1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:3349-1

[SUSE-SU-2023:3349-1] Security update for the Linux Kernel

Severity Important
Affected Packages 6
CVEs 11
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
  • CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
  • CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
  • CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
  • CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
  • CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
  • CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
  • CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
  • CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).

The following non-security bugs were fixed:

  • Get module prefix from kmod (bsc#1212835).
  • USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
  • USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
  • USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
  • USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
  • USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
  • USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
  • USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
  • USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
  • USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
  • blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration (bsc#1213022).
  • btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133).
  • delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705.
  • dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git-fixes).
  • dlm: NULL check before kmem_cache_destroy is not needed (git-fixes).
  • dlm: fix invalid cluster name warning (git-fixes).
  • dlm: fix missing idr_destroy for recover_idr (git-fixes).
  • dlm: fix missing lkb refcount handling (git-fixes).
  • dlm: fix plock invalid read (git-fixes).
  • dlm: fix possible call to kfree() for non-initialized pointer (git-fixes).
  • ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
  • ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
  • ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
  • ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
  • ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
  • ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
  • ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
  • ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
  • ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
  • ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
  • ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
  • ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
  • ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
  • ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
  • ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
  • ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
  • ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
  • ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
  • ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
  • ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
  • fs: dlm: cancel work sync othercon (git-fixes).
  • fs: dlm: filter user dlm messages for kernel locks (git-fixes).
  • fs: dlm: fix configfs memory leak (git-fixes).
  • fs: dlm: fix debugfs dump (git-fixes).
  • fs: dlm: fix memory leak when fenced (git-fixes).
  • fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
  • fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
  • fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042).
  • fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990).
  • fuse: revalidate: do not invalidate if interrupted (bsc#1213525).
  • igb: revert rtnl_lock() that causes deadlock (git-fixes).
  • include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023).
  • inotify: Avoid reporting event with invalid wd (bsc#1213025).
  • jbd2: Fix statistics for the number of logged blocks (bsc#1212988).
  • jbd2: abort journal if free a async write error metadata buffer (bsc#1212989).
  • jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
  • jbd2: fix data races at struct journal_head (bsc#1173438).
  • jbd2: fix invalid descriptor block checksum (bsc#1212987).
  • jbd2: fix race when writing superblock (bsc#1212986).
  • jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
  • kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
  • kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
  • lib/string: Add strscpy_pad() function (bsc#1213023).
  • mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
  • memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
  • memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023).
  • net: mana: Add support for vlan tagging (bsc#1212301).
  • ocfs2: check new file size on fallocate call (git-fixes).
  • ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
  • powerpc/64: update speculation_store_bypass in /proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes).
  • powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
  • rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
  • s390/cio: check the subchannel validity for dev_busid (bsc#1207526).
  • s390/cpum_sf: adjust sampling interval to avoid hitting sample limits (git-fixes bsc#1213827).
  • s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221).
  • s390/maccess: add no dat mode to kernel_write (git-fixes bsc#1213825).
  • s390/numa: move initial setup of node_to_cpumask_map (git-fixes bsc#1213766).
  • s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344).
  • s390/perf: Return error when debug_register fails (git-fixes bsc#1212657).
  • s390: limit brk randomization to 32MB (git-fixes bsc#1213346).
  • scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
  • uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
  • uas: ignore UAS for Thinkplus chips (git-fixes).
  • ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
  • ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
  • udf: Avoid double brelse() in udf_rename() (bsc#1213032).
  • udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
  • udf: Define EFSCORRUPTED error code (bsc#1213038).
  • udf: Discard preallocation before extending file with a hole (bsc#1213036).
  • udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
  • udf: Do not bother merging very long extents (bsc#1213040).
  • udf: Do not update file length for failed writes to inline files (bsc#1213041).
  • udf: Drop unused arguments of udf_delete_aext() (bsc#1213033).
  • udf: Fix extending file within last block (bsc#1213037).
  • udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
  • udf: Truncate added extents on failed expansion (bsc#1213039).
  • update suse/s390-dasd-fix-no-record-found-for-raw_track_access (git-fixes bsc#1212266 bsc#1207528).
  • update suse/scsi-zfcp-fix-missing-auto-port-scan-and-thus-missing-target-ports (git-fixes bsc#1202670).
  • usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
  • usrmerge: Adjust module path in the kernel sources (bsc#1212835).
  • vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218).
  • vfio-ccw: fence off transport mode (git-fixes bsc#1213215).
  • vfio-ccw: prevent quiesce function going into an infinite loop (git-fixes bsc#1213819).
  • vfio-ccw: release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823).
  • writeback: fix call of incorrect macro (bsc#1213024).
  • x86/bugs: Enable STIBP for JMP2RET (git-fixes).
  • x86/bugs: Remove apostrophe typo (git-fixes).
  • x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
  • x86/cpu: Load microcode during restore_processor_state() (git-fixes).
