SUSE-SU-2023:3309-1

CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplusputsuper in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
CVE-2022-40982: A transient execution attack called 'Gather Data Sampling' affecting is mitigated, together with respective Intel CPU Microcode updates (bsc#1206418, CVE-2022-40982).
CVE-2023-0459: Fixed that copyfromuser on 64-bit versions of the Linux kernel did not implement the _uaccessbeginnospec allowing a user to bypass the 'accessok' check which could be used to leak information (bsc#1211738).
CVE-2023-20569: A side channel attack known as ‘Inception’ or ‘RAS Poisoning’ may allow an attacker to influence branch prediction, potentially leading to information disclosure. (bsc#1213287).
CVE-2023-3567: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vc_screen. This flaw allowed an attacker with local user access to cause a system crash or leak internal kernel information (bsc#1213167bsc#1213842).
CVE-2023-3609: A use-after-free vulnerability was fixed in net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev() fails, u32setparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. (bsc#1213586).
CVE-2023-3611: An out-of-bounds write vulnerability was fixed in net/sched: schqfq component can be exploited to achieve local privilege escalation. The qfqchangeagg() function in net/sched/schqfq.c allowed an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. (bsc#1213585).
CVE-2023-3776: A use-after-free vulnerability was fixed in net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev() fails, fwsetparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. (bsc#1213588).

The following non-security bugs were fixed:

Fix double fget() in vhostnetset_backend() (git-fixes).
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes).
SUNRPC: Fix UAF in svctcplistendataready() (git-fixes).
SUNRPC: remove the maximum number of retries in callbindstatus (git-fixes).
block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
livepatch: check kzalloc return values (git-fixes).
media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
net: skip virtionethdrsetproto if protocol already set (git-fixes).
net: virtionethdrtoskb: count transport header in UFO (git-fixes).
nfsd: fix double fget() bug in _writeports_addfd() (git-fixes).
powerpc/64: Update SpeculationStoreBypass in /proc/<pid>/status (bsc#1188885 ltc#193722 git-fixes).
powerpc/security: Fix SpeculationStoreBypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
rpm/check-for-config-changes: ignore also RISCVISA* and DYNAMICSIGFRAME They depend on CONFIGTOOLCHAINHAS*.
s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526).
s390/cio: check the subchannel validity for dev_busid (bsc#1207526).
s390/cio: introduce iosubchanneltype (bsc#1207526).
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits (git-fixes bsc#1213827).
s390/maccess: add no DAT mode to kernel_write (git-fixes bsc#1213825).
s390/numa: move initial setup of nodetocpumask_map (git-fixes bsc#1213766).
scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
scsi: qla2xxx: Check valid rport returned by fcbsgto_rport() (bsc#1213747).
scsi: qla2xxx: Correct the index of array (bsc#1213747).
scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
scsi: qla2xxx: Fix end of loop test (bsc#1213747).
scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
scsi: qla2xxx: Fix error code in qla2x00startsp() (bsc#1213747).
scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
scsi: qla2xxx: Remove unused nvmelswaitq wait queue (bsc#1213747).
scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
svcrdma: Prevent page release when nothing was received (git-fixes).
vfio-ccw: Prevent quiesce function going into an infinite loop (git-fixes bsc#1213819).
vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev (git-fixes bsc#1213823).
vhost/test: fix build for vhost test (git-fixes).
vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
vhost/vsock: do not check owner in vhostvsockstop() while releasing (git-fixes).
vhost/vsock: fix incorrect used length reported to the guest (git-fixes).
vhost/vsock: fix packet delivery order to monitoring devices (git-fixes).
vhost/vsock: split packets to send using multiple buffers (git-fixes).
vhost: Fix the calculation in vhost_overflow() (git-fixes).
vhost_net: disable zerocopy by default (git-fixes).
vhost_net: fix OoB on sendmsg() failure (git-fixes).
virtio-balloon: fix managed page counts when migrating pages between zones (git-fixes).
virtio-mmio: fix missing putdevice() when vmcmdline_parent registration failed (git-fixes).
virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
virtio-pci: Remove wrong address verification in vpdelvqs() (git-fixes).
virtio: Improve vq->broken access to avoid any compiler optimization (git-fixes).
virtionet: Fix error handling in virtnetrestore() (git-fixes).
virtionet: bugfix overflow inside xdplinearize_page() (git-fixes).
virtionet: fix xdprxq_info bug after suspend/resume (git-fixes).
virtio_ring: Fix querying of maximum DMA mapping size for virtio device (git-fixes).
vringh: Use wiov->used to check for read/write desc order (git-fixes).
vringh: fix _vringhiov() when riov and wiov are different (git-fixes).
vsock/virtio: stop workers during the .remove() (git-fixes).
vsock/virtio: use RCU to avoid use-after-free on thevirtiovsock (git-fixes).
xen/blkfront: Only check REQ_FUA for writes (git-fixes).

