SUSE-SU-2023:4033-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4033-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4033-1
Related
Published
2023-10-10T12:21:11Z
Modified
2023-10-10T12:21:11Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
  • CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).
  • CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
  • CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
  • CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
  • CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
  • CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
  • CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
  • CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
  • CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
  • CVE-2023-1192: Fixed use-after-free in cifsdemultiplexthread() (bsc#1208995).

The following non-security bugs were fixed:

  • 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).
  • Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).
  • Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
  • Input: raspberrypi-ts - fix refcount leak in rpitsprobe (git-fixes).
  • Input: xpad - add constants for GIP interface numbers (git-fixes).
  • Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
  • KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).
  • KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).
  • NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
  • NFSv4/pnfs: minor fix for cleanup path in nfs4getdevice_info (git-fixes).
  • USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
  • USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
  • VSOCK: handle VIRTIOVSOCKOPCREDITREQUEST (git-fixes).
  • arm64: insn: Fix ldadd instruction encoding (git-fixes)
  • arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
  • blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)
  • blk-mq: Add blkmqdelayrunhw_queues() API call (bsc#1214586).
  • blk-mq: In blkmqdispatchrqlist() 'no budget' is a reason to kick (bsc#1214586).
  • blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).
  • btrfs: output extra information on failure (bsc#1215136).
  • check-for-config-changes: ignore BUILTINRETURNADDRESSSTRIPSPAC (bsc#1214380)
  • direct-io: allow direct writes to empty inodes (bsc#1215164).
  • drm/ast: Fix DRAM init on AST2200 (bsc#1152446)
  • drm/client: Fix memory leak in drmclienttargetcloned (bsc#1152446) Backporting changes: * move changes to drmfb_helper.c * context changes
  • drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drmclientadd() * remove drmdbgkms()
  • drm/virtio: Fix GEM handle creation UAF (git-fixes).
  • drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes (git-fixes).
  • ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
  • ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
  • ext4: fix wrong unit use in ext4mbclear_bb (bsc#1214943).
  • ext4: set goal start correctly in ext4mbnormalize_request (bsc#1214940).
  • fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).
  • fbdev: au1200fb: Fix missing IRQ check in au1200fbdrvprobe (bsc#1154048)
  • fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)
  • fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)
  • fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).
  • firmware: raspberrypi: Introduce devmrpifirmware_get() (git-fixes).
  • firmware: raspberrypi: Keep count of all consumers (git-fixes).
  • firmware: raspberrypi: fix possible memory leak in rpifirmwareprobe() (git-fixes).
  • fs: avoid softlockups in s_inodes iterators (bsc#1215165).
  • fuse: nlookup missing decrement in fusedirentpluslink (bsc#1215607).
  • hvutils: Fix passing zero to 'PTRERR' warning (git-fixes).
  • idr: fix param name in idralloccyclic() doc (bsc#1109837).
  • jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
  • jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
  • jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
  • jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
  • jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
  • jbd2: remove tcheckpointio_list (bsc#1214946).
  • jbd2: remove unused function '_cpbuffer_busy' (bsc#1215162).
  • jbd2: restore tcheckpointio_list to maintain kABI (bsc#1214946).
  • jbd2: simplify journalcleanonecplist() (bsc#1215207).
  • kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
  • kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
  • media: b2c2: Add missing check in flexcoppciisr: (git-fixes).
  • media: cec-notifier: clear cecadap in cecnotifier_unregister (git-fixes).
  • media: cec: copy sequence field for the reply (git-fixes).
  • media: cec: integrate cecvalidatephys_addr() in cec-api.c (git-fixes).
  • media: cec: make cecgetedidspalocation() an inline function (git-fixes).
  • media: flexcop-usb: fix NULL-ptr deref in flexcopusbtransfer_init() (git-fixes).
  • media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
  • media: s5p_cec: decrement usage count if disabled (git-fixes).
  • media: uvcvideo: Increase UVCCTRLCONTROL_TIMEOUT to 5 seconds (git-fixes).
  • mkspec: Allow unsupported KMPs (bsc#1214386)
  • net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
  • net: accept UFOv6 packages in virtionethdrtoskb (git-fixes).
  • net: check if protocol extracted by virtionethdrsetproto is correct (git-fixes).
  • net: do not allow gsosize to be set to GSOBY_FRAGS (git-fixes).
  • net: ensure mac header is set in virtionethdrtoskb() (git-fixes).
  • net: tap: NULL pointer derefence in devparseheader_protocol when skb->dev is null (git-fixes).
  • net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
  • net: virtio_vsock: Enhance connection semantics (git-fixes).
  • nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
  • old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
  • powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).
  • powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
  • powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
  • quota: Properly disable quotas when adddquotref() fails (bsc#1214961).
  • quota: fix warning in dqgrab() (bsc#1214962).
  • remoteproc: Add missing '\n' in log messages (git-fixes).
  • remoteproc: Fix NULL pointer dereference in rprocvirtionotify (git-fixes).
  • s390/dasd: fix hanging device after request requeue (bsc#1215121).
  • s390/zcrypt: do not leak memory if devsetname() fails (git-fixes bsc#1215152).
  • s390: add z16 elf platform (bsc#1215954).
  • scsi: qla2xxx: Fix NULL vs ISERR() bug for debugfscreate_dir() (git-fixes).
  • scsi: qla2xxx: Use rawsmpprocessorid() instead of smpprocessor_id() (git-fixes).
  • scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).
  • tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
  • tracing: Reverse the order of tracetypeslock and event_mutex (git-fixes bsc#1215634).
  • udf: Fix extension of the last extent in the file (bsc#1214964).
  • udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
  • udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
  • udf: Fix uninitialized array access for some pathnames (bsc#1214967).
  • usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
  • usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
  • vhost/net: Clear the pending messages when the backend is removed (git-fixes).
  • vhost/test: stop device before reset (git-fixes).
  • vhost/vsock: Fix error handling in vhostvsockinit() (git-fixes).
  • vhost: Do not call access_ok() when using IOTLB (git-fixes).
  • vhost: Fix vhostvqreset() (git-fixes).
  • vhost: Use vhostgetusedsize() in vhostvringsetaddr() (git-fixes).
  • vhost: fix range used in translate_desc() (git-fixes).
  • vhost: introduce helpers to get the size of metadata area (git-fixes).
  • vhost: missing __user tags (git-fixes).
  • vhost: vsock: kick send_pkt worker once device is started (git-fixes).
  • vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).
  • virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
  • virtio-gpu: fix possible memory allocation failure (git-fixes).
  • virtio-net: execute xdpdoflush() before napicompletedone() (git-fixes).
  • virtio-net: fix race between ndoopen() and virtiodevice_ready() (git-fixes).
  • virtio-net: fix race between set queues and probe (git-fixes).
  • virtio-net: fix the race between refill work and close (git-fixes).
  • virtio-net: set queues after driver_ok (git-fixes).
  • virtio-rng: make device ready before making request (git-fixes).
  • virtio: acknowledge all features before access (git-fixes).
  • virtio_balloon: prevent pfn array overflow (git-fixes).
  • virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
  • virtio_mmio: Restore guest page size on resume (git-fixes).
  • virtionet: Fix probe failed when modprobe virtionet (git-fixes).
  • virtio_net: Remove BUG() to avoid machine dead (git-fixes).
  • virtio_net: add checking sq is full inside xdp xmit (git-fixes).
  • virtionet: fix memory leak inside XPDTX with mergeable (git-fixes).
  • virtio_net: reorder some funcs (git-fixes).
  • virtio_net: separate the logic of checking whether sq is full (git-fixes).
  • virtionet: suppress cpu stall when freeunused_bufs (git-fixes).
  • virtio_pci: Support surprise removal of virtio pci device (git-fixes).
  • virtiopcimodern: Fix the comment of virtiopcifind_capability() (git-fixes).
  • virtioring: Avoid loop when vq is broken in virtqueuepoll (git-fixes).
  • vringh: Fix loop descriptors check in the indirect cases (git-fixes).
  • vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).
  • vsock/virtio: enable VQs early on probe (git-fixes).
  • vsock/virtio: free queued packets when closing socket (git-fixes).
  • vsock/virtio: update credit only if socket is not closed (git-fixes).
  • word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
  • x86/hyperv: Fix NULL deref in sethvtscchange_cb() if Hyper-V setup fails (git-fixes).
  • x86/srso: Do not probe microcode in a guest (git-fixes).
  • x86/srso: Fix SBPB enablement for specrstackoverflow=off (git-fixes).
  • x86/srso: Fix srsoshowstate() side effect (git-fixes).
  • x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
  • xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.144.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.144.1",
            "dlm-kmp-rt": "4.12.14-10.144.1",
            "gfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug": "4.12.14-10.144.1",
            "kernel-rt-devel": "4.12.14-10.144.1",
            "cluster-md-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug-devel": "4.12.14-10.144.1",
            "kernel-source-rt": "4.12.14-10.144.1",
            "kernel-rt": "4.12.14-10.144.1",
            "ocfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-syms-rt": "4.12.14-10.144.1",
            "kernel-rt-base": "4.12.14-10.144.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.144.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.144.1",
            "dlm-kmp-rt": "4.12.14-10.144.1",
            "gfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug": "4.12.14-10.144.1",
            "kernel-rt-devel": "4.12.14-10.144.1",
            "cluster-md-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug-devel": "4.12.14-10.144.1",
            "kernel-source-rt": "4.12.14-10.144.1",
            "kernel-rt": "4.12.14-10.144.1",
            "ocfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-syms-rt": "4.12.14-10.144.1",
            "kernel-rt-base": "4.12.14-10.144.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.144.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.144.1",
            "dlm-kmp-rt": "4.12.14-10.144.1",
            "gfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug": "4.12.14-10.144.1",
            "kernel-rt-devel": "4.12.14-10.144.1",
            "cluster-md-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug-devel": "4.12.14-10.144.1",
            "kernel-source-rt": "4.12.14-10.144.1",
            "kernel-rt": "4.12.14-10.144.1",
            "ocfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-syms-rt": "4.12.14-10.144.1",
            "kernel-rt-base": "4.12.14-10.144.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.144.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.144.1",
            "dlm-kmp-rt": "4.12.14-10.144.1",
            "gfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug": "4.12.14-10.144.1",
            "kernel-rt-devel": "4.12.14-10.144.1",
            "cluster-md-kmp-rt": "4.12.14-10.144.1",
            "kernel-rt_debug-devel": "4.12.14-10.144.1",
            "kernel-source-rt": "4.12.14-10.144.1",
            "kernel-rt": "4.12.14-10.144.1",
            "ocfs2-kmp-rt": "4.12.14-10.144.1",
            "kernel-syms-rt": "4.12.14-10.144.1",
            "kernel-rt-base": "4.12.14-10.144.1"
        }
    ]
}