  • x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
  • x86/speculation/mmio: Print SMT warning (git-fixes).
  • x86: Fix return value of __setup handlers (git-fixes).
Package Affected Version
pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.146.1
pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 < 4.12.14-16.146.1
pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 < 4.12.14-16.146.1
pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.146.1
pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.146.1
pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.146.1
ID
SUSE-SU-2023:3349-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20233349-1/
Published
2023-08-17T12:48:19
(13 months ago)
Modified
2023-08-17T12:48:19
(13 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3349-1.json
Suse URL for SUSE-SU-2023:3349-1 https://www.suse.com/support/update/announcement/2023/suse-su-20233349-1/
Suse E-Mail link for SUSE-SU-2023:3349-1 https://lists.suse.com/pipermail/sle-updates/2023-August/031064.html
Bugzilla SUSE Bug 1087082 https://bugzilla.suse.com/1087082
Bugzilla SUSE Bug 1150305 https://bugzilla.suse.com/1150305
Bugzilla SUSE Bug 1173438 https://bugzilla.suse.com/1173438
Bugzilla SUSE Bug 1188885 https://bugzilla.suse.com/1188885
Bugzilla SUSE Bug 1202670 https://bugzilla.suse.com/1202670
Bugzilla SUSE Bug 1202716 https://bugzilla.suse.com/1202716
Bugzilla SUSE Bug 1205496 https://bugzilla.suse.com/1205496
Bugzilla SUSE Bug 1206418 https://bugzilla.suse.com/1206418
Bugzilla SUSE Bug 1207526 https://bugzilla.suse.com/1207526
Bugzilla SUSE Bug 1207528 https://bugzilla.suse.com/1207528
Bugzilla SUSE Bug 1207561 https://bugzilla.suse.com/1207561
Bugzilla SUSE Bug 1207617 https://bugzilla.suse.com/1207617
Bugzilla SUSE Bug 1207620 https://bugzilla.suse.com/1207620
Bugzilla SUSE Bug 1207629 https://bugzilla.suse.com/1207629
Bugzilla SUSE Bug 1207630 https://bugzilla.suse.com/1207630
Bugzilla SUSE Bug 1207633 https://bugzilla.suse.com/1207633
Bugzilla SUSE Bug 1207634 https://bugzilla.suse.com/1207634
Bugzilla SUSE Bug 1207653 https://bugzilla.suse.com/1207653
Bugzilla SUSE Bug 1208788 https://bugzilla.suse.com/1208788
Bugzilla SUSE Bug 1210584 https://bugzilla.suse.com/1210584
Bugzilla SUSE Bug 1210765 https://bugzilla.suse.com/1210765
Bugzilla SUSE Bug 1210766 https://bugzilla.suse.com/1210766
Bugzilla SUSE Bug 1210771 https://bugzilla.suse.com/1210771
Bugzilla SUSE Bug 1211738 https://bugzilla.suse.com/1211738
Bugzilla SUSE Bug 1211867 https://bugzilla.suse.com/1211867
Bugzilla SUSE Bug 1212266 https://bugzilla.suse.com/1212266
Bugzilla SUSE Bug 1212301 https://bugzilla.suse.com/1212301
Bugzilla SUSE Bug 1212657 https://bugzilla.suse.com/1212657
Bugzilla SUSE Bug 1212741 https://bugzilla.suse.com/1212741
Bugzilla SUSE Bug 1212835 https://bugzilla.suse.com/1212835
Bugzilla SUSE Bug 1212871 https://bugzilla.suse.com/1212871
Bugzilla SUSE Bug 1212905 https://bugzilla.suse.com/1212905
Bugzilla SUSE Bug 1212986 https://bugzilla.suse.com/1212986
Bugzilla SUSE Bug 1212987 https://bugzilla.suse.com/1212987
Bugzilla SUSE Bug 1212988 https://bugzilla.suse.com/1212988
Bugzilla SUSE Bug 1212989 https://bugzilla.suse.com/1212989
Bugzilla SUSE Bug 1212990 https://bugzilla.suse.com/1212990
Bugzilla SUSE Bug 1213010 https://bugzilla.suse.com/1213010
Bugzilla SUSE Bug 1213011 https://bugzilla.suse.com/1213011
Bugzilla SUSE Bug 1213012 https://bugzilla.suse.com/1213012
Bugzilla SUSE Bug 1213013 https://bugzilla.suse.com/1213013
Bugzilla SUSE Bug 1213014 https://bugzilla.suse.com/1213014
Bugzilla SUSE Bug 1213015 https://bugzilla.suse.com/1213015
Bugzilla SUSE Bug 1213017 https://bugzilla.suse.com/1213017
Bugzilla SUSE Bug 1213018 https://bugzilla.suse.com/1213018
Bugzilla SUSE Bug 1213019 https://bugzilla.suse.com/1213019
