[SUSE-SU-2023:1894-1] Security update for the Linux Kernel

Severity Important

CVEs 14

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
CVE-2020-36691: Fixed an issue which could allow attackers to cause a denial of service via a nested Netlink policy with a back reference (bsc#1209613).
CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue led by a type confusion (bsc#1207125).
CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).

The following non-security bugs were fixed:

applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git-fixes)
arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git-fixes)
arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798).
arm64: Do not forget syscall when starting a new thread. (git-fixes)
arm64: Fix compiler warning from pte_unmap() with (git-fixes)
arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes)
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git-fixes)
arm64: kprobe: make page to RO mode when allocate it (git-fixes)
arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes)
arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes)
arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes)
arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes)
arm64: unwind: Prohibit probing on return_address() (git-fixes)
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes)
arm64/alternatives: do not patch up internal branches (git-fixes)
arm64/alternatives: move length validation inside the subsection (git-fixes)
arm64/alternatives: use subsections for replacement sequences (git-fixes)
arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
arm64/mm: fix variable 'pud' set but not used (git-fixes)
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes)
arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes)
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
ima: Fix function name error in comment (git-fixes).
Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes).
ipv4: route: fix inet_rtm_getroute induced crash (git-fixes).
kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes).
kfifo: fix ternary sign extension bugs (git-fixes).
kgdb: Drop malformed kernel doc comment (git-fixes).
KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes).
net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
ntp: Limit TAI-UTC offset (git-fixes)
PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes).
PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
PCI: aardvark: Do not touch PCIe registers if no card connected (git-fixes).
PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (git-fixes).
PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
PCI: aardvark: Improve link training (git-fixes).
PCI: aardvark: Indicate error in 'val' when config read fails (git-fixes).
PCI: aardvark: Introduce an advk_pcie_valid_device() helper (git-fixes).
PCI: aardvark: Remove PCIe outbound window configuration (git-fixes).
PCI: aardvark: Train link immediately after enabling training (git-fixes).
PCI: aardvark: Wait for endpoint to be ready before training link (git-fixes).
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes).
PCI: Add ACS quirk for iProc PAXB (git-fixes).
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
PCI: endpoint: Cast the page number to phys_addr_t (git-fixes).
PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes).
PCI: hv: Add a per-bus mutex state_lock (bsc#1207001).
PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207001).
PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207001).
PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207001).
PCI: Make ACS quirk implementations more uniform (git-fixes).
PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
PCI: PM: Avoid skipping bus-level PM on platforms without ACPI (git-fixes).
PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
PCI: tegra: Fix OF node reference leak (git-fixes).
PCI: Unify ACS quirk desired vs provided checking (git-fixes).
PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
PCI/MSI: Mask all unused MSI-X entries (git-fixes).
PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
PCI/PM: Always return devices to D0 when thawing (git-fixes).
PCI/PM: Avoid using device_may_wakeup() for runtime PM (git-fixes).
PM: hibernate: flush swap writer after marking (git-fixes).
powerpc/btext: add missing of_node_put (bsc#1065729).
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1065729).
ppc64le: HWPOISON_INJECT=m (bsc#1209572).
ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1199837).
scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
SUNRPC: Fix a server shutdown leak (git-fixes).
timekeeping: Prevent 32bit truncation in (git-fixes)
timers: Clear timer_base::must_forward_clk with (bsc#1207890)
timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze() (git-fixes).
tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
uprobes/x86: Fix detection of 32-bit user mode (git-fixes).
usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
usb: dwc3: exynos: Fix remove() function (git-fixes).
usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
x86, boot: Remove multiple copy of static function sanitize_boot_params() (git-fixes).
x86/apic: Add name to irq chip (bsc#1206010).
x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191).
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines (git-fixes).
x86/apic: Handle missing global clockevent gracefully (git-fixes bsc#1142926).
x86/apic: Soft disable APIC before initializing it (git-fixes).
x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes).
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c (git-fixes).
x86/decoder: Add TEST opcode to Group3-2 (git-fixes).
x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes).
x86/ioapic: Force affinity setup before startup (bsc#1193231).
x86/ioapic: Prevent inconsistent state when moving an interrupt (git-fixes).
x86/irq/64: Limit IST stack overflow check to #DB stack (git-fixes).
x86/lib/cpu: Address missing prototypes warning (git-fixes).
x86/mce: Lower throttling MCE messages' priority to warning (git-fixes).
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() (git-fixes).
x86/mm: Use the correct function type for native_set_fixmap() (git-fixes).
x86/paravirt: Fix callee-saved function ELF sizes (git-fixes).
x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes).
x86/power: Fix 'nosmt' vs hibernation triple fault during resume (git-fixes).
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails (git-fixes).
x86/stacktrace: Prevent infinite loop in arch_stack_walk_user() (git-fixes).
x86/sysfb: Fix check for bad VRAM size (git-fixes).
x86/uaccess, signal: Fix AC=1 bloat (git-fixes).
x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001 jsc#ECO-3191).
x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
xen/netfront: enable device after manual module load (git-fixes).
xen/netfront: Fix mismatched rtnl_unlock (git-fixes).
xen/netfront: Fix NULL sring after live migration (git-fixes).
xen/netfront: fix potential deadlock in xennet_remove() (git-fixes).
xen/netfront: Fix race between device setup and open (git-fixes).
xen/netfront: Update features after registering netdev (git-fixes).
xen/netfront: wait xenbus state change when load module manually (git-fixes).
xen/netfront: fix waiting for xenbus state change (git-fixes).
xen/netfront: stop tx queues during live migration (git-fixes).
xen/platform-pci: add missing free_irq() in error path (git-fixes).

