Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2023:2502-1 |
---|---|
Rating: | important |
References: | |
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 21 vulnerabilities and has four security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Real Time Module 15-SP3
zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-2502=1
-
SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2502=1
-
SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2502=1
-
SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2502=1
Package List:
-
SUSE Real Time Module 15-SP3 (x86_64)
- kernel-rt-devel-debuginfo-5.3.18-150300.130.1
- ocfs2-kmp-rt-5.3.18-150300.130.1
- kernel-rt_debug-devel-5.3.18-150300.130.1
- cluster-md-kmp-rt-debuginfo-5.3.18-150300.130.1
- dlm-kmp-rt-5.3.18-150300.130.1
- kernel-rt_debug-devel-debuginfo-5.3.18-150300.130.1
- cluster-md-kmp-rt-5.3.18-150300.130.1
- kernel-rt_debug-debuginfo-5.3.18-150300.130.1
- dlm-kmp-rt-debuginfo-5.3.18-150300.130.1
- kernel-rt_debug-debugsource-5.3.18-150300.130.1
- kernel-syms-rt-5.3.18-150300.130.1
- ocfs2-kmp-rt-debuginfo-5.3.18-150300.130.1
- gfs2-kmp-rt-debuginfo-5.3.18-150300.130.1
- kernel-rt-debuginfo-5.3.18-150300.130.1
- kernel-rt-devel-5.3.18-150300.130.1
- kernel-rt-debugsource-5.3.18-150300.130.1
- gfs2-kmp-rt-5.3.18-150300.130.1
-
SUSE Real Time Module 15-SP3 (noarch)
- kernel-source-rt-5.3.18-150300.130.1
- kernel-devel-rt-5.3.18-150300.130.1
-
SUSE Real Time Module 15-SP3 (nosrc x86_64)
- kernel-rt-5.3.18-150300.130.1
-
SUSE Real Time Module 15-SP3 (nosrc)
- kernel-rt_debug-5.3.18-150300.130.1
-
SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
- kernel-rt-5.3.18-150300.130.1
-
SUSE Linux Enterprise Micro 5.1 (x86_64)
- kernel-rt-debuginfo-5.3.18-150300.130.1
- kernel-rt-debugsource-5.3.18-150300.130.1
-
SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
- kernel-rt-5.3.18-150300.130.1
-
SUSE Linux Enterprise Micro 5.2 (x86_64)
- kernel-rt-debuginfo-5.3.18-150300.130.1
- kernel-rt-debugsource-5.3.18-150300.130.1
-
SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
- kernel-rt-5.3.18-150300.130.1
-
SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
- kernel-rt-debuginfo-5.3.18-150300.130.1
- kernel-rt-debugsource-5.3.18-150300.130.1
References:
- https://www.suse.com/security/cve/CVE-2020-36694.html
- https://www.suse.com/security/cve/CVE-2022-3566.html
- https://www.suse.com/security/cve/CVE-2022-4269.html
- https://www.suse.com/security/cve/CVE-2022-45884.html
- https://www.suse.com/security/cve/CVE-2022-45885.html
- https://www.suse.com/security/cve/CVE-2022-45886.html
- https://www.suse.com/security/cve/CVE-2022-45887.html
- https://www.suse.com/security/cve/CVE-2022-45919.html
- https://www.suse.com/security/cve/CVE-2023-1079.html
- https://www.suse.com/security/cve/CVE-2023-1380.html
- https://www.suse.com/security/cve/CVE-2023-1637.html
- https://www.suse.com/security/cve/CVE-2023-2156.html
- https://www.suse.com/security/cve/CVE-2023-2194.html
- https://www.suse.com/security/cve/CVE-2023-23586.html
- https://www.suse.com/security/cve/CVE-2023-2483.html
- https://www.suse.com/security/cve/CVE-2023-2513.html
- https://www.suse.com/security/cve/CVE-2023-31084.html
- https://www.suse.com/security/cve/CVE-2023-31436.html
- https://www.suse.com/security/cve/CVE-2023-32233.html
- https://www.suse.com/security/cve/CVE-2023-32269.html
- https://www.suse.com/security/cve/CVE-2023-33288.html
- https://bugzilla.suse.com/show_bug.cgi?id=1199636
- https://bugzilla.suse.com/show_bug.cgi?id=1204405
- https://bugzilla.suse.com/show_bug.cgi?id=1205756
- https://bugzilla.suse.com/show_bug.cgi?id=1205758
- https://bugzilla.suse.com/show_bug.cgi?id=1205760
- https://bugzilla.suse.com/show_bug.cgi?id=1205762
- https://bugzilla.suse.com/show_bug.cgi?id=1205803
- https://bugzilla.suse.com/show_bug.cgi?id=1206024
- https://bugzilla.suse.com/show_bug.cgi?id=1208474
- https://bugzilla.suse.com/show_bug.cgi?id=1208604
- https://bugzilla.suse.com/show_bug.cgi?id=1209287
- https://bugzilla.suse.com/show_bug.cgi?id=1209779
- https://bugzilla.suse.com/show_bug.cgi?id=1210715
- https://bugzilla.suse.com/show_bug.cgi?id=1210783
- https://bugzilla.suse.com/show_bug.cgi?id=1210940
- https://bugzilla.suse.com/show_bug.cgi?id=1211037
- https://bugzilla.suse.com/show_bug.cgi?id=1211043
- https://bugzilla.suse.com/show_bug.cgi?id=1211105
- https://bugzilla.suse.com/show_bug.cgi?id=1211131
- https://bugzilla.suse.com/show_bug.cgi?id=1211186
- https://bugzilla.suse.com/show_bug.cgi?id=1211203
- https://bugzilla.suse.com/show_bug.cgi?id=1211590
- https://bugzilla.suse.com/show_bug.cgi?id=1211592
- https://bugzilla.suse.com/show_bug.cgi?id=1211596
- https://bugzilla.suse.com/show_bug.cgi?id=1211622