Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:2834-1
Rating:	important
References:	bsc#1160435 bsc#1187829 bsc#1205758 bsc#1208600 bsc#1209039 bsc#1210533 bsc#1211449 bsc#1211519 bsc#1212128 bsc#1212129 bsc#1212154 bsc#1212158 bsc#1212494 bsc#1212501 bsc#1212502 bsc#1212504 bsc#1212513 bsc#1212606 bsc#1212842
Cross-References:	CVE-2023-1077 CVE-2023-1249 CVE-2023-2002 CVE-2023-3090 CVE-2023-3141 CVE-2023-3159 CVE-2023-3161 CVE-2023-3268 CVE-2023-3358 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828
CVSS scores:	CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 13 vulnerabilities and has six security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
• CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
• CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
• CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
• CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
• CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
• CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
• CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
• CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
• CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
• CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
• CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
• CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).

The following non-security bugs were fixed:

• Drop dvb-core fix patch due to bug (bsc#1205758).
• Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
• fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
• google/gve:fix repeated words in comments (bsc#1211519).
• gve: Adding a new AdminQ command to verify driver (bsc#1211519).
• gve: Cache link_speed value from device (bsc#1211519).
• gve: Fix GFP flags when allocing pages (bsc#1211519).
• gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
• gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
• gve: Handle alternate miss completions (bsc#1211519).
• gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
• gve: Remove the code of clearing PBA bit (bsc#1211519).
• gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
• gve: enhance no queue page list detection (bsc#1211519).
• rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
• rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
• x86/build: Avoid relocation information in final vmlinux (bsc#1187829).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2834=1
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2834=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2834=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2834=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2834=1
• SUSE Enterprise Storage 7
  zypper in -t patch SUSE-Storage-7-2023-2834=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.157.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.157.1
  • kernel-livepatch-5_3_18-150200_24_157-default-debuginfo-1-150200.5.3.1
  • kernel-livepatch-5_3_18-150200_24_157-default-1-150200.5.3.1
  • kernel-default-livepatch-5.3.18-150200.24.157.1
  • kernel-default-debuginfo-5.3.18-150200.24.157.1
  • kernel-livepatch-SLE15-SP2_Update_38-debugsource-1-150200.5.3.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • gfs2-kmp-default-5.3.18-150200.24.157.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • cluster-md-kmp-default-5.3.18-150200.24.157.1
  • kernel-default-debugsource-5.3.18-150200.24.157.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • dlm-kmp-default-5.3.18-150200.24.157.1
  • kernel-default-debuginfo-5.3.18-150200.24.157.1
  • ocfs2-kmp-default-5.3.18-150200.24.157.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.157.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.157.1
  • kernel-default-5.3.18-150200.24.157.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-default-devel-5.3.18-150200.24.157.1
  • kernel-default-debugsource-5.3.18-150200.24.157.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.157.1
  • kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.157.1
  • kernel-obs-build-5.3.18-150200.24.157.1
  • kernel-preempt-debugsource-5.3.18-150200.24.157.1
  • kernel-syms-5.3.18-150200.24.157.1
  • kernel-preempt-devel-5.3.18-150200.24.157.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.157.1
  • kernel-default-debuginfo-5.3.18-150200.24.157.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-macros-5.3.18-150200.24.157.1
  • kernel-devel-5.3.18-150200.24.157.1
  • kernel-source-5.3.18-150200.24.157.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
  • kernel-default-devel-5.3.18-150200.24.157.1
  • kernel-default-debugsource-5.3.18-150200.24.157.1
  • kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.157.1
  • reiserfs-kmp-default-5.3.18-150200.24.157.1
  • kernel-obs-build-5.3.18-150200.24.157.1
  • kernel-syms-5.3.18-150200.24.157.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.157.1
  • kernel-default-debuginfo-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-macros-5.3.18-150200.24.157.1
  • kernel-devel-5.3.18-150200.24.157.1
  • kernel-source-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-preempt-devel-5.3.18-150200.24.157.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.157.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1
  • kernel-preempt-debugsource-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
  • kernel-default-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
  • kernel-default-devel-5.3.18-150200.24.157.1
  • kernel-default-debugsource-5.3.18-150200.24.157.1
  • kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.157.1
  • reiserfs-kmp-default-5.3.18-150200.24.157.1
  • kernel-obs-build-5.3.18-150200.24.157.1
  • kernel-syms-5.3.18-150200.24.157.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.157.1
  • kernel-default-debuginfo-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
  • kernel-macros-5.3.18-150200.24.157.1
  • kernel-devel-5.3.18-150200.24.157.1
  • kernel-source-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.157.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
  • kernel-preempt-devel-5.3.18-150200.24.157.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.157.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1
  • kernel-preempt-debugsource-5.3.18-150200.24.157.1
• SUSE Enterprise Storage 7 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.157.1
  • kernel-default-5.3.18-150200.24.157.1
• SUSE Enterprise Storage 7 (aarch64 x86_64)
  • kernel-default-devel-5.3.18-150200.24.157.1
  • kernel-default-debugsource-5.3.18-150200.24.157.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.157.1
  • kernel-default-base-5.3.18-150200.24.157.1.150200.9.77.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.157.1
  • reiserfs-kmp-default-5.3.18-150200.24.157.1
  • kernel-obs-build-5.3.18-150200.24.157.1
  • kernel-preempt-debugsource-5.3.18-150200.24.157.1
  • kernel-syms-5.3.18-150200.24.157.1
  • kernel-preempt-devel-5.3.18-150200.24.157.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.157.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.157.1
  • kernel-default-debuginfo-5.3.18-150200.24.157.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.157.1
• SUSE Enterprise Storage 7 (noarch)
  • kernel-macros-5.3.18-150200.24.157.1
  • kernel-devel-5.3.18-150200.24.157.1
  • kernel-source-5.3.18-150200.24.157.1
• SUSE Enterprise Storage 7 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.157.1