ID

SUSE-SU-2023:1894-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2023/suse-su-20231894-1/

Published

2023-04-18T09:36:06
(17 months ago)

Modified

2023-04-18T09:36:06
(17 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1894-1.json
Suse	URL for SUSE-SU-2023:1894-1	https://www.suse.com/support/update/announcement/2023/suse-su-20231894-1/
Suse	E-Mail link for SUSE-SU-2023:1894-1	https://lists.suse.com/pipermail/sle-updates/2023-April/028846.html
Bugzilla	SUSE Bug 1065729	https://bugzilla.suse.com/1065729
Bugzilla	SUSE Bug 1109158	https://bugzilla.suse.com/1109158
Bugzilla	SUSE Bug 1142926	https://bugzilla.suse.com/1142926
Bugzilla	SUSE Bug 1181001	https://bugzilla.suse.com/1181001
Bugzilla	SUSE Bug 1193231	https://bugzilla.suse.com/1193231
Bugzilla	SUSE Bug 1199837	https://bugzilla.suse.com/1199837
Bugzilla	SUSE Bug 1203693	https://bugzilla.suse.com/1203693
Bugzilla	SUSE Bug 1206010	https://bugzilla.suse.com/1206010
Bugzilla	SUSE Bug 1207001	https://bugzilla.suse.com/1207001
Bugzilla	SUSE Bug 1207125	https://bugzilla.suse.com/1207125
Bugzilla	SUSE Bug 1207890	https://bugzilla.suse.com/1207890
Bugzilla	SUSE Bug 1208048	https://bugzilla.suse.com/1208048
Bugzilla	SUSE Bug 1208599	https://bugzilla.suse.com/1208599
Bugzilla	SUSE Bug 1208777	https://bugzilla.suse.com/1208777
Bugzilla	SUSE Bug 1208850	https://bugzilla.suse.com/1208850
Bugzilla	SUSE Bug 1209052	https://bugzilla.suse.com/1209052
Bugzilla	SUSE Bug 1209118	https://bugzilla.suse.com/1209118
Bugzilla	SUSE Bug 1209126	https://bugzilla.suse.com/1209126
Bugzilla	SUSE Bug 1209256	https://bugzilla.suse.com/1209256
Bugzilla	SUSE Bug 1209289	https://bugzilla.suse.com/1209289
Bugzilla	SUSE Bug 1209291	https://bugzilla.suse.com/1209291
Bugzilla	SUSE Bug 1209292	https://bugzilla.suse.com/1209292
Bugzilla	SUSE Bug 1209532	https://bugzilla.suse.com/1209532
Bugzilla	SUSE Bug 1209547	https://bugzilla.suse.com/1209547
Bugzilla	SUSE Bug 1209549	https://bugzilla.suse.com/1209549
Bugzilla	SUSE Bug 1209556	https://bugzilla.suse.com/1209556
Bugzilla	SUSE Bug 1209572	https://bugzilla.suse.com/1209572
Bugzilla	SUSE Bug 1209613	https://bugzilla.suse.com/1209613
Bugzilla	SUSE Bug 1209634	https://bugzilla.suse.com/1209634
Bugzilla	SUSE Bug 1209684	https://bugzilla.suse.com/1209684
Bugzilla	SUSE Bug 1209687	https://bugzilla.suse.com/1209687
Bugzilla	SUSE Bug 1209777	https://bugzilla.suse.com/1209777
Bugzilla	SUSE Bug 1209778	https://bugzilla.suse.com/1209778
Bugzilla	SUSE Bug 1209798	https://bugzilla.suse.com/1209798
CVE	SUSE CVE CVE-2017-5753 page	https://www.suse.com/security/cve/CVE-2017-5753/
CVE	SUSE CVE CVE-2020-36691 page	https://www.suse.com/security/cve/CVE-2020-36691/
CVE	SUSE CVE CVE-2021-3923 page	https://www.suse.com/security/cve/CVE-2021-3923/
CVE	SUSE CVE CVE-2022-20567 page	https://www.suse.com/security/cve/CVE-2022-20567/
CVE	SUSE CVE CVE-2023-1076 page	https://www.suse.com/security/cve/CVE-2023-1076/
CVE	SUSE CVE CVE-2023-1095 page	https://www.suse.com/security/cve/CVE-2023-1095/
CVE	SUSE CVE CVE-2023-1281 page	https://www.suse.com/security/cve/CVE-2023-1281/
CVE	SUSE CVE CVE-2023-1390 page	https://www.suse.com/security/cve/CVE-2023-1390/
CVE	SUSE CVE CVE-2023-1513 page	https://www.suse.com/security/cve/CVE-2023-1513/
CVE	SUSE CVE CVE-2023-1611 page	https://www.suse.com/security/cve/CVE-2023-1611/
CVE	SUSE CVE CVE-2023-23455 page	https://www.suse.com/security/cve/CVE-2023-23455/
CVE	SUSE CVE CVE-2023-28328 page	https://www.suse.com/security/cve/CVE-2023-28328/
CVE	SUSE CVE CVE-2023-28464 page	https://www.suse.com/security/cve/CVE-2023-28464/
CVE	SUSE CVE CVE-2023-28772 page	https://www.suse.com/security/cve/CVE-2023-28772/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date