1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:3601-1

[SUSE-SU-2023:3601-1] Security update for the Linux Kernel

Severity Important
CVEs 16
Info References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
  • CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
  • CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
  • CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
  • CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
  • CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
  • CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
  • CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
  • CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
  • CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
  • CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
  • CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
  • CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
  • CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
  • CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
  • CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).

The following non-security bugs were fixed:

  • af_key: fix send_acquire race with pfkey_register (git-fixes).
  • af_packet: fix data-race in packet_setsockopt / packet_setsockopt (git-fixes).
  • af_unix: fix a data race of sk->sk_receive_queue->qlen (git-fixes).
  • arm64: re-enable support for contiguous hugepages (git-fixes)
  • arm64: vdso: fix clock_getres() for clock_realtime (git-fixes)
  • arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
  • bnx2x: fix page fault following eeh recovery (bsc#1214299).
  • bonding: fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
  • bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
  • bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes)
  • bridge: ebtables: do not crash when using dnat target in output chains (git-fixes).
  • btrfs-allow-use-of-global-block-reserve-for-balance: (bsc#1214335).
  • btrfs-unset-reloc-control-if-transaction-commit-fail: (bsc#1212051).
  • clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
  • fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
  • fs: lockd: avoid possible wrong null parameter (git-fixes).
  • inetpeer: fix data-race in inet_putpeer / inet_putpeer (git-fixes).
  • kabi/severities: ignore newly added srso mitigation functions
  • libceph: fix potential hang in ceph_osdc_notify() (bsc#1214752).
  • module: avoid allocation if module is already present and ready (bsc#1213921).
  • module: extract patient module check into helper (bsc#1213921).
  • module: move check_modinfo() early to early_mod_check() (bsc#1213921).
  • module: move early sanity checks into a helper (bsc#1213921).
  • net-sysfs: call dev_hold always in netdev_queue_add_kobject (git-fixes).
  • net-sysfs: call dev_hold always in rx_queue_add_kobject (git-fixes).
  • net-sysfs: fix netdev_queue_add_kobject() breakage (git-fixes).
  • net-sysfs: fix reference count leak in rx|netdev_queue_add_kobject (git-fixes).
  • net/af_unix: fix a data-race in unix_dgram_poll (git-fixes).
  • net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (git-fixes).
  • net/fq_impl: switch to kvmalloc() for memory allocation (git-fixes).
  • net: bnx2x: fix variable dereferenced before check (git-fixes).
  • net: icmp: fix data-race in cmp_global_allow() (git-fixes).
  • net: mana: add support for xdp_query_prog (jsc#sle-18779, bsc#1214209).
  • net: usb: qmi_wwan: add support for compal rxm-g1 (git-fixes).
  • netfilter: ipset: fix an error code in ip_set_sockfn_get() (git-fixes).
  • netfilter: nf_conntrack: fix possible possible crash on module loading (git-fixes).
  • nfs/blocklayout: use the passed in gfp flags (git-fixes).
  • nfs: guard against XXXXXXX loop when entry names exceed maxnamelen (git-fixes).
  • nfsd: add encoding of op_recall flag for write delegation (git-fixes).
  • nfsd: da_addr_body field missing in some getdeviceinfo replies (git-fixes).
  • nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
  • packet: fix data-race in fanout_flow_is_huge() (git-fixes).
  • packet: unconditionally free po->rollover (git-fixes).
  • powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
  • revert 'scsi: qla2xxx: fix buffer overrun' (bsc#1214928).
  • ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
  • ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
  • s390/cio: cio_ignore_proc_seq_next should increase position index (git-fixes bsc#1215057).
  • s390/cpum_sf: avoid sbd overflow condition in irq handler (git-fixes bsc#1213908).
  • s390/cpum_sf: check for sdbt and sdb consistency (git-fixes bsc#1213910).
  • s390/dasd/cio: interpret ccw_device_get_mdc return value correctly (git-fixes bsc#1215049).
  • s390/dasd: fix capacity calculation for large volumes (git-fixes bsc#1215034).
  • s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).
  • s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912).
  • s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899).
  • s390/kasan: fix strncpy_from_user kasan checks (git-fixes bsc#1215037).
