Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2023:2146-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 15 vulnerabilities and has five security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
The following non-security bugs were fixed:
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- Replace mkinitrd dependency with dracut (bsc#1202353).
- cifs: fix negotiate context parsing (bsc#1210301).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Live Patching 15-SP2
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2146=1
-
SUSE Linux Enterprise High Availability Extension 15 SP2
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2146=1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2146=1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2146=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2146=1
-
SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-2146=1
Package List:
-
SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
- kernel-default-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
- kernel-default-livepatch-5.3.18-150200.24.151.1
- kernel-default-livepatch-devel-5.3.18-150200.24.151.1
- kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-1-150200.5.3.1
- kernel-livepatch-5_3_18-150200_24_151-default-1-150200.5.3.1
- kernel-default-debugsource-5.3.18-150200.24.151.1
- kernel-livepatch-SLE15-SP2_Update_36-debugsource-1-150200.5.3.1
- kernel-default-debuginfo-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
- dlm-kmp-default-debuginfo-5.3.18-150200.24.151.1
- ocfs2-kmp-default-5.3.18-150200.24.151.1
- gfs2-kmp-default-5.3.18-150200.24.151.1
- kernel-default-debuginfo-5.3.18-150200.24.151.1
- ocfs2-kmp-default-debuginfo-5.3.18-150200.24.151.1
- kernel-default-debugsource-5.3.18-150200.24.151.1
- cluster-md-kmp-default-debuginfo-5.3.18-150200.24.151.1
- gfs2-kmp-default-debuginfo-5.3.18-150200.24.151.1
- dlm-kmp-default-5.3.18-150200.24.151.1
- cluster-md-kmp-default-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
- kernel-default-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-default-5.3.18-150200.24.151.1
- kernel-preempt-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1
- kernel-default-devel-5.3.18-150200.24.151.1
- kernel-obs-build-debugsource-5.3.18-150200.24.151.1
- kernel-preempt-devel-5.3.18-150200.24.151.1
- kernel-preempt-debuginfo-5.3.18-150200.24.151.1
- kernel-preempt-debugsource-5.3.18-150200.24.151.1
- kernel-obs-build-5.3.18-150200.24.151.1
- kernel-syms-5.3.18-150200.24.151.1
- kernel-default-debugsource-5.3.18-150200.24.151.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.151.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1
- kernel-default-debuginfo-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
- kernel-devel-5.3.18-150200.24.151.1
- kernel-macros-5.3.18-150200.24.151.1
- kernel-source-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
- kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1
- kernel-default-devel-5.3.18-150200.24.151.1
- kernel-obs-build-debugsource-5.3.18-150200.24.151.1
- reiserfs-kmp-default-5.3.18-150200.24.151.1
- kernel-obs-build-5.3.18-150200.24.151.1
- kernel-syms-5.3.18-150200.24.151.1
- kernel-default-debugsource-5.3.18-150200.24.151.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.151.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.151.1
- kernel-default-debuginfo-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
- kernel-devel-5.3.18-150200.24.151.1
- kernel-macros-5.3.18-150200.24.151.1
- kernel-source-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
- kernel-preempt-devel-5.3.18-150200.24.151.1
- kernel-preempt-debugsource-5.3.18-150200.24.151.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1
- kernel-preempt-debuginfo-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
- kernel-default-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
- kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1
