SUSE-SU-2023:3681-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20233681-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3681-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:3681-1
- Related
- Published
- 2023-09-19T15:01:52Z
- Modified
- 2023-09-19T15:01:52Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfcllcpfind_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4watchdogwork() (bsc#1213971).
- CVE-2023-4194: Fixed a type confusion in net tunchropen() (bsc#1214019).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3rqallocrxbuf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3rqcleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-40283: Fixed use-after-free in l2capsockready_cb (bsc#1214233).
The following non-security bugs were fixed:
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- Bluetooth: nokia: fix value check in nokiabluetoothserdev_probe() (git-fixes).
- Revert 'scsi: qla2xxx: Fix buffer overrun' (bsc#1214928).
- SUNRPC: always clear XPRTSOCKCONNECTING before xprtclearconnecting on TCP xprt (bsc#1214453).
- afkey: Fix sendacquire race with pfkey_register (git-fixes).
- afpacket: fix data-race in packetsetsockopt / packet_setsockopt (git-fixes).
- afunix: Fix a data race of sk->skreceive_queue->qlen (git-fixes).
- arm64: Re-enable support for contiguous hugepages (git-fixes)
- arm64: vdso: Fix clockgetres() for CLOCKREALTIME (git-fixes)
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bonding: Fix a use-after-free problem when bondsysfsslave_add() failed (git-fixes).
- bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
- bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes)
- bridge: ebtables: do not crash when using dnat target in output chains (git-fixes).
- btrfs-allow-use-of-global-block-reserve-for-balance-.patch: (bsc#1214335).
- btrfs-unset-reloc-control-if-transaction-commit-fail.patch: (bsc#1212051).
- clocksource/drivers/armarchtimer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fs: hfsplus: remove WARNON() from hfspluscat{read,write}inode() (git-fixes).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- inetpeer: fix data-race in inetputpeer / inetputpeer (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- libceph: fix potential hang in cephosdcnotify() (bsc#1214752).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move checkmodinfo() early to earlymod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- net-sysfs: Call devhold always in netdevqueueaddkobject (git-fixes).
- net-sysfs: Call devhold always in rxqueueaddkobject (git-fixes).
- net-sysfs: Fix reference count leak in rx|netdevqueueadd_kobject (git-fixes).
- net-sysfs: fix netdevqueueadd_kobject() breakage (git-fixes).
- net/afunix: fix a data-race in unixdgram_poll (git-fixes).
- net/afunix: fix a data-race in unixdgramsendmsg / unixrelease_sock (git-fixes).
- net/fq_impl: Switch to kvmalloc() for memory allocation (git-fixes).
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- net: icmp: fix data-race in cmpglobalallow() (git-fixes).
- net: mana: add support for XDPQUERYPROG (jsc#SLE-18779, bsc#1214209).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- netfilter: ipset: Fix an error code in ipsetsockfn_get() (git-fixes).
- netfilter: nf_conntrack: Fix possible possible crash on module loading (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- nfs: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- nfsd: Remove incorrect check in nfsd4validatestateid (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: daaddrbody field missing in some GETDEVICEINFO replies (git-fixes).
- packet: fix data-race in fanoutflowis_huge() (git-fixes).
- packet: unconditionally free po->rollover (git-fixes).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- s390/cio: cioignoreprocseqnext should increase position index (git-fixes bsc#1215057).
- s390/cpum_sf: Avoid SBD overflow condition in irq handler (git-fixes bsc#1213908).
- s390/cpum_sf: Check for SDBT and SDB consistency (git-fixes bsc#1213910).
- s390/dasd/cio: Interpret ccwdeviceget_mdc return value correctly (git-fixes bsc#1215049).
- s390/dasd: Fix capacity calculation for large volumes (git-fixes bsc#1215034).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).
- s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912).
- s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899).
- s390/kasan: fix strncpyfromuser kasan checks (git-fixes bsc#1215037).
- s390/kdump: Fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).
- s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035).
- s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038).
- s390/smp: _smprescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906).
- s390/smp: fix physical to logical CPU map for SMT (git-fixes bsc#1213904).
- s390/time: ensure getclockmonotonic() returns monotonic values (git-fixes bsc#1213911).
- s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041).
- s390/zcrypt: handle new reply code FILTEREDBYHYPERVISOR (git-fixes bsc#1215046).
- s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032).
- s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).
- sched/core: Check quota and period overflow at usec to nsec conversion (git fixes).
- sched/core: Handle overflow in cpushareswrite_u64 (git fixes).
- sched/cpufreq: Fix kobject memleak (git fixes).
- sched/fair: Do not NUMA balance for kthreads (git fixes).
- sched/fair: Fix CFS bandwidth hrtimer expiry type (git fixes).
- sched/topology: Fix off by one bug (git fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qlainitiocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xxbuildscsitype6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: storvsc: Always set noreportopcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- skbuff: fix a data race in skbqueuelen() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timershutdownsync (bsc#1213970).
- timers: Rename deltimer() to timerdelete() (bsc#1213970).
- timers: Rename deltimersync() to timerdeletesync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [tryto]deltimersync to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use deltimersync() even on UP (bsc#1213970).
- tracing: Fix warning in tracebufferedevent_disable() (git-fixes).
- tun: fix bonding active backup with arp monitoring (git-fixes).
- ubifs: fix snprintf() checking (git-fixes).
- udp6: Fix race condition in udp6_sendmsg & connect (git-fixes).
