Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:3318-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2023-20569 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  • CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3567 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • openSUSE Leap 15.4
  • openSUSE Leap Micro 5.3
  • openSUSE Leap Micro 5.4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Micro for Rancher 5.4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Real Time Module 15-SP4

An update that solves 20 vulnerabilities and has 89 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418).
  • CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
  • CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
  • CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
  • CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
  • CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
  • CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
  • CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
  • CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
  • CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
  • CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
  • CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
  • CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
  • CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
  • CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
  • CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
  • CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
  • CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
  • CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
  • CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).

The following non-security bugs were fixed:

  • acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
  • add module_firmware() for firmware_tg357766 (git-fixes).
  • afs: adjust ack interpretation to try and cope with nat (git-fixes).
  • afs: fix access after dec in put functions (git-fixes).
  • afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
  • afs: fix dynamic root getattr (git-fixes).
  • afs: fix fileserver probe rtt handling (git-fixes).
  • afs: fix infinite loop found by xfstest generic/676 (git-fixes).
  • afs: fix lost servers_outstanding count (git-fixes).
  • afs: fix server->active leak in afs_put_server (git-fixes).
  • afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
  • afs: fix updating of i_size with dv jump from server (git-fixes).
  • afs: fix vlserver probe rtt handling (git-fixes).
  • afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
  • afs: use refcount_t rather than atomic_t (git-fixes).
  • afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
  • alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
  • alsa: fireface: make read-only const array for model names static (git-fixes).
  • alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
  • alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
  • alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
  • alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
  • alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
  • alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
  • alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
  • alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
  • alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
  • alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
  • alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
  • alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
  • alsa: hda/realtek: support asus g713pv laptop (git-fixes).
  • alsa: hda/realtek: whitespace fix (git-fixes).
  • alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
  • alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
  • alsa: oxfw: make read-only const array models static (git-fixes).
  • alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).
  • alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
  • alsa: usb-audio: update for native dsd support quirks (git-fixes).
  • apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
  • arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
  • arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)
  • arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
  • arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
  • asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
  • asoc: codecs: es8316: fix dmic config (git-fixes).
  • asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
  • asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
  • asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
  • asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
  • asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
  • asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
  • asoc: da7219: check for failure reading aad irq events (git-fixes).
  • asoc: da7219: flush pending aad irq when suspending (git-fixes).
  • asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
  • asoc: fsl_spdif: silence output on stop (git-fixes).
  • asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
  • asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
  • asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
  • asoc: tegra: fix adx byte map (git-fixes).
  • asoc: tegra: fix amx byte map (git-fixes).
  • asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
  • ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
  • block, bfq: fix division by zero error on zero wsum (bsc#1213653).
  • block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
  • can: bcm: fix uaf in bcm_proc_show() (git-fixes).
  • can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
  • ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
  • cifs: add a warning when the in-flight count goes negative (bsc#1193629).
  • cifs: address unused variable warning (bsc#1193629).
  • cifs: do all necessary checks for credits within or before locking (bsc#1193629).
  • cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
  • cifs: fix max_credits implementation (bsc#1193629).
  • cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
  • cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
  • cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
  • cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
  • cifs: fix status checks in c