- kernel-default-devel-5.3.18-150200.24.151.1
- kernel-obs-build-debugsource-5.3.18-150200.24.151.1
- reiserfs-kmp-default-5.3.18-150200.24.151.1
- kernel-obs-build-5.3.18-150200.24.151.1
- kernel-syms-5.3.18-150200.24.151.1
- kernel-default-debugsource-5.3.18-150200.24.151.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.151.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.151.1
- kernel-default-debuginfo-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
- kernel-devel-5.3.18-150200.24.151.1
- kernel-macros-5.3.18-150200.24.151.1
- kernel-source-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
- kernel-preempt-5.3.18-150200.24.151.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
- kernel-preempt-devel-5.3.18-150200.24.151.1
- kernel-preempt-debugsource-5.3.18-150200.24.151.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1
- kernel-preempt-debuginfo-5.3.18-150200.24.151.1
-
SUSE Enterprise Storage 7 (aarch64 nosrc x86_64)
- kernel-default-5.3.18-150200.24.151.1
- kernel-preempt-5.3.18-150200.24.151.1
-
SUSE Enterprise Storage 7 (aarch64 x86_64)
- kernel-default-base-5.3.18-150200.24.151.1.150200.9.73.1
- kernel-default-devel-5.3.18-150200.24.151.1
- kernel-obs-build-debugsource-5.3.18-150200.24.151.1
- kernel-preempt-devel-5.3.18-150200.24.151.1
- reiserfs-kmp-default-5.3.18-150200.24.151.1
- kernel-preempt-debuginfo-5.3.18-150200.24.151.1
- kernel-preempt-debugsource-5.3.18-150200.24.151.1
- kernel-obs-build-5.3.18-150200.24.151.1
- kernel-syms-5.3.18-150200.24.151.1
- kernel-default-debugsource-5.3.18-150200.24.151.1
- kernel-default-devel-debuginfo-5.3.18-150200.24.151.1
- kernel-preempt-devel-debuginfo-5.3.18-150200.24.151.1
- reiserfs-kmp-default-debuginfo-5.3.18-150200.24.151.1
- kernel-default-debuginfo-5.3.18-150200.24.151.1
-
SUSE Enterprise Storage 7 (noarch)
- kernel-devel-5.3.18-150200.24.151.1
- kernel-macros-5.3.18-150200.24.151.1
- kernel-source-5.3.18-150200.24.151.1
-
SUSE Enterprise Storage 7 (noarch nosrc)
- kernel-docs-5.3.18-150200.24.151.1
References:
- https://www.suse.com/security/cve/CVE-2020-36691.html
- https://www.suse.com/security/cve/CVE-2022-2196.html
- https://www.suse.com/security/cve/CVE-2022-43945.html
- https://www.suse.com/security/cve/CVE-2023-1611.html
- https://www.suse.com/security/cve/CVE-2023-1670.html
- https://www.suse.com/security/cve/CVE-2023-1838.html
- https://www.suse.com/security/cve/CVE-2023-1855.html
- https://www.suse.com/security/cve/CVE-2023-1872.html
- https://www.suse.com/security/cve/CVE-2023-1989.html
- https://www.suse.com/security/cve/CVE-2023-1990.html
- https://www.suse.com/security/cve/CVE-2023-1998.html
- https://www.suse.com/security/cve/CVE-2023-2008.html
- https://www.suse.com/security/cve/CVE-2023-2162.html
- https://www.suse.com/security/cve/CVE-2023-2176.html
- https://www.suse.com/security/cve/CVE-2023-30772.html
- https://bugzilla.suse.com/show_bug.cgi?id=1202353
- https://bugzilla.suse.com/show_bug.cgi?id=1205128
- https://bugzilla.suse.com/show_bug.cgi?id=1206992
- https://bugzilla.suse.com/show_bug.cgi?id=1209613
- https://bugzilla.suse.com/show_bug.cgi?id=1209687
- https://bugzilla.suse.com/show_bug.cgi?id=1209777
- https://bugzilla.suse.com/show_bug.cgi?id=1209871
- https://bugzilla.suse.com/show_bug.cgi?id=1210202
- https://bugzilla.suse.com/show_bug.cgi?id=1210203
- https://bugzilla.suse.com/show_bug.cgi?id=1210301
- https://bugzilla.suse.com/show_bug.cgi?id=1210329
- https://bugzilla.suse.com/show_bug.cgi?id=1210336
- https://bugzilla.suse.com/show_bug.cgi?id=1210337
- https://bugzilla.suse.com/show_bug.cgi?id=1210414
- https://bugzilla.suse.com/show_bug.cgi?id=1210417
- https://bugzilla.suse.com/show_bug.cgi?id=1210453
- https://bugzilla.suse.com/show_bug.cgi?id=1210469
- https://bugzilla.suse.com/show_bug.cgi?id=1210506
- https://bugzilla.suse.com/show_bug.cgi?id=1210629
- https://bugzilla.suse.com/show_bug.cgi?id=1210647