- udp: fix race between close() and udp_abort() (git-fixes).
- usb-storage: alauda: Fix uninit-value in alaudacheckmedia() (git-fixes).
- usb: host: xhci: Fix potential memory leak in xhciallocstream_info() (git-fixes).
- usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- usb: serial: option: add LARA-R6 01B PIDs (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: add Quectel EC200U modem (git-fixes).
- usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- usb: serial: option: add Quectel EM05CN modem (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: serial: option: add u-blox LARA-L6 modem (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: xhci-mtk: set the dma maxsegsize (git-fixes).
- usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu/kvm: Provide UNTRAINRETVM (git-fixes).
- x86/cpu/vmware: Fix platform detection VMWARE_PORT macro (bsc#1210327).
- x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm (bsc#1210327).
- x86/cpu/vmware: Use the full form of INL in VMWARE_PORT (bsc#1210327).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix _x86return_thunk symbol type (git-fixes).
- x86/cpu: Fix amdcheckmicrocode() declaration (git-fixes).
- x86/cpu: Fix up srsosaferet() and _x86return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso(.*)alias to srsoalias\1 (git-fixes).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/ioapic: Do not return 0 from archdynirqlower_bound() (git-fixes).
- x86/microcode/AMD: Load late on both threads too (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIGLTOCLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srsosaferet() (git-fixes).
- x86/speculation: Add cpushowgds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- x86/vmware: Add a header file for hypercall definitions (bsc#1210327).
- x86/vmware: Add steal time clock support for VMware guests (bsc#1210327).
- x86/vmware: Enable steal time accounting (bsc#1210327).
- x86/vmware: Update platform detection code for VMCALL/VMMCALL hypercalls (bsc#1210327).
- x86: Move gdsucodemitigated() declaration to header (git-fixes).
- xfrm: release device reference for invalid state (git-fixes).
- xhci-pci: set the dma maxsegsize (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20233681-1/
- https://bugzilla.suse.com/1120059
- https://bugzilla.suse.com/1203517
- https://bugzilla.suse.com/1210327
- https://bugzilla.suse.com/1210448
- https://bugzilla.suse.com/1212051
- https://bugzilla.suse.com/1213543
- https://bugzilla.suse.com/1213546
- https://bugzilla.suse.com/1213601
- https://bugzilla.suse.com/1213666
- https://bugzilla.suse.com/1213899
- https://bugzilla.suse.com/1213904
- https://bugzilla.suse.com/1213906
- https://bugzilla.suse.com/1213908
- https://bugzilla.suse.com/1213910
- https://bugzilla.suse.com/1213911
- https://bugzilla.suse.com/1213912
- https://bugzilla.suse.com/1213921
- https://bugzilla.suse.com/1213927
- https://bugzilla.suse.com/1213969
- https://bugzilla.suse.com/1213970
- https://bugzilla.suse.com/1213971
- https://bugzilla.suse.com/1214019
- https://bugzilla.suse.com/1214149
- https://bugzilla.suse.com/1214157
- https://bugzilla.suse.com/1214209
- https://bugzilla.suse.com/1214233
- https://bugzilla.suse.com/1214299
- https://bugzilla.suse.com/1214335
- https://bugzilla.suse.com/1214348
- https://bugzilla.suse.com/1214350
- https://bugzilla.suse.com/1214451
- https://bugzilla.suse.com/1214453
- https://bugzilla.suse.com/1214752
- https://bugzilla.suse.com/1214928
- https://bugzilla.suse.com/1215028
- https://bugzilla.suse.com/1215032
- https://bugzilla.suse.com/1215034
- https://bugzilla.suse.com/1215035
- https://bugzilla.suse.com/1215036
- https://bugzilla.suse.com/1215037
- https://bugzilla.suse.com/1215038
- https://bugzilla.suse.com/1215041
- https://bugzilla.suse.com/1215046
- https://bugzilla.suse.com/1215049
- https://bugzilla.suse.com/1215057
- https://www.suse.com/security/cve/CVE-2022-36402
- https://www.suse.com/security/cve/CVE-2023-2007
- https://www.suse.com/security/cve/CVE-2023-20588
- https://www.suse.com/security/cve/CVE-2023-34319
- https://www.suse.com/security/cve/CVE-2023-3772
- https://www.suse.com/security/cve/CVE-2023-3812
- https://www.suse.com/security/cve/CVE-2023-3863
- https://www.suse.com/security/cve/CVE-2023-40283
- https://www.suse.com/security/cve/CVE-2023-4128
- https://www.suse.com/security/cve/CVE-2023-4132
- https://www.suse.com/security/cve/CVE-2023-4133
- https://www.suse.com/security/cve/CVE-2023-4134
- https://www.suse.com/security/cve/CVE-2023-4194
- https://www.suse.com/security/cve/CVE-2023-4385
- https://www.suse.com/security/cve/CVE-2023-4387
- https://www.suse.com/security/cve/CVE-2023-4459
Affected packages
SUSE:Linux Enterprise Server 12 SP5 / kernel-azure
Package
- Name
- kernel-azure
- Purl
- purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure
Package
- Name
- kernel-source-azure
- Purl
- purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure
Package
- Name
- kernel-syms-azure
- Purl
- purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure
Package
- Name
- kernel-azure
- Purl
- purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure
Package
- Name
- kernel-source-azure
- Purl
- purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5