1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:4883-1

[SUSE-SU-2023:4883-1] Security update for the Linux Kernel

Severity Important
Affected Packages 6
CVEs 7
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
  • CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
  • CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
  • CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
  • CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
  • CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
  • CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).

The following non-security bugs were fixed:

  • cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
  • cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
  • cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).
  • cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).
  • cpu/SMT: Remove topology_smt_supported() (bsc#1214408).
  • cpu/SMT: Store the current/max number of threads (bsc#1214408).
  • cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
  • dm-raid: remove useless checking in raid_message() (git-fixes).
  • l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).
  • l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git-fixes).
  • md/bitmap: always wake up md_thread in timeout_store (git-fixes).
  • md/bitmap: factor out a helper to set timeout (git-fixes).
  • md/raid10: Do not add spare disk when recovery fails (git-fixes).
  • md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
  • md/raid10: clean up md_add_new_disk() (git-fixes).
  • md/raid10: fix io loss while replacement replace rdev (git-fixes).
  • md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
  • md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
  • md/raid10: fix memleak of md thread (git-fixes).
  • md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
  • md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
  • md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
  • md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
  • md/raid10: improve code of mrdev in raid10_sync_request (git-fixes).
  • md/raid10: prevent soft lockup while flush writes (git-fixes).
  • md/raid10: prioritize adding disk to 'removed' mirror (git-fixes).
  • md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
  • md: add new workqueue for delete rdev (git-fixes).
  • md: avoid signed overflow in slot_store() (git-fixes).
  • md: do not return existing mddevs from mddev_find_or_alloc (git-fixes).
  • md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes).
  • md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
  • md: fix deadlock causing by sysfs_notify (git-fixes).
  • md: fix incorrect declaration about claim_rdev in md_import_device (git-fixes).
  • md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).
  • md: get sysfs entry after redundancy attr group create (git-fixes).
  • md: refactor mddev_find_or_alloc (git-fixes).
  • md: remove lock_bdev / unlock_bdev (git-fixes).
  • mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports) bsc#1216759).
  • net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
  • net: mana: Configure hwc timeout from hardware (bsc#1214037).
  • net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
  • powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
  • powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
  • powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
  • ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
  • s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607).
  • s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).
  • s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087).
  • s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087).
  • s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206).
  • s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519).
  • s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604).
  • s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087).
  • s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087).
  • s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603).
  • scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
  • scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
  • tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031).
  • usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
  • usb: serial: option: add Quectel RM500U-CN modem (git-fixes).
  • usb: serial: option: add Telit FE990 compositions (git-fixes).
  • usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
  • usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
  • xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
  • xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
  • xfs: reserve data and rt quota at the same time (bsc#1203496).
Package Affected Version
pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.160.1
pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 < 4.12.14-16.160.1
pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 < 4.12.14-16.160.1
pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.160.1
pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.160.1
pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 < 4.12.14-16.160.1
ID
SUSE-SU-2023:4883-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20234883-1/
Published
2023-12-15T10:41:00
(9 months ago)
Modified
2023-12-15T10:41:00
(9 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4883-1.json
Suse URL for SUSE-SU-2023:4883-1 https://www.suse.com/support/update/announcement/2023/suse-su-20234883-1/
Suse E-Mail link for SUSE-SU-2023:4883-1 https://lists.suse.com/pipermail/sle-security-updates/2023-December/017435.html
Bugzilla SUSE Bug 1176950 https://bugzilla.suse.com/1176950
Bugzilla SUSE Bug 1190208 https://bugzilla.suse.com/1190208
Bugzilla SUSE Bug 1203496 https://bugzilla.suse.com/1203496
Bugzilla SUSE Bug 1205462 https://bugzilla.suse.com/1205462
Bugzilla SUSE Bug 1208787 https://bugzilla.suse.com/1208787
Bugzilla SUSE Bug 1210780 https://bugzilla.suse.com/1210780
Bugzilla SUSE Bug 1214037 https://bugzilla.suse.com/1214037
Bugzilla SUSE Bug 1214285 https://bugzilla.suse.com/1214285
Bugzilla SUSE Bug 1214408 https://bugzilla.suse.com/1214408
Bugzilla SUSE Bug 1214764 https://bugzilla.suse.com/1214764
Bugzilla SUSE Bug 1216031 https://bugzilla.suse.com/1216031
Bugzilla SUSE Bug 1216058 https://bugzilla.suse.com/1216058
Bugzilla SUSE Bug 1216259 https://bugzilla.suse.com/1216259
Bugzilla SUSE Bug 1216584 https://bugzilla.suse.com/1216584
Bugzilla SUSE Bug 1216759 https://bugzilla.suse.com/1216759
Bugzilla SUSE Bug 1216965 https://bugzilla.suse.com/1216965
Bugzilla SUSE Bug 1216976 https://bugzilla.suse.com/1216976
Bugzilla SUSE Bug 1217036 https://bugzilla.suse.com/1217036
Bugzilla SUSE Bug 1217087 https://bugzilla.suse.com/1217087
Bugzilla SUSE Bug 1217206 https://bugzilla.suse.com/1217206
Bugzilla SUSE Bug 1217519 https://bugzilla.suse.com/1217519
Bugzilla SUSE Bug 1217525 https://bugzilla.suse.com/1217525
Bugzilla SUSE Bug 1217603 https://bugzilla.suse.com/1217603
Bugzilla SUSE Bug 1217604 https://bugzilla.suse.com/1217604
Bugzilla SUSE Bug 1217607 https://bugzilla.suse.com/1217607
CVE SUSE CVE CVE-2023-0461 page https://www.suse.com/security/cve/CVE-2023-0461/
CVE SUSE CVE CVE-2023-31083 page https://www.suse.com/security/cve/CVE-2023-31083/
CVE SUSE CVE CVE-2023-39197 page https://www.suse.com/security/cve/CVE-2023-39197/
CVE SUSE CVE CVE-2023-39198 page https://www.suse.com/security/cve/CVE-2023-39198/
CVE SUSE CVE CVE-2023-45863 page https://www.suse.com/security/cve/CVE-2023-45863/
CVE SUSE CVE CVE-2023-45871 page https://www.suse.com/security/cve/CVE-2023-45871/
CVE SUSE CVE CVE-2023-5717 page https://www.suse.com/security/cve/CVE-2023-5717/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kernel-syms-azure?arch=x86_64&distro=sles-12&sp=5 suse kernel-syms-azure < 4.12.14-16.160.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-source-azure?arch=noarch&distro=sles-12&sp=5 suse kernel-source-azure < 4.12.14-16.160.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel-azure?arch=noarch&distro=sles-12&sp=5 suse kernel-devel-azure < 4.12.14-16.160.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-azure?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure < 4.12.14-16.160.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-azure-devel?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure-devel < 4.12.14-16.160.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-azure-base?arch=x86_64&distro=sles-12&sp=5 suse kernel-azure-base < 4.12.14-16.160.1 sles-12 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date