Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2023:2859-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 13 vulnerabilities and has 13 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
The following non-security bugs were fixed:
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Generalize kernel-doc build requirements.
- Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
- Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore
- Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE.
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2859=1
-
SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-2859=1
-
SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2859=1
-
SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2859=1
-
SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2859=1
-
openSUSE Leap 15.3
zypper in -t patch SUSE-2023-2859=1
-
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2859=1
-
SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2859=1
Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. -
SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2859=1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2859=1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2859=1
-
SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2859=1
-
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2859=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2859=1
-
SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2859=1
-
SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-2859=1
Package List:
-
SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64)
- kernel-default-5.3.18-150300.59.127.1
-
SUSE Manager Server 4.2 (ppc64le s390x x86_64)
- kernel-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-default-devel-5.3.18-150300.59.127.1
- kernel-default-debugsource-5.3.18-150300.59.127.1
- kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
-
SUSE Manager Server 4.2 (noarch)
- kernel-macros-5.3.18-150300.59.127.1
- kernel-devel-5.3.18-150300.59.127.1
-
SUSE Manager Server 4.2 (nosrc s390x)
- kernel-zfcpdump-5.3.18-150300.59.127.1
-
SUSE Manager Server 4.2 (s390x)
- kernel-zfcpdump-debuginfo-5.3.18-150300.59.127.1
- kernel-zfcpdump-debugsource-5.3.18-150300.59.127.1
-
SUSE Manager Server 4.2 (nosrc x86_64)
- kernel-preempt-5.3.18-150300.59.127.1
-
SUSE Manager Server 4.2 (x86_64)
- kernel-preempt-debuginfo-5.3.18-150300.59.127.1
- kernel-preempt-debugsource-5.3.18-150300.59.127.1
-
SUSE Enterprise Storage 7.1 (aarch64 nosrc)
- kernel-64kb-5.3.18-150300.59.127.1
-
SUSE Enterprise Storage 7.1 (aarch64)
- kernel-64kb-debuginfo-5.3.18-150300.59.127.1
- kernel-64kb-devel-5.3.18-150300.59.127.1
- kernel-64kb-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-64kb-debugsource-5.3.18-150300.59.127.1
-
SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150300.59.127.1
- kernel-default-5.3.18-150300.59.127.1
-
SUSE Enterprise Storage 7.1 (aarch64 x86_64)
- kernel-preempt-debuginfo-5.3.18-150300.59.127.1
- kernel-preempt-devel-5.3.18-150300.59.127.1
- kernel-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-default-devel-5.3.18-150300.59.127.1
- reiserfs-kmp-default-5.3.18-150300.59.127.1
- reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-debugsource-5.3.18-150300.59.127.1
- kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
- kernel-obs-build-5.3.18-150300.59.127.1
- kernel-preempt-debugsource-5.3.18-150300.59.127.1
- kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-syms-5.3.18-150300.59.127.1
- kernel-obs-build-debugsource-5.3.18-150300.59.127.1
-
SUSE Enterprise Storage 7.1 (noarch)
- kernel-macros-5.3.18-150300.59.127.1
- kernel-devel-5.3.18-150300.59.127.1
- kernel-source-5.3.18-150300.59.127.1
-
SUSE Enterprise Storage 7.1 (noarch nosrc)
- kernel-docs-5.3.18-150300.59.127.1
-
SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
- kernel-default-5.3.18-150300.59.127.1
-
SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
- kernel-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-debugsource-5.3.18-150300.59.127.1
- kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
-
SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
- kernel-default-5.3.18-150300.59.127.1
-
SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
- kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
-
SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
- kernel-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-debugsource-5.3.18-150300.59.127.1
-
SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
- kernel-default-5.3.18-150300.59.127.1
-
SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
- kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
-
SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
- kernel-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-debugsource-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (noarch nosrc)
- kernel-docs-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (noarch)
- kernel-source-5.3.18-150300.59.127.1
- kernel-source-vanilla-5.3.18-150300.59.127.1
- kernel-docs-html-5.3.18-150300.59.127.1
- kernel-devel-5.3.18-150300.59.127.1
- kernel-macros-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (nosrc ppc64le x86_64)
- kernel-kvmsmall-5.3.18-150300.59.127.1
- kernel-debug-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (ppc64le x86_64)
