE	SUSE CVE CVE-2023-28466 page	https://www.suse.com/security/cve/CVE-2023-28466/
CVE	SUSE CVE CVE-2023-28772 page	https://www.suse.com/security/cve/CVE-2023-28772/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5	suse	kernel-rt	< 5.3.18-150300.124.1	slem-5	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date