[SUSE-SU-2023:2859-1] Security update for the Linux Kernel
Severity
Important
Affected Packages
43
CVEs
13
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
The following non-security bugs were fixed:
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Generalize kernel-doc build requirements.
- Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
- Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore
- Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE.
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- ID
- SUSE-SU-2023:2859-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20232859-1/
- Published
-
2023-07-17T14:44:05
(14 months ago) - Modified
-
2023-07-17T14:44:05
(14 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2024-1942
-
ALAS2-2023-1987
-
ALAS2-2023-2027
-
ALAS2-2023-2100
-
ALAS2-2024-2588
-
ALSA-2023:3723
-
ALSA-2023:4377
-
ALSA-2023:5244
-
ALSA-2023:7077
-
DSA-5448-1
-
DSA-5480-1
-
ELSA-2023-12565
-
ELSA-2023-12566
-
ELSA-2023-12688
-
ELSA-2023-13043
-
ELSA-2023-3723
-
ELSA-2023-4377
-
ELSA-2023-4819
-
ELSA-2023-5244
-
ELSA-2023-6583
-
ELSA-2023-7077
-
ELSA-2024-12110
-
ELSA-2024-12150
-
ELSA-2024-2004
-
MS:CVE-2023-3090
-
MS:CVE-2023-3358
-
RHSA-2023:3708
-
RHSA-2023:3723
-
RHSA-2023:4377
-
RHSA-2023:4378
-
RHSA-2023:4380
-
RHSA-2023:4819
-
RHSA-2023:4821
-
RHSA-2023:4834
-
RHSA-2023:5221
-
RHSA-2023:5244
-
RHSA-2023:5255
-
RHSA-2023:6901
-
RHSA-2023:7077
-
RHSA-2024:2003
-
RHSA-2024:2004
-
RLSA-2023:5244
-
SSA:2023-172-02
-
SSA:2023-325-01
-
SUSE-SU-2023:2500-1
-
SUSE-SU-2023:2534-1
-
SUSE-SU-2023:2646-1
-
SUSE-SU-2023:2653-1
-
SUSE-SU-2023:2782-1
-
SUSE-SU-2023:2803-1
-
SUSE-SU-2023:2804-1
-
SUSE-SU-2023:2805-1
-
SUSE-SU-2023:2808-1
-
SUSE-SU-2023:2809-1
-
SUSE-SU-2023:2810-1
-
SUSE-SU-2023:2820-1
-
SUSE-SU-2023:2822-1
-
SUSE-SU-2023:2830-1
-
SUSE-SU-2023:2831-1
-
SUSE-SU-2023:2834-1
-
SUSE-SU-2023:2871-1
-
SUSE-SU-2023:2892-1
-
SUSE-SU-2023:3035-1
-
SUSE-SU-2023:3036-1
-
SUSE-SU-2023:3041-1
-
SUSE-SU-2023:3046-1
-
SUSE-SU-2023:3055-1
-
SUSE-SU-2023:3063-1
-
SUSE-SU-2023:3069-1
-
SUSE-SU-2023:3073-1
-
SUSE-SU-2023:3075-1
-
SUSE-SU-2023:3076-1
-
SUSE-SU-2023:3079-1
-
SUSE-SU-2023:3081-1
-
SUSE-SU-2023:3083-1
-
SUSE-SU-2023:3104-1
-
SUSE-SU-2023:3107-1
-
SUSE-SU-2023:3111-1
-
SUSE-SU-2023:3115-1
-
SUSE-SU-2023:3116-1
-
SUSE-SU-2023:3153-1
-
SUSE-SU-2023:3302-1
-
SUSE-SU-2023:3311-1
-
SUSE-SU-2023:3313-1
-
SUSE-SU-2023:3318-1
-
SUSE-SU-2023:3324-1
-
SUSE-SU-2023:3333-1
-
SUSE-SU-2023:3376-1
-
SUSE-SU-2023:3377-1
-
SUSE-SU-2023:3566-1
-
SUSE-SU-2023:3571-1
-
SUSE-SU-2023:3576-1
-
SUSE-SU-2023:3582-1
-
SUSE-SU-2023:3585-1
-
SUSE-SU-2023:3592-1
-
SUSE-SU-2023:3594-1
-
SUSE-SU-2023:3595-1
-
SUSE-SU-2023:3596-1
-
SUSE-SU-2023:3603-1
-
SUSE-SU-2023:3607-1
-
SUSE-SU-2023:3612-1
-
SUSE-SU-2023:3620-1
-
SUSE-SU-2023:3621-1
-
SUSE-SU-2023:3623-1
-
SUSE-SU-2023:3627-1
-
SUSE-SU-2023:3628-1
-
SUSE-SU-2023:3629-1
-
SUSE-SU-2023:3630-1
-
SUSE-SU-2023:3631-1
-
SUSE-SU-2023:3644-1
-
SUSE-SU-2023:3647-1
-
SUSE-SU-2023:3648-1
-
SUSE-SU-2023:3657-1
-
SUSE-SU-2023:3668-1
-
SUSE-SU-2023:3671-1
-
SUSE-SU-2023:3675-1
-
SUSE-SU-2023:3676-1
-
SUSE-SU-2023:4028-1
-
USN-6033-1
-
USN-6171-1
-
USN-6172-1
-
USN-6173-1
-
USN-6185-1
-
USN-6187-1
-
USN-6192-1
-
USN-6193-1
-
USN-6194-1
-
USN-6205-1
-
USN-6206-1
-
USN-6207-1
-
USN-6212-1
-
USN-6220-1
-
USN-6222-1
-
USN-6223-1
-
USN-6231-1
-
USN-6234-1
-
USN-6235-1
-
USN-6246-1
-
USN-6250-1
-
USN-6251-1
-
USN-6252-1
-
USN-6254-1
-
USN-6255-1
-
USN-6256-1
-
USN-6260-1
-
USN-6261-1
-
USN-6283-1
-
USN-6284-1
-
USN-6300-1
-
USN-6301-1
-
USN-6311-1
-
USN-6312-1
-
USN-6314-1
-
USN-6331-1
-
USN-6332-1
-
USN-6337-1
-
USN-6340-1
-
USN-6340-2
-
USN-6341-1
-
USN-6347-1
-
USN-6349-1
-
USN-6357-1
-
USN-6385-1
-
USN-6397-1
-
USN-6701-1
-
USN-6701-2
-
USN-6701-3
-
USN-6701-4
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15&sp=3 | suse |
 reiserfs-kmp-default
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15&sp=3 | suse |
reiserfs-kmp-default
|
< 5.3.18-150300.59.127.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15&sp=3 | suse |
reiserfs-kmp-default
|
< 5.3.18-150300.59.127.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15&sp=3 | suse |
reiserfs-kmp-default
