SUSE-SU-2023:2810-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2810-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:2810-1
Related
Published
2023-07-12T09:34:43Z
Modified
2023-07-12T09:34:43Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
  • CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
  • CVE-2023-35828: Fixed a use-after-free flaw in renesasusb3remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
  • CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
  • CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
  • CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relayfilereadstartpos in kernel/relay.c (bsc#1212502).
  • CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
  • CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
  • CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets in flsetgeneveopt in net/sched/cls_flower.c (bsc#1212504).
  • CVE-2023-3161: Fixed shift-out-of-bounds in fbconsetfont() (bsc#1212154).
  • CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
  • CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outboundphypacket_callback (bsc#1212128).
  • CVE-2023-1077: Fixed a type confusion in picknextrt_entity(), that could cause memory corruption (bsc#1208600).

The following non-security bugs were fixed:

  • Drivers: hv: vmbus: Optimize vmbusonevent (bsc#1211622).
  • Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
  • Drop dvb-core fix patch due to bug (bsc#1205758).
  • Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
  • Fix usrmerge error (boo#1211796)
  • Remove obsolete KMP obsoletes (bsc#1210469).
  • Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
  • cifs: do not include page data when checking signature (bsc#1200217).
  • cifs: fix negotiate context parsing (bsc#1210301).
  • cifs: fix open leaks in opencacheddir() (bsc#1209342).
  • google/gve:fix repeated words in comments (bsc#1211519).
  • gve: Adding a new AdminQ command to verify driver (bsc#1211519).
  • gve: Cache link_speed value from device (bsc#1211519).
  • gve: Fix GFP flags when allocing pages (bsc#1211519).
  • gve: Fix error return code in gveprefillrx_pages() (bsc#1211519).
  • gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
  • gve: Handle alternate miss completions (bsc#1211519).
  • gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
  • gve: Remove the code of clearing PBA bit (bsc#1211519).
  • gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
  • gve: enhance no queue page list detection (bsc#1211519).
  • ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
  • k-m-s: Drop Linux 2.6 support
  • kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
  • keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
  • rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIGPREEMPTDYNAMIC is defined.
  • rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
  • rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
  • rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
  • s390,dcssblk,dax: Add dax zeropagerange operation to dcssblk driver (bsc#1199636).
  • sunrpc: Ensure the transport backchannel association (bsc#1211203).
  • usrmerge: Compatibility with earlier rpm (boo#1211796)
  • vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
  • x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
References

Affected packages

SUSE:Real Time Module 15 SP3 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.135.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.135.1",
            "dlm-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt-devel": "5.3.18-150300.135.1",
            "cluster-md-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt_debug-devel": "5.3.18-150300.135.1",
            "kernel-source-rt": "5.3.18-150300.135.1",
            "kernel-rt": "5.3.18-150300.135.1",
            "ocfs2-kmp-rt": "5.3.18-150300.135.1",
            "gfs2-kmp-rt": "5.3.18-150300.135.1",
            "kernel-syms-rt": "5.3.18-150300.135.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.135.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.135.1",
            "dlm-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt-devel": "5.3.18-150300.135.1",
            "cluster-md-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt_debug-devel": "5.3.18-150300.135.1",
            "kernel-source-rt": "5.3.18-150300.135.1",
            "kernel-rt": "5.3.18-150300.135.1",
            "ocfs2-kmp-rt": "5.3.18-150300.135.1",
            "gfs2-kmp-rt": "5.3.18-150300.135.1",
            "kernel-syms-rt": "5.3.18-150300.135.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.135.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.135.1",
            "dlm-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt-devel": "5.3.18-150300.135.1",
            "cluster-md-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt_debug-devel": "5.3.18-150300.135.1",
            "kernel-source-rt": "5.3.18-150300.135.1",
            "kernel-rt": "5.3.18-150300.135.1",
            "ocfs2-kmp-rt": "5.3.18-150300.135.1",
            "gfs2-kmp-rt": "5.3.18-150300.135.1",
            "kernel-syms-rt": "5.3.18-150300.135.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.135.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.135.1",
            "dlm-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt-devel": "5.3.18-150300.135.1",
            "cluster-md-kmp-rt": "5.3.18-150300.135.1",
            "kernel-rt_debug-devel": "5.3.18-150300.135.1",
            "kernel-source-rt": "5.3.18-150300.135.1",
            "kernel-rt": "5.3.18-150300.135.1",
            "ocfs2-kmp-rt": "5.3.18-150300.135.1",
            "gfs2-kmp-rt": "5.3.18-150300.135.1",
            "kernel-syms-rt": "5.3.18-150300.135.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.135.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.135.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.135.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.135.1"
        }
    ]
}