Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2023:2892-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 15 vulnerabilities, contains one feature and has 85 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-2430: Fixed a possible denial of service via a missing lock in the io_uring subsystem (bsc#1211014).
- CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
The following non-security bugs were fixed:
- ACPI: CPPC: Add AMD pstate energy performance preference cppc control (bsc#1212445).
- ACPI: CPPC: Add auto select register read/write support (bsc#1212445).
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: LNL: add HD Audio PCI ID (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: jack: Fix mutex call in snd_jack_report() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- ASoC: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
- ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
- ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: devlink: add add devlink-selftests to the table of contents (git-fixes).
- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Drop a buggy dvb-core fix patch (bsc#1205758)
- Fix documentation of panic_on_warn (git-fixes).
- Get module prefix from kmod (bsc#1212835).
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- HID: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- IB/isert: Fix dead lock in ib_isert (git-fixes)
- IB/isert: Fix incorrect release of isert connection (git-fixes)
- IB/isert: Fix possible list corruption in CMA handler (git-fixes)
- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- Input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- Input: drv260x - fix typo in register value define (git-fixes).
- Input: drv260x - remove unused .reg_defaults (git-fixes).
- Input: drv260x - sleep between polling GO bit (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- KVM: arm64: Do not hypercall before EL2 init (git-fixes)
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- NTB: ntb_tool: Add check for devm_kcalloc (git-fixes).
- NTB: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- PCI: Release resource invalidated by coalescing (git-fixes).
- PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
- PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- PCI: ftpci100: Release the clock resources (git-fixes).
- PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- PCI: rockchip: Set address alignment for endpoint mode (git-fixes).
- PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- PCI: rockchip: Write PCI Device ID to correct register (git-fixes).
- PCI: vmd: Reset VMD config register between soft reboots (git-fixes).
- PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
- RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
- RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
- RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
- RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
- RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- RDMA/mlx5: Create an indirect flow table for steering anchor (git-fixes)
- RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- RDMA/mlx5: Fix affinity assignment (git-fixes)
- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- RDMA/rxe: Fix packet length checks (git-fixes)
- RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
- RDMA/rxe: Fix rxe_cq_post (git-fixes)
- RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- RDMA/rxe: Remove the unused variable obj (git-fixes)
- RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
- RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- Remove more packaging cruft for SLE < 12 SP3
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
- Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-fixes).
- Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes).
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- USB: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- USB: dwc3: qcom: Fix potential memory leak (git-fixes).
- USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- USB: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- USB: gadget: udc: fix NULL dereference in remove() (git-fixes).
- USB: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- USB: typec: ucsi: Fix command cancellation (git-fixes).
- USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- Update commit 52b1b46c39ae ("of: Create platform devices for OF framebuffers") (bsc#1212405).
- Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes, bsc#1210853).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bonding: Fix negative jump label count on nested bonding (bsc#1212685).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- device-dax: Fix duplicate 'hmem' device registration (bsc#1211400).
- disable two x86 PAT related patches (bsc#1212456).
- docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961).
- drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961).
- drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961).
- drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961).
- drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961).
- drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes).
- drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).<