Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:0747-1
Rating:	important
References:	bsc#1065729 bsc#1194535 bsc#1198438 bsc#1203200 bsc#1203331 bsc#1205711 bsc#1206103 bsc#1207051 bsc#1207201 bsc#1207845 bsc#1208179 bsc#1208541 bsc#1208542 bsc#1208570 bsc#1208700 bsc#1208837 bsc#1209008 bsc#1209188
Cross-References:	CVE-2021-4203 CVE-2022-38096 CVE-2022-4129 CVE-2023-0597 CVE-2023-1118 CVE-2023-23559 CVE-2023-26545
CVSS scores:	CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Real Time 12 SP5 SUSE Linux Enterprise Server 12 SP5

An update that solves seven vulnerabilities and has 11 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

• CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
• CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
• CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
• CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
• CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
• CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
• CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).

The following non-security bugs were fixed:

• block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
• bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes).
• cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM (git-fixes).
• do not dump the threads that had been already exiting when zapped (git-fixes).
• do not sign the vanilla kernel (bsc#1209008).
• gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
• icmp: do not fail on fragment reassembly time exceeded (git-fixes).
• ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
• ipmi: Move remove_work to dedicated workqueue (git-fixes).
• ipmi: fix initialization when workqueue allocation fails (git-fixes).
• ipmi: fix memleak when unload ipmi driver (git-fixes).
• ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
• ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes).
• kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
• kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes).
• kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes).
• kabi/severities: add l2tp local symbols
• kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
• kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
• kernel/sys.c: avoid copying possible padding bytes in copy_to_user (git-fixes).
• makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
• media: coda: Add check for dcoda_iram_alloc (git-fixes).
• media: coda: Add check for kmalloc (git-fixes).
• media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
• net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
• net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes).
• net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
• net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
• net: allwinner: Fix use correct return type for ndo_start_xmit() (git-fixes).
• net: aquantia: fix RSS table and key sizes (git-fixes).
• net: bcmgenet: suppress warnings on failed Rx SKB allocations (git-fixes).
• net: bmac: Fix read of MAC address from ROM (git-fixes).
• net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans (git-fixes).
• net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).
• net: stmmac: Fix sub-second increment (git-fixes).
• net: systemport: suppress warnings on failed Rx SKB allocations (git-fixes).
• net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
• net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 (git-fixes).
• net: usb: lan78xx: do not modify phy_device state concurrently (git-fixes).
• net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
• net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
• net: usb: sr9700: Handle negative len (git-fixes).
• netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
• netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes).
• nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git-fixes).
• nfs: Pass error information to the pgio error cleanup routine (git-fixes).
• nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
• nfsd: fix race to check ls_layouts (git-fixes).
• nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
• ocfs2: Fix data corruption after failed write (bsc#1208542).
• pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
• panic: unset panic_on_warn inside panic() (git-fixes).
• powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
• powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729).
• powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729).
• powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729).
• prlimit: do_prlimit needs to have a speculation check (git-fixes).
• ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (git-fixes).
• scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
• scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
• scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
• scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
• scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
• scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
• scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
• scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
• scsi: qla2xxx: Fix printk() format string (bsc#1208570).
• scsi: qla2xxx: Fix stalled login (bsc#1208570).
• scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
• scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
• scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
• scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
• scsi: qla2xxx: Remove dead code (bsc#1208570).
• scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
• scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
• scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
• scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
• scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
• scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
• scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
• scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
• scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
• scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
• scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
• scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
• signal handling: do not use BUG_ON() for debugging (git-fixes).
• sunrpc: Fix priority queue fairness (git-fixes).
• sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).
• sunrpc: make lockless test safe (bsc#1207201).
• usb: dwc3: fix PHY disable sequence (git-fixes).
• usb: dwc3: gadget: Fix event pending check (git-fixes).
• usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
• usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
• usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
• usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).
• usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
• vlan: Fix out of order vlan headers with reorder header off (git-fixes).
• vlan: Fix vlan insertion for packets without ethernet header (git-fixes).
• vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
• vxlan: changelink: Fix handling of default remotes (git-fixes).
• x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
• x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
• xfrm: Copy policy family in clone_policy (git-fixes).
• xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
• xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
• xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
• xfs: fix attr leaf header freemap.size underflow (git-fixes).
• xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
• xfs: fix mount failure crash on invalid iclog memory access (git-fixes).
• xfs: fix partially uninitialized structure in xfs_reflink_remap_extent (git-fixes).
• xfs: fix realtime bitmap/summary file truncation when growing rt volume (git-fixes).
• xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
• xfs: initialize the shortform attr header padding entry (git-fixes).
• xfs: make sure the rt allocator does not run off the end (git-fixes).
• xfs: require both realtime inodes to mount (git-fixes).
• xhci: Do not show warning for reinit on known broken suspend (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Real Time 12 SP5
  zypper in -t patch SUSE-SLE-RT-12-SP5-2023-747=1