  • s390/kdump: fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).
  • s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035).
  • s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038).
  • s390/smp: __smp_rescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906).
  • s390/smp: fix physical to logical cpu map for smt (git-fixes bsc#1213904).
  • s390/time: ensure get_clock_monotonic() returns monotonic values (git-fixes bsc#1213911).
  • s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041).
  • s390/zcrypt: handle new reply code filtered_by_hypervisor (git-fixes bsc#1215046).
  • s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032).
  • s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).
  • sched/core: check quota and period overflow at usec to nsec conversion (git fixes).
  • sched/core: handle overflow in cpu_shares_write_u64 (git fixes).
  • sched/cpufreq: fix kobject memleak (git fixes).
  • sched/fair: do not numa balance for kthreads (git fixes).
  • sched/fair: fix cfs bandwidth hrtimer expiry type (git fixes).
  • sched/topology: fix off by one bug (git fixes).
  • scsi: qla2xxx: add logs for sfp temperature monitoring (bsc#1214928).
  • scsi: qla2xxx: allow 32-byte cdbs (bsc#1214928).
  • scsi: qla2xxx: error code did not return to upper layer (bsc#1214928).
  • scsi: qla2xxx: fix firmware resource tracking (bsc#1214928).
  • scsi: qla2xxx: fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
  • scsi: qla2xxx: flush mailbox commands on chip reset (bsc#1214928).
  • scsi: qla2xxx: move resource to allow code reuse (bsc#1214928).
  • scsi: qla2xxx: remove unsupported ql2xenabledif option (bsc#1214928).
  • scsi: qla2xxx: remove unused declarations (bsc#1214928).
  • scsi: qla2xxx: remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
  • scsi: qla2xxx: update version to 10.02.09.100-k (bsc#1214928).
  • scsi: storvsc: always set no_report_opcodes (git-fixes).
  • scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
  • skbuff: fix a data race in skb_queue_len() (git-fixes).
  • sort latest foray of security patches
  • sunrpc: always clear xprt_sock_connecting before xprt_clear_connecting on tcp xprt (bsc#1214453).
  • timers: add shutdown mechanism to the internal functions (bsc#1213970).
  • timers: provide timer_shutdown_sync (bsc#1213970).
  • timers: rename del_timer() to timer_delete() (bsc#1213970).
  • timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
  • timers: replace bug_on()s (bsc#1213970).
  • timers: silently ignore timers with a null function (bsc#1213970).
  • timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970).
  • timers: update kernel-doc for various functions (bsc#1213970).
  • timers: use del_timer_sync() even on up (bsc#1213970).
  • tracing: fix warning in trace_buffered_event_disable() (git-fixes).
  • tun: fix bonding active backup with arp monitoring (git-fixes).
  • ubifs: fix snprintf() checking (git-fixes).
  • udp6: fix race condition in udp6_sendmsg & connect (git-fixes).
  • udp: fix race between close() and udp_abort() (git-fixes).
  • usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
  • usb: host: xhci: fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
  • usb: serial: cp210x: add kamstrup rf sniffer pids (git-fixes).
  • usb: serial: cp210x: add scalance lpe-9000 device id (git-fixes).
  • usb: serial: option: add lara-r6 01b pids (git-fixes).
  • usb: serial: option: add quectel ec200a module support (git-fixes).
  • usb: serial: option: add quectel ec200u modem (git-fixes).
  • usb: serial: option: add quectel em05cn (sg) modem (git-fixes).
  • usb: serial: option: add quectel em05cn modem (git-fixes).
  • usb: serial: option: add support for vw/skoda 'carstick lte' (git-fixes).
  • usb: serial: option: add u-blox lara-l6 modem (git-fixes).
  • usb: serial: option: support quectel em060k_128 (git-fixes).
  • usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
  • usb: serial: simple: sort driver entries (git-fixes).
  • usb: xhci-mtk: set the dma max_seg_size (git-fixes).
  • usb: xhci: check endpoint is valid before dereferencing it (git-fixes).
  • usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
  • x86/bugs: reset speculation control settings on init (git-fixes).
  • x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
  • x86/cpu/amd: enable zenbleed fix for amd custom apu 0405 (git-fixes).
