1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:3390-1

[SUSE-SU-2023:3390-1] Security update for the Linux Kernel

Severity Important
Affected Packages 32
CVEs 16
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
  • CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
  • CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
  • CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
  • CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
  • CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
  • CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
  • CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
  • CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
  • CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
  • CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
  • CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
  • CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
  • CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
  • CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
  • CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019).

The following non-security bugs were fixed:

  • arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
  • arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • fix kabi when adding new cpuid leaves
  • get module prefix from kmod (bsc#1212835).
  • remove more packaging cruft for sle < 12 sp3
  • cifs: fix open leaks in open_cached_dir() (bsc#1209342).
  • clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
  • init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
  • init: provide arch_cpu_finalize_init() (bsc#1206418).
  • init: remove check_bugs() leftovers (bsc#1206418).
  • kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
  • kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
  • kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
  • keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
  • keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
  • net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
  • net: mana: add support for vlan tagging (bsc#1212301).
  • rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
  • rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
  • timers: add shutdown mechanism to the internal functions (bsc#1213970).
  • timers: provide timer_shutdown_sync (bsc#1213970).
  • timers: rename del_timer() to timer_delete() (bsc#1213970).
  • timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
  • timers: replace bug_on()s (bsc#1213970).
  • timers: silently ignore timers with a null function (bsc#1213970).
  • timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970).
  • timers: update kernel-doc for various functions (bsc#1213970).
  • timers: use del_timer_sync() even on up (bsc#1213970).
  • ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
  • ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
  • usrmerge: adjust module path in the kernel sources (bsc#1212835).
  • x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
  • x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
  • x86/microcode/AMD: Make stub function static inline (bsc#1213868).
Package Affected Version
pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-preempt?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-preempt?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-preempt-devel?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-preempt-devel?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.160.3
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15&sp=2 < 5.3.18-150200.24.160.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2.150200.9.79.2
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2.150200.9.79.2
pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2.150200.9.79.2
pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15&sp=2 < 5.3.18-150200.24.160.2.150200.9.79.2
ID
SUSE-SU-2023:3390-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20233390-1/
Published
2023-08-23T15:25:59
(13 months ago)
Modified
2023-08-23T15:25:59
(13 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3390-1.json
Suse URL for SUSE-SU-2023:3390-1 https://www.suse.com/support/update/announcement/2023/suse-su-20233390-1/
Suse E-Mail link for SUSE-SU-2023:3390-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015998.html
Bugzilla SUSE Bug 1206418 https://bugzilla.suse.com/1206418
Bugzilla SUSE Bug 1207088 https://bugzilla.suse.com/1207088
Bugzilla SUSE Bug 1209342 https://bugzilla.suse.com/1209342
Bugzilla SUSE Bug 1210584 https://bugzilla.suse.com/1210584
Bugzilla SUSE Bug 1211738 https://bugzilla.suse.com/1211738
Bugzilla SUSE Bug 1211867 https://bugzilla.suse.com/1211867
Bugzilla SUSE Bug 1212301 https://bugzilla.suse.com/1212301
Bugzilla SUSE Bug 1212741 https://bugzilla.suse.com/1212741
Bugzilla SUSE Bug 1212835 https://bugzilla.suse.com/1212835
Bugzilla SUSE Bug 1212846 https://bugzilla.suse.com/1212846
Bugzilla SUSE Bug 1213059 https://bugzilla.suse.com/1213059
Bugzilla SUSE Bug 1213167 https://bugzilla.suse.com/1213167
Bugzilla SUSE Bug 1213245 https://bugzilla.suse.com/1213245
Bugzilla SUSE Bug 1213286 https://bugzilla.suse.com/1213286
Bugzilla SUSE Bug 1213287 https://bugzilla.suse.com/1213287
Bugzilla SUSE Bug 1213354 https://bugzilla.suse.com/1213354
Bugzilla SUSE Bug 1213543 https://bugzilla.suse.com/1213543