Package List:

• SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
  • dlm-kmp-rt-4.12.14-10.118.1
  • gfs2-kmp-rt-debuginfo-4.12.14-10.118.1
  • ocfs2-kmp-rt-debuginfo-4.12.14-10.118.1
  • kernel-syms-rt-4.12.14-10.118.1
  • kernel-rt_debug-devel-4.12.14-10.118.1
  • kernel-rt_debug-debuginfo-4.12.14-10.118.1
  • gfs2-kmp-rt-4.12.14-10.118.1
  • dlm-kmp-rt-debuginfo-4.12.14-10.118.1
  • kernel-rt_debug-debugsource-4.12.14-10.118.1
  • kernel-rt_debug-devel-debuginfo-4.12.14-10.118.1
  • kernel-rt-base-4.12.14-10.118.1
  • kernel-rt-debugsource-4.12.14-10.118.1
  • kernel-rt-debuginfo-4.12.14-10.118.1
  • kernel-rt-devel-4.12.14-10.118.1
  • kernel-rt-base-debuginfo-4.12.14-10.118.1
  • kernel-rt-devel-debuginfo-4.12.14-10.118.1
  • cluster-md-kmp-rt-debuginfo-4.12.14-10.118.1
  • cluster-md-kmp-rt-4.12.14-10.118.1
  • ocfs2-kmp-rt-4.12.14-10.118.1
• SUSE Linux Enterprise Real Time 12 SP5 (noarch)
  • kernel-source-rt-4.12.14-10.118.1
  • kernel-devel-rt-4.12.14-10.118.1
• SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
  • kernel-rt-4.12.14-10.118.1
  • kernel-rt_debug-4.12.14-10.118.1

References:

• https://www.suse.com/security/cve/CVE-2021-4203.html
• https://www.suse.com/security/cve/CVE-2022-38096.html
• https://www.suse.com/security/cve/CVE-2022-4129.html
• https://www.suse.com/security/cve/CVE-2023-0597.html
• https://www.suse.com/security/cve/CVE-2023-1118.html
• https://www.suse.com/security/cve/CVE-2023-23559.html
• https://www.suse.com/security/cve/CVE-2023-26545.html
• https://bugzilla.suse.com/show_bug.cgi?id=1065729
• https://bugzilla.suse.com/show_bug.cgi?id=1194535
• https://bugzilla.suse.com/show_bug.cgi?id=1198438
• https://bugzilla.suse.com/show_bug.cgi?id=1203200
• https://bugzilla.suse.com/show_bug.cgi?id=1203331
• https://bugzilla.suse.com/show_bug.cgi?id=1205711
• https://bugzilla.suse.com/show_bug.cgi?id=1206103
• https://bugzilla.suse.com/show_bug.cgi?id=1207051
• https://bugzilla.suse.com/show_bug.cgi?id=1207201
• https://bugzilla.suse.com/show_bug.cgi?id=1207845
• https://bugzilla.suse.com/show_bug.cgi?id=1208179
• https://bugzilla.suse.com/show_bug.cgi?id=1208541
• https://bugzilla.suse.com/show_bug.cgi?id=1208542
• https://bugzilla.suse.com/show_bug.cgi?id=1208570
• https://bugzilla.suse.com/show_bug.cgi?id=1208700
• https://bugzilla.suse.com/show_bug.cgi?id=1208837
• https://bugzilla.suse.com/show_bug.cgi?id=1209008
• https://bugzilla.suse.com/show_bug.cgi?id=1209188