SUSE-SU-2023:3681-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20233681-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3681-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:3681-1
Related
Published
2023-09-19T15:01:52Z
Modified
2023-09-19T15:01:52Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
  • CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
  • CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
  • CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
  • CVE-2023-3863: Fixed a use-after-free flaw was found in nfcllcpfind_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
  • CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
  • CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
  • CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
  • CVE-2023-4134: Fixed use-after-free in cyttsp4watchdogwork() (bsc#1213971).
  • CVE-2023-4194: Fixed a type confusion in net tunchropen() (bsc#1214019).
  • CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
  • CVE-2023-4387: Fixed use-after-free flaw in vmxnet3rqallocrxbuf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
  • CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3rqcleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
  • CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
  • CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
  • CVE-2023-40283: Fixed use-after-free in l2capsockready_cb (bsc#1214233).

The following non-security bugs were fixed:

  • ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • Bluetooth: nokia: fix value check in nokiabluetoothserdev_probe() (git-fixes).
  • Revert 'scsi: qla2xxx: Fix buffer overrun' (bsc#1214928).
  • SUNRPC: always clear XPRTSOCKCONNECTING before xprtclearconnecting on TCP xprt (bsc#1214453).
  • afkey: Fix sendacquire race with pfkey_register (git-fixes).
  • afpacket: fix data-race in packetsetsockopt / packet_setsockopt (git-fixes).
  • afunix: Fix a data race of sk->skreceive_queue->qlen (git-fixes).
  • arm64: Re-enable support for contiguous hugepages (git-fixes)
  • arm64: vdso: Fix clockgetres() for CLOCKREALTIME (git-fixes)
  • bnx2x: fix page fault following EEH recovery (bsc#1214299).
  • bonding: Fix a use-after-free problem when bondsysfsslave_add() failed (git-fixes).
  • bpf, arm64: remove prefetch insn in xadd mapping (git-fixes)
  • bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd (git-fixes)
  • bridge: ebtables: do not crash when using dnat target in output chains (git-fixes).
  • btrfs-allow-use-of-global-block-reserve-for-balance-.patch: (bsc#1214335).
  • btrfs-unset-reloc-control-if-transaction-commit-fail.patch: (bsc#1212051).
  • clocksource/drivers/armarchtimer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
  • fs: hfsplus: remove WARNON() from hfspluscat{read,write}inode() (git-fixes).
  • fs: lockd: avoid possible wrong NULL parameter (git-fixes).
  • inetpeer: fix data-race in inetputpeer / inetputpeer (git-fixes).
  • kabi/severities: Ignore newly added SRSO mitigation functions
  • libceph: fix potential hang in cephosdcnotify() (bsc#1214752).
  • module: avoid allocation if module is already present and ready (bsc#1213921).
  • module: extract patient module check into helper (bsc#1213921).
  • module: move checkmodinfo() early to earlymod_check() (bsc#1213921).
  • module: move early sanity checks into a helper (bsc#1213921).
  • net-sysfs: Call devhold always in netdevqueueaddkobject (git-fixes).
  • net-sysfs: Call devhold always in rxqueueaddkobject (git-fixes).
  • net-sysfs: Fix reference count leak in rx|netdevqueueadd_kobject (git-fixes).
  • net-sysfs: fix netdevqueueadd_kobject() breakage (git-fixes).
  • net/afunix: fix a data-race in unixdgram_poll (git-fixes).
  • net/afunix: fix a data-race in unixdgramsendmsg / unixrelease_sock (git-fixes).
  • net/fq_impl: Switch to kvmalloc() for memory allocation (git-fixes).
  • net: bnx2x: fix variable dereferenced before check (git-fixes).
  • net: icmp: fix data-race in cmpglobalallow() (git-fixes).
  • net: mana: add support for XDPQUERYPROG (jsc#SLE-18779, bsc#1214209).
  • net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
  • netfilter: ipset: Fix an error code in ipsetsockfn_get() (git-fixes).
  • netfilter: nf_conntrack: Fix possible possible crash on module loading (git-fixes).
  • nfs/blocklayout: Use the passed in gfp flags (git-fixes).
  • nfs: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
  • nfsd: Remove incorrect check in nfsd4validatestateid (git-fixes).
  • nfsd: add encoding of op_recall flag for write delegation (git-fixes).
  • nfsd: daaddrbody field missing in some GETDEVICEINFO replies (git-fixes).
  • packet: fix data-race in fanoutflowis_huge() (git-fixes).
  • packet: unconditionally free po->rollover (git-fixes).
  • powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
  • ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
  • ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
  • s390/cio: cioignoreprocseqnext should increase position index (git-fixes bsc#1215057).
  • s390/cpum_sf: Avoid SBD overflow condition in irq handler (git-fixes bsc#1213908).
  • s390/cpum_sf: Check for SDBT and SDB consistency (git-fixes bsc#1213910).
  • s390/dasd/cio: Interpret ccwdeviceget_mdc return value correctly (git-fixes bsc#1215049).
  • s390/dasd: Fix capacity calculation for large volumes (git-fixes bsc#1215034).
  • s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1214157).
  • s390/ftrace: fix endless recursion in function_graph tracer (git-fixes bsc#1213912).
  • s390/jump_label: print real address in a case of a jump label bug (git-fixes bsc#1213899).
  • s390/kasan: fix strncpyfromuser kasan checks (git-fixes bsc#1215037).
  • s390/kdump: Fix memleak in nt_vmcoreinfo (git-fixes bsc#1215028).
  • s390/pkey: add one more argument space for debug feature entry (git-fixes bsc#1215035).
  • s390/qdio: add sanity checks to the fast-requeue path (git-fixes bsc#1215038).
  • s390/smp: _smprescan_cpus() - move cpumask away from stack (git-fixes bsc#1213906).
  • s390/smp: fix physical to logical CPU map for SMT (git-fixes bsc#1213904).
  • s390/time: ensure getclockmonotonic() returns monotonic values (git-fixes bsc#1213911).
  • s390/uaccess: avoid (false positive) compiler warnings (git-fixes bsc#1215041).
  • s390/zcrypt: handle new reply code FILTEREDBYHYPERVISOR (git-fixes bsc#1215046).
  • s390/zcrypt: improve special ap message cmd handling (git-fixes bsc#1215032).
  • s390: zcrypt: initialize variables before_use (git-fixes bsc#1215036).
  • sched/core: Check quota and period overflow at usec to nsec conversion (git fixes).
  • sched/core: Handle overflow in cpushareswrite_u64 (git fixes).
  • sched/cpufreq: Fix kobject memleak (git fixes).
  • sched/fair: Do not NUMA balance for kthreads (git fixes).
  • sched/fair: Fix CFS bandwidth hrtimer expiry type (git fixes).
  • sched/topology: Fix off by one bug (git fixes).
  • scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
  • scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
  • scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
  • scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
  • scsi: qla2xxx: Fix smatch warn for qlainitiocb_limit() (bsc#1214928).
  • scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
  • scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
  • scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
  • scsi: qla2xxx: Remove unused declarations (bsc#1214928).
  • scsi: qla2xxx: Remove unused variables in qla24xxbuildscsitype6_iocbs() (bsc#1214928).
  • scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
  • scsi: storvsc: Always set noreportopcodes (git-fixes).
  • scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
  • skbuff: fix a data race in skbqueuelen() (git-fixes).
  • timers: Add shutdown mechanism to the internal functions (bsc#1213970).
  • timers: Provide timershutdownsync (bsc#1213970).
  • timers: Rename deltimer() to timerdelete() (bsc#1213970).
  • timers: Rename deltimersync() to timerdeletesync() (bsc#1213970).
  • timers: Replace BUG_ON()s (bsc#1213970).
  • timers: Silently ignore timers with a NULL function (bsc#1213970).
  • timers: Split [tryto]deltimersync to prepare for shutdown mode (bsc#1213970).
  • timers: Update kernel-doc for various functions (bsc#1213970).
  • timers: Use deltimersync() even on UP (bsc#1213970).
  • tracing: Fix warning in tracebufferedevent_disable() (git-fixes).
  • tun: fix bonding active backup with arp monitoring (git-fixes).
  • ubifs: fix snprintf() checking (git-fixes).
  • udp6: Fix race condition in udp6_sendmsg & connect (git-fixes).
  • udp: fix race between close() and udp_abort() (git-fixes).
  • usb-storage: alauda: Fix uninit-value in alaudacheckmedia() (git-fixes).
  • usb: host: xhci: Fix potential memory leak in xhciallocstream_info() (git-fixes).
  • usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
  • usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
  • usb: serial: option: add LARA-R6 01B PIDs (git-fixes).
  • usb: serial: option: add Quectel EC200A module support (git-fixes).
  • usb: serial: option: add Quectel EC200U modem (git-fixes).
  • usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
  • usb: serial: option: add Quectel EM05CN modem (git-fixes).
  • usb: serial: option: add Quectel EM061KGL series (git-fixes).
  • usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
  • usb: serial: option: add u-blox LARA-L6 modem (git-fixes).
  • usb: serial: option: support Quectel EM060K_128 (git-fixes).
  • usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
  • usb: serial: simple: sort driver entries (git-fixes).
  • usb: xhci-mtk: set the dma maxsegsize (git-fixes).
  • usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
  • usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
  • x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
  • x86/bugs: Reset speculation control settings on init (git-fixes).
  • x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
  • x86/cpu/kvm: Provide UNTRAINRETVM (git-fixes).
  • x86/cpu/vmware: Fix platform detection VMWARE_PORT macro (bsc#1210327).
  • x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm (bsc#1210327).
  • x86/cpu/vmware: Use the full form of INL in VMWARE_PORT (bsc#1210327).
  • x86/cpu: Cleanup the untrain mess (git-fixes).
  • x86/cpu: Fix _x86return_thunk symbol type (git-fixes).
  • x86/cpu: Fix amdcheckmicrocode() declaration (git-fixes).
  • x86/cpu: Fix up srsosaferet() and _x86return_thunk() (git-fixes).
  • x86/cpu: Rename original retbleed methods (git-fixes).
  • x86/cpu: Rename srso(.*)alias to srsoalias\1 (git-fixes).
  • x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
  • x86/ioapic: Do not return 0 from archdynirqlower_bound() (git-fixes).
  • x86/microcode/AMD: Load late on both threads too (git-fixes).
  • x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
  • x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
  • x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
  • x86/retpoline,kprobes: Fix position of thunk sections with CONFIGLTOCLANG (git-fixes).
  • x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
  • x86/retpoline: Do not clobber RFLAGS during srsosaferet() (git-fixes).
  • x86/speculation: Add cpushowgds() prototype (git-fixes).
  • x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
  • x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
  • x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
  • x86/srso: Explain the untraining sequences a bit more (git-fixes).
  • x86/srso: Fix build breakage with the LLVM linker (git-fixes).
  • x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
  • x86/vmware: Add a header file for hypercall definitions (bsc#1210327).
  • x86/vmware: Add steal time clock support for VMware guests (bsc#1210327).
  • x86/vmware: Enable steal time accounting (bsc#1210327).
  • x86/vmware: Update platform detection code for VMCALL/VMMCALL hypercalls (bsc#1210327).
  • x86: Move gdsucodemitigated() declaration to header (git-fixes).
  • xfrm: release device reference for invalid state (git-fixes).
  • xhci-pci: set the dma maxsegsize (git-fixes).
  • xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.149.1",
            "kernel-azure-devel": "4.12.14-16.149.1",
            "kernel-devel-azure": "4.12.14-16.149.1",
            "kernel-syms-azure": "4.12.14-16.149.1",
            "kernel-azure-base": "4.12.14-16.149.1",
            "kernel-source-azure": "4.12.14-16.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.149.1",
            "kernel-azure-devel": "4.12.14-16.149.1",
            "kernel-devel-azure": "4.12.14-16.149.1",
            "kernel-syms-azure": "4.12.14-16.149.1",
            "kernel-azure-base": "4.12.14-16.149.1",
            "kernel-source-azure": "4.12.14-16.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.149.1",
            "kernel-azure-devel": "4.12.14-16.149.1",
            "kernel-devel-azure": "4.12.14-16.149.1",
            "kernel-syms-azure": "4.12.14-16.149.1",
            "kernel-azure-base": "4.12.14-16.149.1",
            "kernel-source-azure": "4.12.14-16.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.149.1",
            "kernel-azure-devel": "4.12.14-16.149.1",
            "kernel-devel-azure": "4.12.14-16.149.1",
            "kernel-syms-azure": "4.12.14-16.149.1",
            "kernel-azure-base": "4.12.14-16.149.1",
            "kernel-source-azure": "4.12.14-16.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.149.1",
            "kernel-azure-devel": "4.12.14-16.149.1",
            "kernel-devel-azure": "4.12.14-16.149.1",
            "kernel-syms-azure": "4.12.14-16.149.1",
            "kernel-azure-base": "4.12.14-16.149.1",
            "kernel-source-azure": "4.12.14-16.149.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.149.1",
            "kernel-azure-devel": "4.12.14-16.149.1",
            "kernel-devel-azure": "4.12.14-16.149.1",
            "kernel-syms-azure": "4.12.14-16.149.1",
            "kernel-azure-base": "4.12.14-16.149.1",
            "kernel-source-azure": "4.12.14-16.149.1"
        }
    ]
}