Bugzilla SUSE Bug 1213020 https://bugzilla.suse.com/1213020
Bugzilla SUSE Bug 1213021 https://bugzilla.suse.com/1213021
Bugzilla SUSE Bug 1213022 https://bugzilla.suse.com/1213022
Bugzilla SUSE Bug 1213023 https://bugzilla.suse.com/1213023
Bugzilla SUSE Bug 1213024 https://bugzilla.suse.com/1213024
Bugzilla SUSE Bug 1213025 https://bugzilla.suse.com/1213025
Bugzilla SUSE Bug 1213032 https://bugzilla.suse.com/1213032
Bugzilla SUSE Bug 1213033 https://bugzilla.suse.com/1213033
Bugzilla SUSE Bug 1213034 https://bugzilla.suse.com/1213034
Bugzilla SUSE Bug 1213035 https://bugzilla.suse.com/1213035
Bugzilla SUSE Bug 1213036 https://bugzilla.suse.com/1213036
Bugzilla SUSE Bug 1213037 https://bugzilla.suse.com/1213037
Bugzilla SUSE Bug 1213038 https://bugzilla.suse.com/1213038
Bugzilla SUSE Bug 1213039 https://bugzilla.suse.com/1213039
Bugzilla SUSE Bug 1213040 https://bugzilla.suse.com/1213040
Bugzilla SUSE Bug 1213041 https://bugzilla.suse.com/1213041
Bugzilla SUSE Bug 1213042 https://bugzilla.suse.com/1213042
Bugzilla SUSE Bug 1213059 https://bugzilla.suse.com/1213059
Bugzilla SUSE Bug 1213133 https://bugzilla.suse.com/1213133
Bugzilla SUSE Bug 1213167 https://bugzilla.suse.com/1213167
Bugzilla SUSE Bug 1213215 https://bugzilla.suse.com/1213215
Bugzilla SUSE Bug 1213218 https://bugzilla.suse.com/1213218
Bugzilla SUSE Bug 1213221 https://bugzilla.suse.com/1213221
Bugzilla SUSE Bug 1213286 https://bugzilla.suse.com/1213286
Bugzilla SUSE Bug 1213287 https://bugzilla.suse.com/1213287
Bugzilla SUSE Bug 1213344 https://bugzilla.suse.com/1213344
Bugzilla SUSE Bug 1213346 https://bugzilla.suse.com/1213346
Bugzilla SUSE Bug 1213350 https://bugzilla.suse.com/1213350
Bugzilla SUSE Bug 1213525 https://bugzilla.suse.com/1213525
Bugzilla SUSE Bug 1213585 https://bugzilla.suse.com/1213585
Bugzilla SUSE Bug 1213586 https://bugzilla.suse.com/1213586
Bugzilla SUSE Bug 1213588 https://bugzilla.suse.com/1213588
Bugzilla SUSE Bug 1213705 https://bugzilla.suse.com/1213705
Bugzilla SUSE Bug 1213747 https://bugzilla.suse.com/1213747
Bugzilla SUSE Bug 1213766 https://bugzilla.suse.com/1213766
Bugzilla SUSE Bug 1213819 https://bugzilla.suse.com/1213819
Bugzilla SUSE Bug 1213823 https://bugzilla.suse.com/1213823
Bugzilla SUSE Bug 1213825 https://bugzilla.suse.com/1213825
Bugzilla SUSE Bug 1213827 https://bugzilla.suse.com/1213827
CVE SUSE CVE CVE-2018-3639 page https://www.suse.com/security/cve/CVE-2018-3639/
CVE SUSE CVE CVE-2022-40982 page https://www.suse.com/security/cve/CVE-2022-40982/
CVE SUSE CVE CVE-2023-0459 page https://www.suse.com/security/cve/CVE-2023-0459/
CVE SUSE CVE CVE-2023-20569 page https://www.suse.com/security/cve/CVE-2023-20569/
CVE SUSE CVE CVE-2023-20593 page https://www.suse.com/security/cve/CVE-2023-20593/
CVE SUSE CVE CVE-2023-2985 page https://www.suse.com/security/cve/CVE-2023-2985/
CVE SUSE CVE CVE-2023-35001 page https://www.suse.com/security/cve/CVE-2023-35001/
CVE SUSE CVE CVE-2023-3567 page https://www.suse.com/security/cve/CVE-2023-3567/
CVE SUSE CVE CVE-2023-3609 page https://www.suse.com/security/cve/CVE-2023-3609/
CVE SUSE CVE CVE-2023-3611 page https://www.suse.com/security/cve/CVE-2023-3611/
CVE SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-3776/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 suse kernel-syms-azure < 4.12.14-16.146.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 suse kernel-source-azure < 4.12.14-16.146.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 suse kernel-devel-azure < 4.12.14-16.146.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure < 4.12.14-16.146.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure-devel < 4.12.14-16.146.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure-base < 4.12.14-16.146.1 sles-12 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date