  • x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
  • x86/cpu/vmware: fix platform detection vmware_port macro (bsc#1210327).
  • x86/cpu/vmware: use the full form of inl in vmware_hypercall, for clang/llvm (bsc#1210327).
  • x86/cpu/vmware: use the full form of inl in vmware_port (bsc#1210327).
  • x86/cpu: cleanup the untrain mess (git-fixes).
  • x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
  • x86/cpu: fix amd_check_microcode() declaration (git-fixes).
  • x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
  • x86/cpu: rename original retbleed methods (git-fixes).
  • x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
  • x86/crash: disable virt in core nmi crash handler to avoid double shootdown (git-fixes).
  • x86/ioapic: do not return 0 from arch_dynirq_lower_bound() (git-fixes).
  • x86/microcode/amd: load late on both threads too (git-fixes).
  • x86/mm: do not shuffle cpu entry areas without kaslr (git-fixes).
  • x86/mm: fix use of uninitialized buffer in sme_enable() (git-fixes).
  • x86/reboot: disable svm, not just vmx, when stopping cpus (git-fixes).
  • x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
  • x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
  • x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
  • x86/speculation: add cpu_show_gds() prototype (git-fixes).
  • x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
  • x86/srso: correct the mitigation status when smt is disabled (git-fixes).
  • x86/srso: disable the mitigation on unaffected configurations (git-fixes).
  • x86/srso: explain the untraining sequences a bit more (git-fixes).
  • x86/srso: fix build breakage with the llvm linker (git-fixes).
  • x86/virt: force gif=1 prior to disabling svm (for reboot flows) (git-fixes).
  • x86/vmware: add a header file for hypercall definitions (bsc#1210327).
  • x86/vmware: add steal time clock support for vmware guests (bsc#1210327).
  • x86/vmware: enable steal time accounting (bsc#1210327).
  • x86/vmware: update platform detection code for vmcall/vmmcall hypercalls (bsc#1210327).
  • x86: move gds_ucode_mitigated() declaration to header (git-fixes).
  • xfrm: release device reference for invalid state (git-fixes).
  • xhci-pci: set the dma max_seg_size (git-fixes).
  • xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
ID
SUSE-SU-2023:3601-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20233601-1/
Published
2023-09-14T10:31:13
(12 months ago)
Modified
2023-09-14T10:31:13
(12 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3601-1.json
Suse URL for SUSE-SU-2023:3601-1 https://www.suse.com/support/update/announcement/2023/suse-su-20233601-1/
Suse E-Mail link for SUSE-SU-2023:3601-1 https://lists.suse.com/pipermail/sle-updates/2023-September/031435.html
Bugzilla SUSE Bug 1120059 https://bugzilla.suse.com/1120059
Bugzilla SUSE Bug 1203517 https://bugzilla.suse.com/1203517
Bugzilla SUSE Bug 1210327 https://bugzilla.suse.com/1210327
Bugzilla SUSE Bug 1210448 https://bugzilla.suse.com/1210448
Bugzilla SUSE Bug 1212051 https://bugzilla.suse.com/1212051
Bugzilla SUSE Bug 1213543 https://bugzilla.suse.com/1213543
Bugzilla SUSE Bug 1213546 https://bugzilla.suse.com/1213546
Bugzilla SUSE Bug 1213601 https://bugzilla.suse.com/1213601
Bugzilla SUSE Bug 1213666 https://bugzilla.suse.com/1213666
Bugzilla SUSE Bug 1213899 https://bugzilla.suse.com/1213899
Bugzilla SUSE Bug 1213904 https://bugzilla.suse.com/1213904
