Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:3318-1
Rating:	important
References:	bsc#1150305 bsc#1193629 bsc#1194869 bsc#1206418 bsc#1207129 bsc#1207894 bsc#1208788 bsc#1210565 bsc#1210584 bsc#1210627 bsc#1210780 bsc#1210853 bsc#1211131 bsc#1211243 bsc#1211738 bsc#1211811 bsc#1211867 bsc#1212301 bsc#1212502 bsc#1212604 bsc#1212846 bsc#1212901 bsc#1212905 bsc#1213010 bsc#1213011 bsc#1213012 bsc#1213013 bsc#1213014 bsc#1213015 bsc#1213016 bsc#1213017 bsc#1213018 bsc#1213019 bsc#1213020 bsc#1213021 bsc#1213024 bsc#1213025 bsc#1213032 bsc#1213034 bsc#1213035 bsc#1213036 bsc#1213037 bsc#1213038 bsc#1213039 bsc#1213040 bsc#1213041 bsc#1213059 bsc#1213061 bsc#1213087 bsc#1213088 bsc#1213089 bsc#1213090 bsc#1213092 bsc#1213093 bsc#1213094 bsc#1213095 bsc#1213096 bsc#1213098 bsc#1213099 bsc#1213100 bsc#1213102 bsc#1213103 bsc#1213104 bsc#1213105 bsc#1213106 bsc#1213107 bsc#1213108 bsc#1213109 bsc#1213110 bsc#1213111 bsc#1213112 bsc#1213113 bsc#1213114 bsc#1213134 bsc#1213167 bsc#1213245 bsc#1213247 bsc#1213252 bsc#1213258 bsc#1213259 bsc#1213263 bsc#1213264 bsc#1213272 bsc#1213286 bsc#1213287 bsc#1213304 bsc#1213523 bsc#1213524 bsc#1213543 bsc#1213585 bsc#1213586 bsc#1213588 bsc#1213620 bsc#1213653 bsc#1213705 bsc#1213713 bsc#1213715 bsc#1213747 bsc#1213756 bsc#1213759 bsc#1213777 bsc#1213810 bsc#1213812 bsc#1213856 bsc#1213857 bsc#1213863 bsc#1213867 bsc#1213870 bsc#1213871
Cross-References:	CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-21400 CVE-2023-2156 CVE-2023-2166 CVE-2023-2985 CVE-2023-31083 CVE-2023-3117 CVE-2023-31248 CVE-2023-3268 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-4004
CVSS scores:	CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-20569 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3567 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.4 openSUSE Leap Micro 5.3 openSUSE Leap Micro 5.4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Live Patching 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Real Time Module 15-SP4

An update that solves 20 vulnerabilities and has 89 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418).
CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).

The following non-security bugs were fixed:

acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
add module_firmware() for firmware_tg357766 (git-fixes).
afs: adjust ack interpretation to try and cope with nat (git-fixes).
afs: fix access after dec in put functions (git-fixes).
afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
afs: fix dynamic root getattr (git-fixes).
afs: fix fileserver probe rtt handling (git-fixes).
afs: fix infinite loop found by xfstest generic/676 (git-fixes).
afs: fix lost servers_outstanding count (git-fixes).
afs: fix server->active leak in afs_put_server (git-fixes).
afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
afs: fix updating of i_size with dv jump from server (git-fixes).
afs: fix vlserver probe rtt handling (git-fixes).
afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
afs: use refcount_t rather than atomic_t (git-fixes).
afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
alsa: fireface: make read-only const array for model names static (git-fixes).
alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
alsa: hda/realtek: support asus g713pv laptop (git-fixes).
alsa: hda/realtek: whitespace fix (git-fixes).
alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
alsa: oxfw: make read-only const array models static (git-fixes).
alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).
alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
alsa: usb-audio: update for native dsd support quirks (git-fixes).
apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)
arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
asoc: codecs: es8316: fix dmic config (git-fixes).
asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
asoc: da7219: check for failure reading aad irq events (git-fixes).
asoc: da7219: flush pending aad irq when suspending (git-fixes).
asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
asoc: fsl_spdif: silence output on stop (git-fixes).
asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
asoc: tegra: fix adx byte map (git-fixes).
asoc: tegra: fix amx byte map (git-fixes).
asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
block, bfq: fix division by zero error on zero wsum (bsc#1213653).
block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
can: bcm: fix uaf in bcm_proc_show() (git-fixes).
can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
cifs: add a warning when the in-flight count goes negative (bsc#1193629).
cifs: address unused variable warning (bsc#1193629).
cifs: do all necessary checks for credits within or before locking (bsc#1193629).
cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
cifs: fix max_credits implementation (bsc#1193629).
cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
cifs: fix status checks in c