Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:0406-1
Rating:	important
References:	bsc#1203183 bsc#1203693 bsc#1203740 bsc#1204171 bsc#1204614 bsc#1204760 bsc#1205149 bsc#1206073 bsc#1206113 bsc#1206114 bsc#1206314 bsc#1206389 bsc#1206393 bsc#1206395 bsc#1206398 bsc#1206399 bsc#1206515 bsc#1206664 bsc#1206677 bsc#1206784 bsc#1207036 bsc#1207125 bsc#1207134 bsc#1207186 bsc#1207188 bsc#1207189 bsc#1207190 bsc#1207237 bsc#1207769 bsc#1207823 jsc#PED-1706
Cross-References:	CVE-2022-3105 CVE-2022-3107 CVE-2022-3108 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3564 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVE-2022-47520 CVE-2022-47929 CVE-2023-0266 CVE-2023-23454 CVE-2023-23455
CVSS scores:	CVE-2022-3105 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3435 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3435 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-3643 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3643 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L CVE-2022-47520 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 ( NVD ): 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 16 vulnerabilities, contains one feature and has 14 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
• CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
• CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
• CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
• CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
• CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
• CVE-2022-42328, CVE-2022-42329: Fixed deadlock inside the netback driver that could have been triggered from a VM guest (bnc#1206114).
• CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bnc#1206113).
• CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
• CVE-2022-3435: Fixed a out-of-bounds read in function fib_nh_match of the file net/ipv4/fib_semantics.c. It is possible to initiate the attack remotely (bnc#1204171).
• CVE-2022-3115: Fixed a null pointer dereference inside malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c that lacked a check of the return value of kzalloc() (bnc#1206393).
• CVE-2022-3112: Fixed a null pointer dereference in amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c that lacked a check of the return value of kzalloc() (bnc#1206399).
• CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389).
• CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395).
• CVE-2022-3105: Fixed missing check of kmalloc_array() in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c (bnc#1206398).

The following non-security bugs were fixed:

• HID: betop: check shape of output reports (git-fixes, bsc#1207186).
• HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
• HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
• NFS: Handle missing attributes in OPEN reply (bsc#1203740).
• constraints: increase disk space for all architectures (bsc#1203693).
• ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
• mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
• net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
• net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
• netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
• rpm: suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
• sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
• sctp: sysctl: make extra pointers netns aware (bsc#1204760).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-406=1
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-406=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-406=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-406=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-406=1
• SUSE Enterprise Storage 7
  zypper in -t patch SUSE-Storage-7-2023-406=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-default-livepatch-5.3.18-150200.24.142.1
  • kernel-livepatch-SLE15-SP2_Update_33-debugsource-1-150200.5.3.1
  • kernel-livepatch-5_3_18-150200_24_142-default-1-150200.5.3.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x)
  • kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-1-150200.5.3.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • cluster-md-kmp-default-5.3.18-150200.24.142.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • gfs2-kmp-default-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • dlm-kmp-default-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • ocfs2-kmp-default-5.3.18-150200.24.142.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-default-5.3.18-150200.24.142.1
  • kernel-preempt-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
  • kernel-default-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
• SUSE Enterprise Storage 7 (aarch64 nosrc x86_64)
  • kernel-default-5.3.18-150200.24.142.1
  • kernel-preempt-5.3.18-150200.24.142.1
• SUSE Enterprise Storage 7 (aarch64 x86_64)
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
• SUSE Enterprise Storage 7 (noarch)
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
• SUSE Enterprise Storage 7 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.142.1

References:

• https://www.suse.com/security/cve/CVE-2022-3105.html
• https://www.suse.com/security/cve/CVE-2022-3107.html
• https://www.suse.com/security/cve/CVE-2022-3108.html
• https://www.suse.com/security/cve/CVE-2022-3112.html
• https://www.suse.com/security/cve/CVE-2022-3115.html
• https://www.suse.com/security/cve/CVE-2022-3435.html
• https://www.suse.com/security/cve/CVE-2022-3564.html
• https://www.suse.com/security/cve/CVE-2022-3643.html
• https://www.suse.com/security/cve/CVE-2022-42328.html
• https://www.suse.com/security/cve/CVE-2022-42329.html
• https://www.suse.com/security/cve/CVE-2022-4662.html
• https://www.suse.com/security/cve/CVE-2022-47520.html
• https://www.suse.com/security/cve/CVE-2022-47929.html
• https://www.suse.com/security/cve/CVE-2023-0266.html
• https://www.suse.com/security/cve/CVE-2023-23454.html
• https://www.suse.com/security/cve/CVE-2023-23455.html
• https://bugzilla.suse.com/show_bug.cgi?id=1203183
• https://bugzilla.suse.com/show_bug.cgi?id=1203693
• https://bugzilla.suse.com/show_bug.cgi?id=1203740
• https://bugzilla.suse.com/show_bug.cgi?id=1204171
• https://bugzilla.suse.com/show_bug.cgi?id=1204614
• https://bugzilla.suse.com/show_bug.cgi?id=1204760
• https://bugzilla.suse.com/show_bug.cgi?id=1205149
• https://bugzilla.suse.com/show_bug.cgi?id=1206073
• https://bugzilla.suse.com/show_bug.cgi?id=1206113
• https://bugzilla.suse.com/show_bug.cgi?id=1206114
• https://bugzilla.suse.com/show_bug.cgi?id=1206314
• https://bugzilla.suse.com/show_bug.cgi?id=1206389
• https://bugzilla.suse.com/show_bug.cgi?id=1206393
• https://bugzilla.suse.com/show_bug.cgi?id=1206395
• https://bugzilla.suse.com/show_bug.cgi?id=1206398
• https://bugzilla.suse.com/show_bug.cgi?id=1206399
• https://bugzilla.suse.com/show_bug.cgi?id=1206515
• https://bugzilla.suse.com/show_bug.cgi?id=1206664
• https://bugzilla.suse.com/show_bug.cgi?id=1206677
• https://bugzilla.suse.com/show_bug.cgi?id=1206784
• https://bugzilla.suse.com/show_bug.cgi?id=1207036