- kernel-debug-devel-5.3.18-150300.59.127.1
- kernel-kvmsmall-debuginfo-5.3.18-150300.59.127.1
- kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-debug-livepatch-devel-5.3.18-150300.59.127.1
- kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.127.1
- kernel-debug-debuginfo-5.3.18-150300.59.127.1
- kernel-kvmsmall-devel-5.3.18-150300.59.127.1
- kernel-kvmsmall-debugsource-5.3.18-150300.59.127.1
- kernel-debug-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-debug-debugsource-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
- kselftests-kmp-default-debuginfo-5.3.18-150300.59.127.1
- kernel-obs-build-5.3.18-150300.59.127.1
- kselftests-kmp-default-5.3.18-150300.59.127.1
- ocfs2-kmp-default-debuginfo-5.3.18-150300.59.127.1
- kernel-syms-5.3.18-150300.59.127.1
- reiserfs-kmp-default-5.3.18-150300.59.127.1
- kernel-obs-build-debugsource-5.3.18-150300.59.127.1
- gfs2-kmp-default-5.3.18-150300.59.127.1
- kernel-default-extra-5.3.18-150300.59.127.1
- gfs2-kmp-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-base-5.3.18-150300.59.127.1.150300.18.74.1
- kernel-obs-qa-5.3.18-150300.59.127.1
- ocfs2-kmp-default-5.3.18-150300.59.127.1
- cluster-md-kmp-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-base-rebuild-5.3.18-150300.59.127.1.150300.18.74.1
- kernel-default-livepatch-devel-5.3.18-150300.59.127.1
- kernel-default-extra-debuginfo-5.3.18-150300.59.127.1
- kernel-default-livepatch-5.3.18-150300.59.127.1
- dlm-kmp-default-debuginfo-5.3.18-150300.59.127.1
- dlm-kmp-default-5.3.18-150300.59.127.1
- kernel-default-optional-debuginfo-5.3.18-150300.59.127.1
- kernel-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-devel-debuginfo-5.3.18-150300.59.127.1
- kernel-default-devel-5.3.18-150300.59.127.1
- reiserfs-kmp-default-debuginfo-5.3.18-150300.59.127.1
- kernel-default-debugsource-5.3.18-150300.59.127.1
- kernel-default-optional-5.3.18-150300.59.127.1
- cluster-md-kmp-default-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (ppc64le s390x x86_64)
- kernel-livepatch-SLE15-SP3_Update_34-debugsource-1-150300.7.3.1
- kernel-livepatch-5_3_18-150300_59_127-default-debuginfo-1-150300.7.3.1
- kernel-livepatch-5_3_18-150300_59_127-default-1-150300.7.3.1
-
openSUSE Leap 15.3 (x86_64)
- kernel-livepatch-5_3_18-150300_59_127-preempt-debuginfo-1-150300.7.3.1
- kernel-livepatch-5_3_18-150300_59_127-preempt-1-150300.7.3.1
-
openSUSE Leap 15.3 (aarch64 x86_64)
- kernel-preempt-devel-debuginfo-5.3.18-150300.59.127.1
- gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.127.1
- kselftests-kmp-preempt-5.3.18-150300.59.127.1
- kernel-preempt-devel-5.3.18-150300.59.127.1
- kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.127.1
- cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.127.1
- dlm-kmp-preempt-debuginfo-5.3.18-150300.59.127.1
- kernel-preempt-debuginfo-5.3.18-150300.59.127.1
- dlm-kmp-preempt-5.3.18-150300.59.127.1
- cluster-md-kmp-preempt-5.3.18-150300.59.127.1
- reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.127.1
- reiserfs-kmp-preempt-5.3.18-150300.59.127.1
- kernel-preempt-debugsource-5.3.18-150300.59.127.1
- kernel-preempt-optional-5.3.18-150300.59.127.1
- kernel-preempt-optional-debuginfo-5.3.18-150300.59.127.1
- gfs2-kmp-preempt-5.3.18-150300.59.127.1
- ocfs2-kmp-preempt-5.3.18-150300.59.127.1
- ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.127.1
- kernel-preempt-extra-5.3.18-150300.59.127.1
- kernel-preempt-extra-debuginfo-5.3.18-150300.59.127.1
- kernel-preempt-livepatch-devel-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (nosrc s390x)
- kernel-zfcpdump-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (s390x)
- kernel-zfcpdump-debuginfo-5.3.18-150300.59.127.1
- kernel-zfcpdump-debugsource-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (nosrc)
- dtb-aarch64-5.3.18-150300.59.127.1
-
openSUSE Leap 15.3 (aarch64)
- dtb-xilinx-5.3.18-150300.59.127.1
- dtb-sprd-5.3.18-150300.59.127.1
- reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.127.1
- dtb-arm-5.3.18-150300.59.127.1
- cluster-md-kmp-64kb-5.3.18-150300.59.127.1
- dtb-mediatek-5.3.18-150300.59.127.1
- dtb-al-5.3.18-150300.59.127.1
- ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.127.1
- kernel-64kb-optional-5.3.18-150300.59.127.1
- dtb-altera-5.3.18-150300.59.127.1
- dtb-socionext-5.3.18-150300.59.127.1
- gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.127.1
- kernel-64kb-debuginfo-5.3.18-150300.59.127.1
- kselftests-kmp-64kb-5.3.18-150300.59.127.1
- dtb-cavium-5.3.18-150300.59.127.1
- dtb-allwinner-5.3.18-150300.59.127.1
- kernel-64kb-extra-5.3.18-150300.59.127.1
- dtb-renesas-5.3.18-150300.59.127.1
- dtb-freescale-5.3.18-150300.59.127.1
- dtb-exynos-5.3.18-150300.59.127.1
- dtb-lg-5.3.18-150300.59.127.1
- cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.127.1
- dtb-amlogic-5.3.18-150300.59.127.1
- dlm-kmp-64kb-debuginfo-5.3.18-150300.59.127.1
- kernel-64kb-devel-5.3.18-150300.59.127.1
- gfs2-kmp-64kb-5.3.18-150300.59.127.1
- dtb-qcom-5.3.18-150300.59.127.1
- kernel-64kb-livepatch-devel-5.3.18-150300.59.127.1
- dtb-broadcom-5.3.18-150300.59.127.1
- ocfs2-kmp-64kb-5.3.18-150300.59.127.1
- kernel-64kb-debugsource-5.3.18-150300.59.127.1
- dtb-zte-5.3.18-150300.59.127.1
- kernel-64kb-extra-debuginfo-5.3.18-150300.59.127.1
- dlm-kmp-64kb-5.3.18-150300.59.127.1
- reiserfs-kmp-64kb-5.3.18-150300.59.127.1