SUSE-SU-2023:4142-1

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
• CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
• CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
• CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
• CVE-2023-4004: Fixed improper element removal netfilter nftsetpipapo (bsc#1213812).
• CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
• CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
• CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
• CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
• CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
• CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
• CVE-2023-40283: Fixed use-after-free in l2capsockready_cb (bsc#1214233).
• CVE-2023-1192: Fixed use-after-free in cifsdemultiplexthread() (bsc#1208995).

The following non-security bugs were fixed:

• bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
• check-for-config-changes: ignore BUILTINRETURNADDRESSSTRIPSPAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
• locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
• mkspec: Allow unsupported KMPs (bsc#1214386)
• scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
• x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356).
• x86/srso: Do not probe microcode in a guest (git-fixes).
• x86/srso: Fix SBPB enablement for specrstackoverflow=off (git-fixes).
• x86/srso: Fix srsoshowstate() side effect (git-fixes).
• x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).