Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2023:2534-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 16 vulnerabilities and has 10 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- scsi: storvsc: Parameterize number hardware queues (bsc#1211622).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2534=1
-
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2534=1
-
SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2534=1
-
SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2534=1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2534=1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2534=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2534=1
-
SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
-
openSUSE Leap 15.4 (nosrc)
- kernel-kvmsmall-4.12.14-150100.197.148.1
- kernel-default-4.12.14-150100.197.148.1
- kernel-zfcpdump-4.12.14-150100.197.148.1
- kernel-debug-4.12.14-150100.197.148.1
-
openSUSE Leap 15.4 (ppc64le x86_64)
- kernel-debug-base-debuginfo-4.12.14-150100.197.148.1
- kernel-debug-base-4.12.14-150100.197.148.1
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
- kernel-vanilla-devel-4.12.14-150100.197.148.1
- kernel-vanilla-devel-debuginfo-4.12.14-150100.197.148.1
- kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1
- kernel-vanilla-debugsource-4.12.14-150100.197.148.1
- kernel-vanilla-debuginfo-4.12.14-150100.197.148.1
- kernel-vanilla-base-4.12.14-150100.197.148.1
- kernel-vanilla-base-debuginfo-4.12.14-150100.197.148.1
- kernel-default-base-debuginfo-4.12.14-150100.197.148.1
-
openSUSE Leap 15.4 (x86_64)
- kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.148.1
- kernel-kvmsmall-base-4.12.14-150100.197.148.1
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-vanilla-4.12.14-150100.197.148.1
-
openSUSE Leap 15.4 (s390x)
- kernel-zfcpdump-man-4.12.14-150100.197.148.1
- kernel-default-man-4.12.14-150100.197.148.1
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-vanilla-4.12.14-150100.197.148.1
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- kernel-vanilla-devel-4.12.14-150100.197.148.1
- kernel-vanilla-devel-debuginfo-4.12.14-150100.197.148.1
- kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1
- kernel-vanilla-debugsource-4.12.14-150100.197.148.1
- kernel-vanilla-debuginfo-4.12.14-150100.197.148.1
- kernel-vanilla-base-4.12.14-150100.197.148.1
- kernel-vanilla-base-debuginfo-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
- kernel-default-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
- kernel-default-livepatch-devel-4.12.14-150100.197.148.1
- kernel-default-livepatch-4.12.14-150100.197.148.1
- kernel-default-debugsource-4.12.14-150100.197.148.1
- kernel-default-debuginfo-4.12.14-150100.197.148.1
- kernel-livepatch-4_12_14-150100_197_148-default-1-150100.3.3.1
-
SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64)
- gfs2-kmp-default-debuginfo-4.12.14-150100.197.148.1
- cluster-md-kmp-default-4.12.14-150100.197.148.1
- kernel-default-debugsource-4.12.14-150100.197.148.1
- dlm-kmp-default-debuginfo-4.12.14-150100.197.148.1
- gfs2-kmp-default-4.12.14-150100.197.148.1
- dlm-kmp-default-4.12.14-150100.197.148.1
- ocfs2-kmp-default-debuginfo-4.12.14-150100.197.148.1
- kernel-default-debuginfo-4.12.14-150100.197.148.1
- cluster-md-kmp-default-debuginfo-4.12.14-150100.197.148.1
- ocfs2-kmp-default-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
- kernel-default-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
- kernel-obs-build-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.148.1
- kernel-default-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-4.12.14-150100.197.148.1
- kernel-default-base-4.12.14-150100.197.148.1
- kernel-syms-4.12.14-150100.197.148.1
- kernel-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-4.12.14-150100.197.148.1
- kernel-default-base-debuginfo-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
- kernel-macros-4.12.14-150100.197.148.1
- kernel-source-4.12.14-150100.197.148.1
