SUSE-SU-2023:2502-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20232502-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2502-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:2502-1
Related
Published
2023-06-13T15:39:53Z
Modified
2023-06-13T15:39:53Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
  • CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
  • CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
  • CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
  • CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asuskbdbacklight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
  • CVE-2023-33288: Fixed a use-after-free in bq24190remove in drivers/power/supply/bq24190charger.c (bsc#1211590).
  • CVE-2022-45886: Fixed a .disconnect versus dvbdeviceopen race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
  • CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
  • CVE-2022-45887: Fixed a memory leak in ttusbdec.c caused by the lack of a dvbfrontend_detach call (bsc#1205762).
  • CVE-2022-45919: Fixed a use-after-free in dvbcaen50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
  • CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvbregisterdevice dynamically allocating fops (bsc#1205756).
  • CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
  • CVE-2023-31436: Fixed an out-of-bounds write in qfqchangeclass() because lmax can exceed QFQMINLMAX (bsc#1210940 bsc#1211260).
  • CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
  • CVE-2023-32269: Fixed a use-after-free in afnetrom.c, related to the fact that accept() was also allowed for a successfully connected AFNETROM socket (bsc#1211186).
  • CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
  • CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
  • CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmfgetassoc_ies() (bsc#1209287).
  • CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
  • CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
  • CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).

The following non-security bugs were fixed:

  • Drivers: hv: vmbus: Optimize vmbusonevent (bsc#1211622).
  • SUNRPC: Ensure the transport backchannel association (bsc#1211203).
  • ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
  • s390,dcssblk,dax: Add dax zeropagerange operation to dcssblk driver (bsc#1199636).
References

Affected packages

SUSE:Real Time Module 15 SP3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.130.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.130.1",
            "dlm-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt-devel": "5.3.18-150300.130.1",
            "cluster-md-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt_debug-devel": "5.3.18-150300.130.1",
            "kernel-source-rt": "5.3.18-150300.130.1",
            "kernel-rt": "5.3.18-150300.130.1",
            "ocfs2-kmp-rt": "5.3.18-150300.130.1",
            "gfs2-kmp-rt": "5.3.18-150300.130.1",
            "kernel-syms-rt": "5.3.18-150300.130.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.130.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.130.1",
            "dlm-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt-devel": "5.3.18-150300.130.1",
            "cluster-md-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt_debug-devel": "5.3.18-150300.130.1",
            "kernel-source-rt": "5.3.18-150300.130.1",
            "kernel-rt": "5.3.18-150300.130.1",
            "ocfs2-kmp-rt": "5.3.18-150300.130.1",
            "gfs2-kmp-rt": "5.3.18-150300.130.1",
            "kernel-syms-rt": "5.3.18-150300.130.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.130.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.130.1",
            "dlm-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt-devel": "5.3.18-150300.130.1",
            "cluster-md-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt_debug-devel": "5.3.18-150300.130.1",
            "kernel-source-rt": "5.3.18-150300.130.1",
            "kernel-rt": "5.3.18-150300.130.1",
            "ocfs2-kmp-rt": "5.3.18-150300.130.1",
            "gfs2-kmp-rt": "5.3.18-150300.130.1",
            "kernel-syms-rt": "5.3.18-150300.130.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.130.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.130.1",
            "dlm-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt-devel": "5.3.18-150300.130.1",
            "cluster-md-kmp-rt": "5.3.18-150300.130.1",
            "kernel-rt_debug-devel": "5.3.18-150300.130.1",
            "kernel-source-rt": "5.3.18-150300.130.1",
            "kernel-rt": "5.3.18-150300.130.1",
            "ocfs2-kmp-rt": "5.3.18-150300.130.1",
            "gfs2-kmp-rt": "5.3.18-150300.130.1",
            "kernel-syms-rt": "5.3.18-150300.130.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.130.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.130.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.130.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.130.1"
        }
    ]
}