Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:0762-1
Rating:	important
References:	bsc#1065729 bsc#1198438 bsc#1203331 bsc#1205711 bsc#1206103 bsc#1207051 bsc#1207845 bsc#1208179 bsc#1208542 bsc#1208700 bsc#1208837 bsc#1209008 bsc#1209188
Cross-References:	CVE-2022-38096 CVE-2022-4129 CVE-2023-0597 CVE-2023-1118 CVE-2023-23559 CVE-2023-26545
CVSS scores:	CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves six vulnerabilities and has seven security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
• CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
• CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
• CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
• CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
• CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).

The following non-security bugs were fixed:

• bonding: fix 802.3ad state sent to partner when unbinding slave (git-fixes).
• do not sign the vanilla kernel (bsc#1209008).
• icmp: do not fail on fragment reassembly time exceeded (git-fixes).
• ipmi: fix initialization when workqueue allocation fails (git-fixes).
• ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes).
• kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes).
• kabi fix for: NFS: Pass error information to the pgio error cleanup routine (git-fixes).
• kabi/severities: add l2tp local symbols
• kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
• media: coda: Add check for dcoda_iram_alloc (git-fixes).
• media: coda: Add check for kmalloc (git-fixes).
• media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
• net: aquantia: fix RSS table and key sizes (git-fixes).
• netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
• netfilter: xt_connlimit: do not store address in the conn nodes (git-fixes).
• nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request (git-fixes).
• nfs: Pass error information to the pgio error cleanup routine (git-fixes).
• nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
• nfsd: fix race to check ls_layouts (git-fixes).
• nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
• ocfs2: Fix data corruption after failed write (bsc#1208542).
• pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
• powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
• powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#1065729).
• powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729).
• powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#1065729).
• scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
• sunrpc: Fix priority queue fairness (git-fixes).
• sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).
• vlan: Fix out of order vlan headers with reorder header off (git-fixes).
• vlan: Fix vlan insertion for packets without ethernet header (git-fixes).
• vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
• vxlan: changelink: Fix handling of default remotes (git-fixes).
• xfrm: Copy policy family in clone_policy (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.127.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • kernel-syms-azure-4.12.14-16.127.1
  • kernel-azure-debugsource-4.12.14-16.127.1
  • kernel-azure-devel-4.12.14-16.127.1
  • kernel-azure-base-debuginfo-4.12.14-16.127.1
  • kernel-azure-debuginfo-4.12.14-16.127.1
  • kernel-azure-base-4.12.14-16.127.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.127.1
  • kernel-devel-azure-4.12.14-16.127.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.127.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • kernel-syms-azure-4.12.14-16.127.1
  • kernel-azure-debugsource-4.12.14-16.127.1
  • kernel-azure-devel-4.12.14-16.127.1
  • kernel-azure-base-debuginfo-4.12.14-16.127.1
  • kernel-azure-debuginfo-4.12.14-16.127.1
  • kernel-azure-base-4.12.14-16.127.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.127.1
  • kernel-devel-azure-4.12.14-16.127.1
• SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.127.1
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • kernel-syms-azure-4.12.14-16.127.1
  • kernel-azure-debugsource-4.12.14-16.127.1
  • kernel-azure-devel-4.12.14-16.127.1
  • kernel-azure-base-debuginfo-4.12.14-16.127.1
  • kernel-azure-debuginfo-4.12.14-16.127.1
  • kernel-azure-base-4.12.14-16.127.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.127.1
  • kernel-devel-azure-4.12.14-16.127.1

References:

• https://www.suse.com/security/cve/CVE-2022-38096.html
• https://www.suse.com/security/cve/CVE-2022-4129.html
• https://www.suse.com/security/cve/CVE-2023-0597.html
• https://www.suse.com/security/cve/CVE-2023-1118.html
• https://www.suse.com/security/cve/CVE-2023-23559.html
• https://www.suse.com/security/cve/CVE-2023-26545.html
• https://bugzilla.suse.com/show_bug.cgi?id=1065729
• https://bugzilla.suse.com/show_bug.cgi?id=1198438
• https://bugzilla.suse.com/show_bug.cgi?id=1203331
• https://bugzilla.suse.com/show_bug.cgi?id=1205711
• https://bugzilla.suse.com/show_bug.cgi?id=1206103
• https://bugzilla.suse.com/show_bug.cgi?id=1207051
• https://bugzilla.suse.com/show_bug.cgi?id=1207845
• https://bugzilla.suse.com/show_bug.cgi?id=1208179
• https://bugzilla.suse.com/show_bug.cgi?id=1208542
• https://bugzilla.suse.com/show_bug.cgi?id=1208700
• https://bugzilla.suse.com/show_bug.cgi?id=1208837
• https://bugzilla.suse.com/show_bug.cgi?id=1209008
• https://bugzilla.suse.com/show_bug.cgi?id=1209188