1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:3333-1

[SUSE-SU-2023:3333-1] Security update for the Linux Kernel

Severity Important
Affected Packages 14
CVEs 13
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
  • CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
  • CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
  • CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
  • CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
  • CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
  • CVE-2018-3639: Fixed Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1087082).
  • CVE-2017-18344: Fixed an OOB access led by an invalid check in timer_create. (bsc#1102851).
  • CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
  • CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
  • CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
  • CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
  • CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).

The following non-security bugs were fixed:

  • fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
  • firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128).
  • kABI: restore _copy_from_user on x86_64 and copy_to_user on x86 (bsc#1211738 CVE-2023-0459).
  • media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824).
  • media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
  • memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449).
  • net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776 bsc#1213588).
  • pkt_sched: fix error return code in fw_change_attrs() (bsc#1213588).
  • pkt_sched: fix error return code in fw_change_attrs() (bsc#1213588).
  • posix-timer: Properly check sigevent->sigev_notify (CVE-2017-18344, bsc#1102851, bsc#1208715).
  • relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268).
  • uaccess: Add speculation barrier to copy_from_user() (bsc#1211738 CVE-2023-0459).
  • vc_screen: don't clobber return value in vcs_read (bsc#1213167 CVE-2023-3567).
  • vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167 CVE-2023-3567).
  • vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (bsc#1213167 CVE-2023-3567).
  • x86: Unify copy_from_user() size checking (bsc#1211738 CVE-2023-0459).
  • x86/copy_user: Unify the code by removing the 64-bit asm copy*_user() variants (bsc#1211738 CVE-2023-0459).
  • x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
  • x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
Package Affected Version
pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-trace?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-trace-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-trace-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-source?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-ec2?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-ec2-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-ec2-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-11&sp=4 < 3.0.101-108.144.1
ID
SUSE-SU-2023:3333-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/
Published
2023-08-16T10:45:46
(13 months ago)
Modified
2023-08-16T10:45:46
(13 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3333-1.json
Suse URL for SUSE-SU-2023:3333-1 https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/
Suse E-Mail link for SUSE-SU-2023:3333-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015911.html
Bugzilla SUSE Bug 1087082 https://bugzilla.suse.com/1087082
Bugzilla SUSE Bug 1102851 https://bugzilla.suse.com/1102851
Bugzilla SUSE Bug 1205803 https://bugzilla.suse.com/1205803
Bugzilla SUSE Bug 1206418 https://bugzilla.suse.com/1206418
Bugzilla SUSE Bug 1211738 https://bugzilla.suse.com/1211738
Bugzilla SUSE Bug 1212128 https://bugzilla.suse.com/1212128
Bugzilla SUSE Bug 1212129 https://bugzilla.suse.com/1212129
Bugzilla SUSE Bug 1212154 https://bugzilla.suse.com/1212154
Bugzilla SUSE Bug 1212501 https://bugzilla.suse.com/1212501
Bugzilla SUSE Bug 1212502 https://bugzilla.suse.com/1212502
Bugzilla SUSE Bug 1213167 https://bugzilla.suse.com/1213167
Bugzilla SUSE Bug 1213286 https://bugzilla.suse.com/1213286
Bugzilla SUSE Bug 1213588 https://bugzilla.suse.com/1213588
CVE SUSE CVE CVE-2017-18344 page https://www.suse.com/security/cve/CVE-2017-18344/
CVE SUSE CVE CVE-2018-3639 page https://www.suse.com/security/cve/CVE-2018-3639/
CVE SUSE CVE CVE-2022-40982 page https://www.suse.com/security/cve/CVE-2022-40982/
CVE SUSE CVE CVE-2022-45919 page https://www.suse.com/security/cve/CVE-2022-45919/
CVE SUSE CVE CVE-2023-0459 page https://www.suse.com/security/cve/CVE-2023-0459/
CVE SUSE CVE CVE-2023-20593 page https://www.suse.com/security/cve/CVE-2023-20593/
CVE SUSE CVE CVE-2023-3141 page https://www.suse.com/security/cve/CVE-2023-3141/
CVE SUSE CVE CVE-2023-3159 page https://www.suse.com/security/cve/CVE-2023-3159/
CVE SUSE CVE CVE-2023-3161 page https://www.suse.com/security/cve/CVE-2023-3161/
CVE SUSE CVE CVE-2023-3268 page https://www.suse.com/security/cve/CVE-2023-3268/
CVE SUSE CVE CVE-2023-3567 page https://www.suse.com/security/cve/CVE-2023-3567/
CVE SUSE CVE CVE-2023-35824 page https://www.suse.com/security/cve/CVE-2023-35824/
CVE SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-3776/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-11&sp=4 suse kernel-xen < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-xen-devel < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-xen-base < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace?arch=x86_64&distro=sles-11&sp=4 suse kernel-trace < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-trace-devel < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-trace-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-trace-base < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-11&sp=4 suse kernel-syms < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-source?arch=x86_64&distro=sles-11&sp=4 suse kernel-source < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2?arch=x86_64&distro=sles-11&sp=4 suse kernel-ec2 < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-ec2-devel < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-ec2-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-ec2-base < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-11&sp=4 suse kernel-default < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-11&sp=4 suse kernel-default-devel < 3.0.101-108.144.1 sles-11 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-11&sp=4 suse kernel-default-base < 3.0.101-108.144.1 sles-11 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date