References

Affected packages

SUSE:Linux Enterprise High Availability Extension 12 SP5 / kernel-default

Package

Name: kernel-default
Purl: pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "dlm-kmp-default": "4.12.14-122.173.1",
            "gfs2-kmp-default": "4.12.14-122.173.1",
            "ocfs2-kmp-default": "4.12.14-122.173.1",
            "cluster-md-kmp-default": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kernel-default

Package

Name: kernel-default
Purl: pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.173.1",
            "kernel-default-kgraft-devel": "4.12.14-122.173.1",
            "kgraft-patch-4_12_14-122_173-default": "1-8.3.3"
        }
    ]
}

SUSE:Linux Enterprise Live Patching 12 SP5 / kgraft-patch-SLE12-SP5_Update_47

Package

Name: kgraft-patch-SLE12-SP5_Update_47
Purl: pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_47&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1-8.3.3

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-kgraft": "4.12.14-122.173.1",
            "kernel-default-kgraft-devel": "4.12.14-122.173.1",
            "kgraft-patch-4_12_14-122_173-default": "1-8.3.3"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-docs

Package

Name: kernel-docs
Purl: pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.173.1",
            "kernel-obs-build": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 SP5 / kernel-obs-build

Package

Name: kernel-obs-build
Purl: pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-docs": "4.12.14-122.173.1",
            "kernel-obs-build": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-default

Package

Name: kernel-default
Purl: pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.173.1",
            "kernel-devel": "4.12.14-122.173.1",
            "kernel-default-base": "4.12.14-122.173.1",
            "kernel-default-man": "4.12.14-122.173.1",
            "kernel-default": "4.12.14-122.173.1",
            "kernel-source": "4.12.14-122.173.1",
            "kernel-syms": "4.12.14-122.173.1",
            "kernel-default-devel": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source

Package

Name: kernel-source
Purl: pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.173.1",
            "kernel-devel": "4.12.14-122.173.1",
            "kernel-default-base": "4.12.14-122.173.1",
            "kernel-default-man": "4.12.14-122.173.1",
            "kernel-default": "4.12.14-122.173.1",
            "kernel-source": "4.12.14-122.173.1",
            "kernel-syms": "4.12.14-122.173.1",
            "kernel-default-devel": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms

Package

Name: kernel-syms
Purl: pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.173.1",
            "kernel-devel": "4.12.14-122.173.1",
            "kernel-default-base": "4.12.14-122.173.1",
            "kernel-default-man": "4.12.14-122.173.1",
            "kernel-default": "4.12.14-122.173.1",
            "kernel-source": "4.12.14-122.173.1",
            "kernel-syms": "4.12.14-122.173.1",
            "kernel-default-devel": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-default

Package

Name: kernel-default
Purl: pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.173.1",
            "kernel-devel": "4.12.14-122.173.1",
            "kernel-default-base": "4.12.14-122.173.1",
            "kernel-default-man": "4.12.14-122.173.1",
            "kernel-default": "4.12.14-122.173.1",
            "kernel-source": "4.12.14-122.173.1",
            "kernel-syms": "4.12.14-122.173.1",
            "kernel-default-devel": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source

Package

Name: kernel-source
Purl: pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.173.1",
            "kernel-devel": "4.12.14-122.173.1",
            "kernel-default-base": "4.12.14-122.173.1",
            "kernel-default-man": "4.12.14-122.173.1",
            "kernel-default": "4.12.14-122.173.1",
            "kernel-source": "4.12.14-122.173.1",
            "kernel-syms": "4.12.14-122.173.1",
            "kernel-default-devel": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms

Package

Name: kernel-syms
Purl: pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.12.14-122.173.1",
            "kernel-devel": "4.12.14-122.173.1",
            "kernel-default-base": "4.12.14-122.173.1",
            "kernel-default-man": "4.12.14-122.173.1",
            "kernel-default": "4.12.14-122.173.1",
            "kernel-source": "4.12.14-122.173.1",
            "kernel-syms": "4.12.14-122.173.1",
            "kernel-default-devel": "4.12.14-122.173.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / kernel-default

Package

Name: kernel-default
Purl: pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.14-122.173.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-default-extra": "4.12.14-122.173.1"
        }
    ]
}