SUSE-SU-2023:4032-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234032-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4032-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4032-1
Related
Published
2023-10-10T12:20:18Z
Modified
2023-10-10T12:20:18Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
  • CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
  • CVE-2023-39192: Fixed a flaw in the u32matchit function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
  • CVE-2023-42754: Fixed a null pointer dereference in ipv4linkfailure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
  • CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
  • CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
  • CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
  • CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
  • CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
  • CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
  • CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
  • CVE-2023-1192: Fixed use-after-free in cifsdemultiplexthread() (bsc#1208995).

The following non-security bugs were fixed:

  • 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).
  • arm64: insn: Fix ldadd instruction encoding (git-fixes)
  • arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
  • blk-mq: Add blkmqdelayrunhw_queues() API call (bsc#1214586).
  • blk-mq: In blkmqdispatchrqlist() 'no budget' is a reason to kick (bsc#1214586).
  • blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).
  • check-for-config-changes: ignore BUILTINRETURNADDRESSSTRIPSPAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
  • direct-io: allow direct writes to empty inodes (bsc#1215164).
  • Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).
  • drm/ast: Fix DRAM init on AST2200 (bsc#1152446)
  • drm/client: Fix memory leak in drmclienttargetcloned (bsc#1152446) Backporting changes: * move changes to drmfb_helper.c * context changes
  • drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drmclientadd() * remove drmdbgkms()
  • drm/virtio: Fix GEM handle creation UAF (git-fixes).
  • drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes (git-fixes).
  • ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
  • ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
  • ext4: fix wrong unit use in ext4mbclear_bb (bsc#1214943).
  • ext4: set goal start correctly in ext4mbnormalize_request (bsc#1214940).
  • fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048)
  • fbdev: au1200fb: Fix missing IRQ check in au1200fbdrvprobe (bsc#1154048)
  • fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)
  • fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)
  • fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048)
  • firmware: raspberrypi: fix possible memory leak in rpifirmwareprobe() (git-fixes).
  • firmware: raspberrypi: Introduce devmrpifirmware_get() (git-fixes).
  • firmware: raspberrypi: Keep count of all consumers (git-fixes).
  • fs: avoid softlockups in s_inodes iterators (bsc#1215165).
  • fuse: nlookup missing decrement in fusedirentpluslink (bsc#1215607).
  • hvutils: Fix passing zero to 'PTRERR' warning (git-fixes).
  • idr: fix param name in idralloccyclic() doc (bsc#1109837).
  • Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
  • Input: raspberrypi-ts - fix refcount leak in rpitsprobe (git-fixes).
  • Input: xpad - add constants for GIP interface numbers (git-fixes).
  • Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
  • jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
  • jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
  • jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
  • jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
  • jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
  • jbd2: remove tcheckpointio_list (bsc#1214946).
  • jbd2: remove unused function '_cpbuffer_busy' (bsc#1215162).
  • jbd2: restore tcheckpointio_list to maintain kABI (bsc#1214946).
  • jbd2: simplify journalcleanonecplist() (bsc#1215207).
  • KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).
  • KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).
  • media: b2c2: Add missing check in flexcoppciisr: (git-fixes).
  • media: cec-notifier: clear cecadap in cecnotifier_unregister (git-fixes).
  • media: cec: copy sequence field for the reply (git-fixes).
  • media: cec: integrate cecvalidatephys_addr() in cec-api.c (git-fixes).
  • media: cec: make cecgetedidspalocation() an inline function (git-fixes).
  • media: flexcop-usb: fix NULL-ptr deref in flexcopusbtransfer_init() (git-fixes).
  • media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
  • media: s5p_cec: decrement usage count if disabled (git-fixes).
  • media: uvcvideo: Increase UVCCTRLCONTROL_TIMEOUT to 5 seconds (git-fixes).
  • mkspec: Allow unsupported KMPs (bsc#1214386)
  • net: accept UFOv6 packages in virtionethdrtoskb (git-fixes).
  • net: check if protocol extracted by virtionethdrsetproto is correct (git-fixes).
  • net: do not allow gsosize to be set to GSOBY_FRAGS (git-fixes).
  • net: ensure mac header is set in virtionethdrtoskb() (git-fixes).
  • net: tap: NULL pointer derefence in devparseheader_protocol when skb->dev is null (git-fixes).
  • net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
  • net: virtio_vsock: Enhance connection semantics (git-fixes).
  • net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
  • NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
  • NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
  • NFSv4/pnfs: minor fix for cleanup path in nfs4getdevice_info (git-fixes).
  • powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).
  • powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
  • powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
  • quota: fix warning in dqgrab() (bsc#1214962).
  • quota: Properly disable quotas when adddquotref() fails (bsc#1214961).
  • remoteproc: Add missing '\n' in log messages (git-fixes).
  • remoteproc: Fix NULL pointer dereference in rprocvirtionotify (git-fixes).
  • s390: add z16 elf platform (LTC#203790 bsc#1215954).
  • s390/dasd: fix hanging device after request requeue (LTC#203632 bsc#1215121).
  • s390/zcrypt: do not leak memory if devsetname() fails (git-fixes bsc#1215152).
  • scsi: qla2xxx: Fix NULL vs ISERR() bug for debugfscreate_dir() (git-fixes).
  • scsi: qla2xxx: Use rawsmpprocessorid() instead of smpprocessor_id() (git-fixes).
  • scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).
  • tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
  • tracing: Reverse the order of tracetypeslock and event_mutex (git-fixes bsc#1215634).
  • udf: Fix extension of the last extent in the file (bsc#1214964).
  • udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
  • udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
  • udf: Fix uninitialized array access for some pathnames (bsc#1214967).
  • usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
  • usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
  • usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
  • usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
  • vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).
  • vhost: Do not call access_ok() when using IOTLB (git-fixes).
  • vhost: fix range used in translate_desc() (git-fixes).
  • vhost: Fix vhostvqreset() (git-fixes).
  • vhost: introduce helpers to get the size of metadata area (git-fixes).
  • vhost: missing __user tags (git-fixes).
  • vhost: Use vhostgetusedsize() in vhostvringsetaddr() (git-fixes).
  • vhost: vsock: kick send_pkt worker once device is started (git-fixes).
  • vhost/net: Clear the pending messages when the backend is removed (git-fixes).
  • vhost/test: stop device before reset (git-fixes).
  • vhost/vsock: Fix error handling in vhostvsockinit() (git-fixes).
  • virtio_balloon: prevent pfn array overflow (git-fixes).
  • virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
  • virtio_mmio: Restore guest page size on resume (git-fixes).
  • virtio_net: add checking sq is full inside xdp xmit (git-fixes).
  • virtionet: fix memory leak inside XPDTX with mergeable (git-fixes).
  • virtionet: Fix probe failed when modprobe virtionet (git-fixes).
  • virtio_net: Remove BUG() to avoid machine dead (git-fixes).
  • virtio_net: reorder some funcs (git-fixes).
  • virtio_net: separate the logic of checking whether sq is full (git-fixes).
  • virtionet: suppress cpu stall when freeunused_bufs (git-fixes).
  • virtiopcimodern: Fix the comment of virtiopcifind_capability() (git-fixes).
  • virtio_pci: Support surprise removal of virtio pci device (git-fixes).
  • virtioring: Avoid loop when vq is broken in virtqueuepoll (git-fixes).
  • virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
  • virtio-gpu: fix possible memory allocation failure (git-fixes).
  • virtio-net: execute xdpdoflush() before napicompletedone() (git-fixes).
  • virtio-net: fix race between ndoopen() and virtiodevice_ready() (git-fixes).
  • virtio-net: fix race between set queues and probe (git-fixes).
  • virtio-net: fix the race between refill work and close (git-fixes).
  • virtio-net: set queues after driver_ok (git-fixes).
  • virtio-rng: make device ready before making request (git-fixes).
  • virtio: acknowledge all features before access (git-fixes).
  • vringh: Fix loop descriptors check in the indirect cases (git-fixes).
  • VSOCK: handle VIRTIOVSOCKOPCREDITREQUEST (git-fixes).
  • vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).
  • vsock/virtio: enable VQs early on probe (git-fixes).
  • vsock/virtio: free queued packets when closing socket (git-fixes).
  • vsock/virtio: update credit only if socket is not closed (git-fixes).
  • word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
  • x86/hyperv: Fix NULL deref in sethvtscchange_cb() if Hyper-V setup fails (git-fixes).
  • x86/srso: Do not probe microcode in a guest (git-fixes).
  • x86/srso: Fix SBPB enablement for specrstackoverflow=off (git-fixes).
  • x86/srso: Fix srsoshowstate() side effect (git-fixes).
  • x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
  • xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.152.1",
            "kernel-azure-devel": "4.12.14-16.152.1",
            "kernel-devel-azure": "4.12.14-16.152.1",
            "kernel-syms-azure": "4.12.14-16.152.1",
            "kernel-azure-base": "4.12.14-16.152.1",
            "kernel-source-azure": "4.12.14-16.152.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.152.1",
            "kernel-azure-devel": "4.12.14-16.152.1",
            "kernel-devel-azure": "4.12.14-16.152.1",
            "kernel-syms-azure": "4.12.14-16.152.1",
            "kernel-azure-base": "4.12.14-16.152.1",
            "kernel-source-azure": "4.12.14-16.152.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.152.1",
            "kernel-azure-devel": "4.12.14-16.152.1",
            "kernel-devel-azure": "4.12.14-16.152.1",
            "kernel-syms-azure": "4.12.14-16.152.1",
            "kernel-azure-base": "4.12.14-16.152.1",
            "kernel-source-azure": "4.12.14-16.152.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.152.1",
            "kernel-azure-devel": "4.12.14-16.152.1",
            "kernel-devel-azure": "4.12.14-16.152.1",
            "kernel-syms-azure": "4.12.14-16.152.1",
            "kernel-azure-base": "4.12.14-16.152.1",
            "kernel-source-azure": "4.12.14-16.152.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.152.1",
            "kernel-azure-devel": "4.12.14-16.152.1",
            "kernel-devel-azure": "4.12.14-16.152.1",
            "kernel-syms-azure": "4.12.14-16.152.1",
            "kernel-azure-base": "4.12.14-16.152.1",
            "kernel-source-azure": "4.12.14-16.152.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-16.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "4.12.14-16.152.1",
            "kernel-azure-devel": "4.12.14-16.152.1",
            "kernel-devel-azure": "4.12.14-16.152.1",
            "kernel-syms-azure": "4.12.14-16.152.1",
            "kernel-azure-base": "4.12.14-16.152.1",
            "kernel-source-azure": "4.12.14-16.152.1"
        }
    ]
}