Security update for the Linux-RT Kernel

Announcement ID: SUSE-SU-2023:0488-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-24588 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2020-24588 ( NVD ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
  • CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
  • CVE-2022-4382 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-4382 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
  • CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0045 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0179 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0179 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0266 ( NVD ): 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H
  • CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • openSUSE Leap 15.4
  • openSUSE Leap Micro 5.3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Real Time Module 15-SP4

An update that solves 11 vulnerabilities, contains two features and has 133 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332).
  • CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773).
  • CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
  • CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050).
  • CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
  • CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
  • CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).
  • CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
  • CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
  • CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
  • CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).

The following non-security bugs were fixed:

  • ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
  • ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
  • ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
  • ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
  • ACPI: PRM: Check whether EFI runtime is available (git-fixes).
  • ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
  • ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
  • ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
  • ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
  • ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
  • ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
  • ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
  • ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
  • ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
  • ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
  • ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
  • ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
  • ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
  • ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
  • ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
  • ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
  • ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
  • ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
  • ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
  • ALSA: pci: lx6464es: fix a debug loop (git-fixes).
  • ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
  • ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
  • ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
  • ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
  • ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
  • ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
  • ARM: imx: add missing of_node_put() (git-fixes).
  • ASoC: Intel: boards: fix spelling in comments (git-fixes).
  • ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
  • ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes).
  • ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
  • ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
  • ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
  • ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
  • ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
  • ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes).
  • Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
  • Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
  • Fix page corruption caused by racy check in __free_pages (bsc#1208149).
  • HID: betop: check shape of output reports (git-fixes).
  • HID: betop: check shape of output reports (git-fixes, bsc#1207186).
  • HID: check empty report_list in bigben_probe() (git-fixes).
  • HID: check empty report_list in hid_validate_values() (git-fixes).
  • HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
  • HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
  • HID: playstation: sanity check DualSense calibration data (git-fixes).
  • HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
  • IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
  • IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
  • IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
  • IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
  • IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
  • IB/hfi1: Reserve user expected TIDs (git-fixes)
  • IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
  • IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
  • KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616).
  • Move upstreamed net patch into sorted section
  • PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269).
  • PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
  • RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
  • RDMA/core: Fix ib block iterator counter overflow (git-fixes)
  • RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
  • RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
  • RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
  • RDMA/rxe: Prevent faulty rkey generation (git-fixes)
  • RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
  • RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
  • Remove duplicate Git-commit tag in patch file
  • Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes).
  • Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes).
  • Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes).
  • Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes).
  • Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes).
  • Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes).
  • SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
  • SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
  • USB: gadget: Fix use-after-free during usb config switch (git-fixes).
  • USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
  • USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
  • USB: serial: option: add Quectel EC200U modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
  • USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
  • USB: serial: option: add Quectel EM05CN modem (git-fixes).
  • arm64: Fix Freescale LPUART dependency (boo#1204063).
  • arm64: atomics: format whitespace consistently (git-fixes).
  • arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
  • arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
  • arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
  • arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
  • arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
  • arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
  • arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
  • arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
  • arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
  • arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
  • arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
  • ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
  • ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
  • bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
  • bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
  • bfq: fix waker_bfqq inconsistency crash (git-fixes).
  • blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
  • blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
  • blk-throttle: prevent overflow while calculating wait time (git-fixes).
  • blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
  • blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
  • block, bfq: do not move oom_bfqq (git-fixes).
  • block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
  • block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
  • block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
  • block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
  • block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
  • block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes).
  • block/bfq_wf2q: correct weight to ioprio (git-fixes).
  • block/bio: remove duplicate append pages code (git-fixes).
  • block: check minor range in device_add_disk() (git-fixes).
  • block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
  • block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
  • block: ensure iov_iter advances for added pages (git-fixes).
  • block: fix and cleanup bio_check_ro (git-fixes).
  • block: fix infinite loop for invalid zone append (git-fixes).
  • block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
  • block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
  • block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
  • block: use bdev_get_queue() in bio.c (git-fixes).
  • bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes).
  • bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
  • bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
  • bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
  • bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).
  • bnxt_en: fix the handling of PCIE-AER (git-fixes).
  • bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
  • bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes).
  • bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
  • btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
  • btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
  • btrfs: avoid logging all directory changes during renames (bsc#1207263).
  • btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
  • btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
  • btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
  • btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
  • btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
  • btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
  • btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
  • btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
  • btrfs: join running log transaction when logging new name (bsc#1207263).
  • btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
  • btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263).
  • btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
  • btrfs: put initial index value of a directory in a constant (bsc#1207263).
  • btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
  • btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
  • btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
  • btrfs: remove useless path r