Bugzilla SUSE Bug 1213546 https://bugzilla.suse.com/1213546
Bugzilla SUSE Bug 1213585 https://bugzilla.suse.com/1213585
Bugzilla SUSE Bug 1213586 https://bugzilla.suse.com/1213586
Bugzilla SUSE Bug 1213588 https://bugzilla.suse.com/1213588
Bugzilla SUSE Bug 1213868 https://bugzilla.suse.com/1213868
Bugzilla SUSE Bug 1213970 https://bugzilla.suse.com/1213970
Bugzilla SUSE Bug 1214019 https://bugzilla.suse.com/1214019
CVE SUSE CVE CVE-2022-40982 page https://www.suse.com/security/cve/CVE-2022-40982/
CVE SUSE CVE CVE-2023-0459 page https://www.suse.com/security/cve/CVE-2023-0459/
CVE SUSE CVE CVE-2023-20569 page https://www.suse.com/security/cve/CVE-2023-20569/
CVE SUSE CVE CVE-2023-20593 page https://www.suse.com/security/cve/CVE-2023-20593/
CVE SUSE CVE CVE-2023-2985 page https://www.suse.com/security/cve/CVE-2023-2985/
CVE SUSE CVE CVE-2023-3117 page https://www.suse.com/security/cve/CVE-2023-3117/
CVE SUSE CVE CVE-2023-3390 page https://www.suse.com/security/cve/CVE-2023-3390/
CVE SUSE CVE CVE-2023-34319 page https://www.suse.com/security/cve/CVE-2023-34319/
CVE SUSE CVE CVE-2023-35001 page https://www.suse.com/security/cve/CVE-2023-35001/
CVE SUSE CVE CVE-2023-3567 page https://www.suse.com/security/cve/CVE-2023-3567/
CVE SUSE CVE CVE-2023-3609 page https://www.suse.com/security/cve/CVE-2023-3609/
CVE SUSE CVE CVE-2023-3611 page https://www.suse.com/security/cve/CVE-2023-3611/
CVE SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-3776/
CVE SUSE CVE CVE-2023-3812 page https://www.suse.com/security/cve/CVE-2023-3812/
CVE SUSE CVE CVE-2023-4133 page https://www.suse.com/security/cve/CVE-2023-4133/
CVE SUSE CVE CVE-2023-4194 page https://www.suse.com/security/cve/CVE-2023-4194/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=x86_64&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.160.2 sles-15 x86_64
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=s390x&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.160.2 sles-15 s390x
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=ppc64le&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.160.2 sles-15 ppc64le
Affected pkg:rpm/suse/reiserfs-kmp-default?arch=aarch64&distro=sles-15&sp=2 suse reiserfs-kmp-default < 5.3.18-150200.24.160.2 sles-15 aarch64
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.160.1 sles-15 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.160.1 sles-15 s390x
Affected pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.160.1 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-syms?arch=aarch64&distro=sles-15&sp=2 suse kernel-syms < 5.3.18-150200.24.160.1 sles-15 aarch64
Affected pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-15&sp=2 suse kernel-source < 5.3.18-150200.24.160.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-preempt?arch=x86_64&distro=sles-15&sp=2 suse kernel-preempt < 5.3.18-150200.24.160.2 sles-15 x86_64
Affected pkg:rpm/suse/kernel-preempt?arch=aarch64&distro=sles-15&sp=2 suse kernel-preempt < 5.3.18-150200.24.160.2 sles-15 aarch64
Affected pkg:rpm/suse/kernel-preempt-devel?arch=x86_64&distro=sles-15&sp=2 suse kernel-preempt-devel < 5.3.18-150200.24.160.2 sles-15 x86_64
Affected pkg:rpm/suse/kernel-preempt-devel?arch=aarch64&distro=sles-15&sp=2 suse kernel-preempt-devel < 5.3.18-150200.24.160.2 sles-15 aarch64
Affected pkg:rpm/suse/kernel-obs-build?arch=x86_64&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.160.2 sles-15 x86_64
Affected pkg:rpm/suse/kernel-obs-build?arch=s390x&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.160.2 sles-15 s390x
Affected pkg:rpm/suse/kernel-obs-build?arch=ppc64le&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.160.2 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-obs-build?arch=aarch64&distro=sles-15&sp=2 suse kernel-obs-build < 5.3.18-150200.24.160.2 sles-15 aarch64
Affected pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-15&sp=2 suse kernel-macros < 5.3.18-150200.24.160.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-docs?arch=noarch&distro=sles-15&sp=2 suse kernel-docs < 5.3.18-150200.24.160.3 sles-15 noarch
Affected pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-15&sp=2 suse kernel-devel < 5.3.18-150200.24.160.1 sles-15 noarch
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.160.2 sles-15 x86_64
Affected pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.160.2 sles-15 s390x
Affected pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.160.2 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-default?arch=aarch64&distro=sles-15&sp=2 suse kernel-default < 5.3.18-150200.24.160.2 sles-15 aarch64
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.160.2 sles-15 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.160.2 sles-15 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.160.2 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-default-devel?arch=aarch64&distro=sles-15&sp=2 suse kernel-default-devel < 5.3.18-150200.24.160.2 sles-15 aarch64
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.160.2.150200.9.79.2 sles-15 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.160.2.150200.9.79.2 sles-15 s390x
Affected pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.160.2.150200.9.79.2 sles-15 ppc64le
Affected pkg:rpm/suse/kernel-default-base?arch=aarch64&distro=sles-15&sp=2 suse kernel-default-base < 5.3.18-150200.24.160.2.150200.9.79.2 sles-15 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date