- kernel-devel-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.148.1
- kernel-default-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-4.12.14-150100.197.148.1
- reiserfs-kmp-default-4.12.14-150100.197.148.1
- kernel-default-base-4.12.14-150100.197.148.1
- kernel-syms-4.12.14-150100.197.148.1
- kernel-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-4.12.14-150100.197.148.1
- kernel-default-base-debuginfo-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
- kernel-macros-4.12.14-150100.197.148.1
- kernel-source-4.12.14-150100.197.148.1
- kernel-devel-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
- kernel-zfcpdump-debuginfo-4.12.14-150100.197.148.1
- kernel-zfcpdump-debugsource-4.12.14-150100.197.148.1
- kernel-default-man-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
- kernel-zfcpdump-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64)
- kernel-default-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.148.1
- kernel-default-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-4.12.14-150100.197.148.1
- reiserfs-kmp-default-4.12.14-150100.197.148.1
- kernel-default-base-4.12.14-150100.197.148.1
- kernel-syms-4.12.14-150100.197.148.1
- kernel-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-4.12.14-150100.197.148.1
- kernel-default-base-debuginfo-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
- kernel-macros-4.12.14-150100.197.148.1
- kernel-source-4.12.14-150100.197.148.1
- kernel-devel-4.12.14-150100.197.148.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.148.1
-
SUSE CaaS Platform 4.0 (nosrc x86_64)
- kernel-default-4.12.14-150100.197.148.1
-
SUSE CaaS Platform 4.0 (x86_64)
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.148.1
- kernel-default-debugsource-4.12.14-150100.197.148.1
- kernel-default-devel-4.12.14-150100.197.148.1
- reiserfs-kmp-default-4.12.14-150100.197.148.1
- kernel-default-base-4.12.14-150100.197.148.1
- kernel-syms-4.12.14-150100.197.148.1
- kernel-default-debuginfo-4.12.14-150100.197.148.1
- kernel-obs-build-4.12.14-150100.197.148.1
- kernel-default-base-debuginfo-4.12.14-150100.197.148.1
-
SUSE CaaS Platform 4.0 (noarch)
- kernel-macros-4.12.14-150100.197.148.1
- kernel-source-4.12.14-150100.197.148.1
- kernel-devel-4.12.14-150100.197.148.1
-
SUSE CaaS Platform 4.0 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.148.1
References:
- https://www.suse.com/security/cve/CVE-2022-3566.html
- https://www.suse.com/security/cve/CVE-2022-45884.html
- https://www.suse.com/security/cve/CVE-2022-45885.html
- https://www.suse.com/security/cve/CVE-2022-45886.html
- https://www.suse.com/security/cve/CVE-2022-45887.html
- https://www.suse.com/security/cve/CVE-2022-45919.html
- https://www.suse.com/security/cve/CVE-2023-1077.html
- https://www.suse.com/security/cve/CVE-2023-1380.html
- https://www.suse.com/security/cve/CVE-2023-2176.html
- https://www.suse.com/security/cve/CVE-2023-2194.html
- https://www.suse.com/security/cve/CVE-2023-2483.html
- https://www.suse.com/security/cve/CVE-2023-2513.html
- https://www.suse.com/security/cve/CVE-2023-28466.html
- https://www.suse.com/security/cve/CVE-2023-31084.html
- https://www.suse.com/security/cve/CVE-2023-31436.html
- https://www.suse.com/security/cve/CVE-2023-32269.html
- https://bugzilla.suse.com/show_bug.cgi?id=1172073
- https://bugzilla.suse.com/show_bug.cgi?id=1191731
- https://bugzilla.suse.com/show_bug.cgi?id=1199046
- https://bugzilla.suse.com/show_bug.cgi?id=1204405
- https://bugzilla.suse.com/show_bug.cgi?id=1205756
- https://bugzilla.suse.com/show_bug.cgi?id=1205758
- https://bugzilla.suse.com/show_bug.cgi?id=1205760
- https://bugzilla.suse.com/show_bug.cgi?id=1205762
- https://bugzilla.suse.com/show_bug.cgi?id=1205803
- https://bugzilla.suse.com/show_bug.cgi?id=1206878
- https://bugzilla.suse.com/show_bug.cgi?id=1208600
- https://bugzilla.suse.com/show_bug.cgi?id=1209287
- https://bugzilla.suse.com/show_bug.cgi?id=1209366
- https://bugzilla.suse.com/show_bug.cgi?id=1210629