Bugzilla SUSE Bug 1213906 https://bugzilla.suse.com/1213906
Bugzilla SUSE Bug 1213908 https://bugzilla.suse.com/1213908
Bugzilla SUSE Bug 1213910 https://bugzilla.suse.com/1213910
Bugzilla SUSE Bug 1213911 https://bugzilla.suse.com/1213911
Bugzilla SUSE Bug 1213912 https://bugzilla.suse.com/1213912
Bugzilla SUSE Bug 1213921 https://bugzilla.suse.com/1213921
Bugzilla SUSE Bug 1213927 https://bugzilla.suse.com/1213927
Bugzilla SUSE Bug 1213969 https://bugzilla.suse.com/1213969
Bugzilla SUSE Bug 1213970 https://bugzilla.suse.com/1213970
Bugzilla SUSE Bug 1213971 https://bugzilla.suse.com/1213971
Bugzilla SUSE Bug 1214019 https://bugzilla.suse.com/1214019
Bugzilla SUSE Bug 1214149 https://bugzilla.suse.com/1214149
Bugzilla SUSE Bug 1214157 https://bugzilla.suse.com/1214157
Bugzilla SUSE Bug 1214209 https://bugzilla.suse.com/1214209
Bugzilla SUSE Bug 1214233 https://bugzilla.suse.com/1214233
Bugzilla SUSE Bug 1214299 https://bugzilla.suse.com/1214299
Bugzilla SUSE Bug 1214335 https://bugzilla.suse.com/1214335
Bugzilla SUSE Bug 1214348 https://bugzilla.suse.com/1214348
Bugzilla SUSE Bug 1214350 https://bugzilla.suse.com/1214350
Bugzilla SUSE Bug 1214451 https://bugzilla.suse.com/1214451
Bugzilla SUSE Bug 1214453 https://bugzilla.suse.com/1214453
Bugzilla SUSE Bug 1214752 https://bugzilla.suse.com/1214752
Bugzilla SUSE Bug 1214928 https://bugzilla.suse.com/1214928
Bugzilla SUSE Bug 1215028 https://bugzilla.suse.com/1215028
Bugzilla SUSE Bug 1215032 https://bugzilla.suse.com/1215032
Bugzilla SUSE Bug 1215034 https://bugzilla.suse.com/1215034
Bugzilla SUSE Bug 1215035 https://bugzilla.suse.com/1215035
Bugzilla SUSE Bug 1215036 https://bugzilla.suse.com/1215036
Bugzilla SUSE Bug 1215037 https://bugzilla.suse.com/1215037
Bugzilla SUSE Bug 1215038 https://bugzilla.suse.com/1215038
Bugzilla SUSE Bug 1215041 https://bugzilla.suse.com/1215041
Bugzilla SUSE Bug 1215046 https://bugzilla.suse.com/1215046
Bugzilla SUSE Bug 1215049 https://bugzilla.suse.com/1215049
Bugzilla SUSE Bug 1215057 https://bugzilla.suse.com/1215057
CVE SUSE CVE CVE-2022-36402 page https://www.suse.com/security/cve/CVE-2022-36402/
CVE SUSE CVE CVE-2023-2007 page https://www.suse.com/security/cve/CVE-2023-2007/
CVE SUSE CVE CVE-2023-20588 page https://www.suse.com/security/cve/CVE-2023-20588/
CVE SUSE CVE CVE-2023-34319 page https://www.suse.com/security/cve/CVE-2023-34319/
CVE SUSE CVE CVE-2023-3772 page https://www.suse.com/security/cve/CVE-2023-3772/
CVE SUSE CVE CVE-2023-3812 page https://www.suse.com/security/cve/CVE-2023-3812/
CVE SUSE CVE CVE-2023-3863 page https://www.suse.com/security/cve/CVE-2023-3863/
CVE SUSE CVE CVE-2023-40283 page https://www.suse.com/security/cve/CVE-2023-40283/
CVE SUSE CVE CVE-2023-4128 page https://www.suse.com/security/cve/CVE-2023-4128/
CVE SUSE CVE CVE-2023-4132 page https://www.suse.com/security/cve/CVE-2023-4132/
CVE SUSE CVE CVE-2023-4133 page https://www.suse.com/security/cve/CVE-2023-4133/
CVE SUSE CVE CVE-2023-4134 page https://www.suse.com/security/cve/CVE-2023-4134/
CVE SUSE CVE CVE-2023-4194 page https://www.suse.com/security/cve/CVE-2023-4194/
CVE SUSE CVE CVE-2023-4385 page https://www.suse.com/security/cve/CVE-2023-4385/
CVE SUSE CVE CVE-2023-4387 page https://www.suse.com/security/cve/CVE-2023-4387/
CVE SUSE CVE CVE-2023-4459 page https://www.suse.com/security/cve/CVE-2023-4459/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date