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-zfcpdump?arch=s390x&distro=sles-15&sp=3 | suse |
kernel-zfcpdump
|
< 5.3.18-150300.59.127.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-syms
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15&sp=3 | suse |
kernel-syms
|
< 5.3.18-150300.59.127.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15&sp=3 | suse |
kernel-syms
|
< 5.3.18-150300.59.127.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-syms
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15&sp=3 | suse |
kernel-source
|
< 5.3.18-150300.59.127.1 | sles-15 | noarch | |
| Affected | pkg:rpm/suse/kernel-preempt?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-preempt
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-preempt?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-preempt
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-preempt-devel?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-preempt-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-preempt-devel?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-preempt-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-obs-build
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15&sp=3 | suse |
kernel-obs-build
|
< 5.3.18-150300.59.127.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15&sp=3 | suse |
kernel-obs-build
|
< 5.3.18-150300.59.127.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-obs-build
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15&sp=3 | suse |
kernel-macros
|
< 5.3.18-150300.59.127.1 | sles-15 | noarch | |
| Affected | pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15&sp=3 | suse |
kernel-docs
|
< 5.3.18-150300.59.127.1 | sles-15 | noarch | |
| Affected | pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15&sp=3 | suse |
kernel-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | noarch | |
| Affected | pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default?arch=x86_64&distro=slem-5 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | slem-5 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15&sp=3 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/kernel-default?arch=s390x&distro=slem-5 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | slem-5 | s390x | |
| Affected | pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15&sp=3 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-default?arch=aarch64&distro=slem-5 | suse |
kernel-default
|
< 5.3.18-150300.59.127.1 | slem-5 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-default-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15&sp=3 | suse |
kernel-default-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15&sp=3 | suse |
kernel-default-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-default-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15&sp=3 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | sles-15 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=slem-5 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | slem-5 | x86_64 | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15&sp=3 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | sles-15 | s390x | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=s390x&distro=slem-5 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | slem-5 | s390x | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15&sp=3 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | sles-15 | ppc64le | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=slem-5 | suse |
kernel-default-base
|
< 5.3.18-150300.59.127.1.150300.18.74.1 | slem-5 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-64kb?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-64kb
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/kernel-64kb-devel?arch=aarch64&distro=sles-15&sp=3 | suse |
kernel-64kb-devel
|
< 5.3.18-150300.59.127.1 | sles-15 | aarch64 | |
| Affected | pkg:rpm/suse/dtb-zte?arch=aarch64&distro=opensuse-leap-15.4 | suse |
dtb-zte
|
< 5.3.18-150300.59.127.1 | opensuse-leap-15.4 | aarch64 | |
| Affected | pkg:rpm/suse/dtb-al?arch=aarch64&distro=opensuse-leap-15.4 | suse |
dtb-al
|
< 5.3.18-150300.59.127.1 | opensuse-leap-15.4 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |