[SUSE-SU-2023:3421-1] Security update for the Linux Kernel
Severity
Important
Affected Packages
1
CVEs
15
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- get module prefix from kmod (bsc#1212835).
- remove more packaging cruft for sle < 12 sp3
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
Package | Affected Version |
---|---|
pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5 | < 5.3.18-150300.138.3 |
- ID
- SUSE-SU-2023:3421-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20233421-1/
- Published
-
2023-08-24T08:55:49
(12 months ago) - Modified
-
2023-08-24T08:55:49
(12 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2023-1701
- ALAS-2023-1706
- ALAS-2023-1783
- ALAS-2023-1792
- ALAS-2023-1827
- ALAS-2023-1897
- ALAS2-2023-1932
- ALAS2-2023-1987
- ALAS2-2023-2130
- ALAS2-2023-2179
- ALAS2-2023-2190
- ALAS2-2023-2195
- ALAS2-2023-2268
- ALAS2-2023-2359
- ALPINE:CVE-2022-40982
- ALPINE:CVE-2023-20569
- ALPINE:CVE-2023-20593
- ALSA-2023:5068
- ALSA-2023:5069
- ALSA-2023:5244
- ALSA-2023:5245
- ALSA-2023:6595
- ALSA-2023:7077
- ALSA-2023:7109
- ALSA-2023:7549
- ALSA-2024:0113
- ALSA-2024:3138
- DSA-5448-1
- DSA-5453-1
- DSA-5459-1
- DSA-5461-1
- DSA-5462-1
- DSA-5474-1
- DSA-5475-1
- DSA-5480-1
- DSA-5492-1
- ELSA-2023-12654
- ELSA-2023-12655
- ELSA-2023-12656
- ELSA-2023-12657
- ELSA-2023-12689
- ELSA-2023-12690
- ELSA-2023-12691
- ELSA-2023-12692
- ELSA-2023-12712
- ELSA-2023-12713
- ELSA-2023-12714
- ELSA-2023-12715
- ELSA-2023-12722
- ELSA-2023-12723
- ELSA-2023-12724
- ELSA-2023-12759
- ELSA-2023-12782
- ELSA-2023-12785
- ELSA-2023-12786
- ELSA-2023-12788
- ELSA-2023-12792
- ELSA-2023-12836
- ELSA-2023-12839
- ELSA-2023-12842
- ELSA-2023-12874
- ELSA-2023-12910
- ELSA-2023-12911
- ELSA-2023-4819
- ELSA-2023-5068
- ELSA-2023-5069
- ELSA-2023-5244
- ELSA-2023-5622
- ELSA-2023-6583
- ELSA-2023-6595
- ELSA-2023-7077
- ELSA-2023-7109
- ELSA-2023-7423
- ELSA-2023-7549
- ELSA-2023-7749
- ELSA-2024-0461
- ELSA-2024-12094
- ELSA-2024-1831
- ELSA-2024-2394
- ELSA-2024-3138
- FEDORA-2023-04473fc41e
- FEDORA-2023-0d6aa10621
- FEDORA-2023-10d34be85a
- FEDORA-2023-3661f028b8
- FEDORA-2023-638681260a
- FEDORA-2023-7228464f28
- FEDORA-2023-ddfd3073b3
- FEDORA-2023-e1482687dd
- FEDORA-2023-e4e985b5dd
- FEDORA-2023-fff31650c8
- MS:CVE-2023-0459
- MS:CVE-2023-20569
- MS:CVE-2023-2985
- MS:CVE-2023-3567
- MS:CVE-2023-3609
- MS:CVE-2023-3611
- MS:CVE-2023-3776
- MS:CVE-2023-3812
- RHBA-2023:2977
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2023:4819
- RHSA-2023:4821
- RHSA-2023:5068
- RHSA-2023:5069
- RHSA-2023:5091
- RHSA-2023:5093
- RHSA-2023:5221
- RHSA-2023:5244
- RHSA-2023:5245
- RHSA-2023:5255
- RHSA-2023:5574
- RHSA-2023:5621
- RHSA-2023:5622
- RHSA-2023:6595
- RHSA-2023:6901
- RHSA-2023:7077
- RHSA-2023:7109
- RHSA-2023:7419
- RHSA-2023:7423
- RHSA-2023:7424
- RHSA-2023:7513
- RHSA-2023:7548
- RHSA-2023:7549
- RHSA-2023:7554
- RHSA-2024:0113
- RHSA-2024:0134
- RHSA-2024:0340
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2023:5244
- RLSA-2023:7549
- RLSA-2024:3138
- SSA:2023-172-02
- SSA:2023-205-01
- SSA:2023-325-01
- SUSE-SU-2023:2500-1
- SUSE-SU-2023:2502-1
- SUSE-SU-2023:2611-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2653-1
- SUSE-SU-2023:2782-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2023:2986-1
- SUSE-SU-2023:3001-1
- SUSE-SU-2023:3006-1
- SUSE-SU-2023:3019-1
- SUSE-SU-2023:3020-1
- SUSE-SU-2023:3022-1
- SUSE-SU-2023:3171-1
- SUSE-SU-2023:3172-1
- SUSE-SU-2023:3180-1
- SUSE-SU-2023:3182-1
- SUSE-SU-2023:3206-1
- SUSE-SU-2023:3262-1
- SUSE-SU-2023:3289-1
- SUSE-SU-2023:3298-1
- SUSE-SU-2023:3302-1
- SUSE-SU-2023:3309-1
- SUSE-SU-2023:3311-1
- SUSE-SU-2023:3313-1
- SUSE-SU-2023:3318-1
- SUSE-SU-2023:3324-1
- SUSE-SU-2023:3329-1
- SUSE-SU-2023:3333-1
- SUSE-SU-2023:3349-1
- SUSE-SU-2023:3359-1
- SUSE-SU-2023:3360-1
- SUSE-SU-2023:3361-1
- SUSE-SU-2023:3362-1
- SUSE-SU-2023:3376-1
- SUSE-SU-2023:3377-1
- SUSE-SU-2023:3382-1
- SUSE-SU-2023:3383-1
- SUSE-SU-2023:3389-1
- SUSE-SU-2023:3390-1
- SUSE-SU-2023:3391-1
- SUSE-SU-2023:3392-1
- SUSE-SU-2023:3395-1
- SUSE-SU-2023:3446-1
- SUSE-SU-2023:3447-1
- SUSE-SU-2023:3494-1
- SUSE-SU-2023:3495-1
- SUSE-SU-2023:3496-1
- SUSE-SU-2023:3566-1
- SUSE-SU-2023:3571-1
- SUSE-SU-2023:3572-1
- SUSE-SU-2023:3576-1
- SUSE-SU-2023:3582-1
- SUSE-SU-2023:3585-1
- SUSE-SU-2023:3592-1
- SUSE-SU-2023:3594-1
- SUSE-SU-2023:3595-1
- SUSE-SU-2023:3596-1
- SUSE-SU-2023:3598-1
- SUSE-SU-2023:3601-1
- SUSE-SU-2023:3603-1
- SUSE-SU-2023:3607-1
- SUSE-SU-2023:3612-1
- SUSE-SU-2023:3620-1
- SUSE-SU-2023:3621-1
- SUSE-SU-2023:3622-1
- SUSE-SU-2023:3623-1
- SUSE-SU-2023:3627-1
- SUSE-SU-2023:3628-1
- SUSE-SU-2023:3629-1
- SUSE-SU-2023:3630-1
- SUSE-SU-2023:3631-1
- SUSE-SU-2023:3632-1
- SUSE-SU-2023:3644-1
- SUSE-SU-2023:3647-1
- SUSE-SU-2023:3648-1
- SUSE-SU-2023:3653-1
- SUSE-SU-2023:3657-1
- SUSE-SU-2023:3658-1
- SUSE-SU-2023:3659-1
- SUSE-SU-2023:3668-1
- SUSE-SU-2023:3671-1
- SUSE-SU-2023:3675-1
- SUSE-SU-2023:3676-1
- SUSE-SU-2023:3677-1
- SUSE-SU-2023:3680-1
- SUSE-SU-2023:3681-1
- SUSE-SU-2023:3705-1
- SUSE-SU-2023:3748-1
- SUSE-SU-2023:3749-1
- SUSE-SU-2023:3768-1
- SUSE-SU-2023:3772-1
- SUSE-SU-2023:3773-1
- SUSE-SU-2023:3783-1
- SUSE-SU-2023:3784-1
- SUSE-SU-2023:3786-1
- SUSE-SU-2023:3788-1
- SUSE-SU-2023:3809-1
- SUSE-SU-2023:3811-1
- SUSE-SU-2023:3812-1
- SUSE-SU-2023:3838-1
- SUSE-SU-2023:3844-1
- SUSE-SU-2023:3846-1
- SUSE-SU-2023:3889-1
- SUSE-SU-2023:3892-1
- SUSE-SU-2023:3893-1
- SUSE-SU-2023:3894-1
- SUSE-SU-2023:3895-1
- SUSE-SU-2023:3902-1
- SUSE-SU-2023:3903-1
- SUSE-SU-2023:3922-1
- SUSE-SU-2023:3923-1
- SUSE-SU-2023:3924-1
- SUSE-SU-2023:3928-1
- SUSE-SU-2023:4166-1
- SUSE-SU-2023:4175-1
- SUSE-SU-2023:4201-1
- SUSE-SU-2023:4219-1
- SUSE-SU-2023:4239-1
- SUSE-SU-2023:4245-1
- SUSE-SU-2023:4267-1
- SUSE-SU-2023:4279-1
- SUSE-SU-2023:4285-1
- SUSE-SU-2023:4308-1
- SUSE-SU-2023:4326-1
- SUSE-SU-2024:0884-1
- SUSE-SU-2024:0885-1
- USN-6079-1
- USN-6080-1
- USN-6081-1
- USN-6084-1
- USN-6085-1
- USN-6090-1
- USN-6091-1
- USN-6092-1
- USN-6094-1
- USN-6095-1
- USN-6096-1
- USN-6109-1
- USN-6118-1
- USN-6132-1
- USN-6133-1
- USN-6134-1
- USN-6171-1
- USN-6172-1
- USN-6173-1
- USN-6174-1
- USN-6185-1
- USN-6187-1
- USN-6207-1
- USN-6222-1
- USN-6223-1
- USN-6235-1
- USN-6244-1
- USN-6246-1
- USN-6247-1
- USN-6248-1
- USN-6250-1
- USN-6251-1
- USN-6252-1
- USN-6254-1
- USN-6255-1
- USN-6256-1
- USN-6260-1
- USN-6261-1
- USN-6285-1
- USN-6286-1
- USN-6309-1
- USN-6315-1
- USN-6316-1
- USN-6317-1
- USN-6318-1
- USN-6319-1
- USN-6321-1
- USN-6324-1
- USN-6325-1
- USN-6327-1
- USN-6328-1
- USN-6329-1
- USN-6330-1
- USN-6331-1
- USN-6332-1
- USN-6341-1
- USN-6342-1
- USN-6342-2
- USN-6346-1
- USN-6348-1
- USN-6357-1
- USN-6385-1
- USN-6388-1
- USN-6396-1
- USN-6396-2
- USN-6396-3
- USN-6397-1
- USN-6412-1
- USN-6415-1
- USN-6416-1
- USN-6416-2
- USN-6416-3
- USN-6445-1
- USN-6445-2
- USN-6460-1
- USN-6466-1
- USN-6532-1
- XSA-433
- XSA-434
- XSA-435
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/kernel-rt?arch=x86_64&distro=slem-5 | suse | kernel-rt | < 5.3.18-150300.138.3 | slem-5 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |