1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:3421-1

[SUSE-SU-2023:3421-1] Security update for the Linux Kernel

Severity Important
Affected Packages 1
CVEs 15
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).
  • CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
  • CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
  • CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
  • CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
  • CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
  • CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
  • CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
  • CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
  • CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
  • CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
  • CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
  • CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
  • CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
  • CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).

The following non-security bugs were fixed:

  • arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
  • get module prefix from kmod (bsc#1212835).
  • remove more packaging cruft for sle < 12 sp3
  • block, bfq: fix division by zero error on zero wsum (bsc#1213653).
  • init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
  • init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
  • init: provide arch_cpu_finalize_init() (bsc#1206418).
  • init: remove check_bugs() leftovers (bsc#1206418).
  • jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
  • kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
  • kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
  • kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
  • keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
  • lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
  • locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
  • locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
  • net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
  • net: mana: add support for vlan tagging (bsc#1212301).
  • ocfs2: fix a deadlock when commit trans (bsc#1199304).
  • ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
  • ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
  • rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
  • rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
  • rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).
  • rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
  • rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
  • ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
  • ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
  • usrmerge: adjust module path in the kernel sources (bsc#1212835).
  • x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
  • x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
  • x86/microcode/AMD: Make stub function static inline (bsc#1213868).
Package Affected Version
pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5 < 5.3.18-150300.138.3
ID
SUSE-SU-2023:3421-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20233421-1/
Published
2023-08-24T08:55:49
(12 months ago)
Modified
2023-08-24T08:55:49
(12 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3421-1.json
Suse URL for SUSE-SU-2023:3421-1 https://www.suse.com/support/update/announcement/2023/suse-su-20233421-1/
Suse E-Mail link for SUSE-SU-2023:3421-1 https://lists.suse.com/pipermail/sle-updates/2023-August/031178.html
Bugzilla SUSE Bug 1199304 https://bugzilla.suse.com/1199304
Bugzilla SUSE Bug 1206418 https://bugzilla.suse.com/1206418
Bugzilla SUSE Bug 1207270 https://bugzilla.suse.com/1207270
Bugzilla SUSE Bug 1210584 https://bugzilla.suse.com/1210584
Bugzilla SUSE Bug 1211131 https://bugzilla.suse.com/1211131
Bugzilla SUSE Bug 1211738 https://bugzilla.suse.com/1211738
Bugzilla SUSE Bug 1211867 https://bugzilla.suse.com/1211867
Bugzilla SUSE Bug 1212301 https://bugzilla.suse.com/1212301
Bugzilla SUSE Bug 1212741 https://bugzilla.suse.com/1212741
Bugzilla SUSE Bug 1212835 https://bugzilla.suse.com/1212835
Bugzilla SUSE Bug 1212846 https://bugzilla.suse.com/1212846
Bugzilla SUSE Bug 1213059 https://bugzilla.suse.com/1213059
Bugzilla SUSE Bug 1213061 https://bugzilla.suse.com/1213061
Bugzilla SUSE Bug 1213167 https://bugzilla.suse.com/1213167
Bugzilla SUSE Bug 1213245 https://bugzilla.suse.com/1213245
Bugzilla SUSE Bug 1213286 https://bugzilla.suse.com/1213286
Bugzilla SUSE Bug 1213287 https://bugzilla.suse.com/1213287
Bugzilla SUSE Bug 1213354 https://bugzilla.suse.com/1213354
Bugzilla SUSE Bug 1213543 https://bugzilla.suse.com/1213543
Bugzilla SUSE Bug 1213585 https://bugzilla.suse.com/1213585
Bugzilla SUSE Bug 1213586 https://bugzilla.suse.com/1213586
Bugzilla SUSE Bug 1213588 https://bugzilla.suse.com/1213588
Bugzilla SUSE Bug 1213653 https://bugzilla.suse.com/1213653
Bugzilla SUSE Bug 1213868 https://bugzilla.suse.com/1213868
CVE SUSE CVE CVE-2022-40982 page https://www.suse.com/security/cve/CVE-2022-40982/
CVE SUSE CVE CVE-2023-0459 page https://www.suse.com/security/cve/CVE-2023-0459/
CVE SUSE CVE CVE-2023-20569 page https://www.suse.com/security/cve/CVE-2023-20569/
CVE SUSE CVE CVE-2023-20593 page https://www.suse.com/security/cve/CVE-2023-20593/
CVE SUSE CVE CVE-2023-2156 page https://www.suse.com/security/cve/CVE-2023-2156/
CVE SUSE CVE CVE-2023-2985 page https://www.suse.com/security/cve/CVE-2023-2985/
CVE SUSE CVE CVE-2023-3117 page https://www.suse.com/security/cve/CVE-2023-3117/
CVE SUSE CVE CVE-2023-31248 page https://www.suse.com/security/cve/CVE-2023-31248/
CVE SUSE CVE CVE-2023-3390 page https://www.suse.com/security/cve/CVE-2023-3390/
CVE SUSE CVE CVE-2023-35001 page https://www.suse.com/security/cve/CVE-2023-35001/
CVE SUSE CVE CVE-2023-3567 page https://www.suse.com/security/cve/CVE-2023-3567/
CVE SUSE CVE CVE-2023-3609 page https://www.suse.com/security/cve/CVE-2023-3609/
CVE SUSE CVE CVE-2023-3611 page https://www.suse.com/security/cve/CVE-2023-3611/
CVE SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-3776/
CVE SUSE CVE CVE-2023-3812 page https://www.suse.com/security/cve/CVE-2023-3812/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5 suse kernel-rt < 5.3.18-150300.138.3 slem-5 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date