References:

• https://www.suse.com/security/cve/CVE-2023-1077.html
• https://www.suse.com/security/cve/CVE-2023-1249.html
• https://www.suse.com/security/cve/CVE-2023-2002.html
• https://www.suse.com/security/cve/CVE-2023-3090.html
• https://www.suse.com/security/cve/CVE-2023-3141.html
• https://www.suse.com/security/cve/CVE-2023-3159.html
• https://www.suse.com/security/cve/CVE-2023-3161.html
• https://www.suse.com/security/cve/CVE-2023-3268.html
• https://www.suse.com/security/cve/CVE-2023-3358.html
• https://www.suse.com/security/cve/CVE-2023-35788.html
• https://www.suse.com/security/cve/CVE-2023-35823.html
• https://www.suse.com/security/cve/CVE-2023-35824.html
• https://www.suse.com/security/cve/CVE-2023-35828.html
• https://bugzilla.suse.com/show_bug.cgi?id=1160435
• https://bugzilla.suse.com/show_bug.cgi?id=1187829
• https://bugzilla.suse.com/show_bug.cgi?id=1205758
• https://bugzilla.suse.com/show_bug.cgi?id=1208600
• https://bugzilla.suse.com/show_bug.cgi?id=1209039
• https://bugzilla.suse.com/show_bug.cgi?id=1210533
• https://bugzilla.suse.com/show_bug.cgi?id=1211449
• https://bugzilla.suse.com/show_bug.cgi?id=1211519
• https://bugzilla.suse.com/show_bug.cgi?id=1212128
• https://bugzilla.suse.com/show_bug.cgi?id=1212129
• https://bugzilla.suse.com/show_bug.cgi?id=1212154
• https://bugzilla.suse.com/show_bug.cgi?id=1212158
• https://bugzilla.suse.com/show_bug.cgi?id=1212494
• https://bugzilla.suse.com/show_bug.cgi?id=1212501
• https://bugzilla.suse.com/show_bug.cgi?id=1212502
• https://bugzilla.suse.com/show_bug.cgi?id=1212504
• https://bugzilla.suse.com/show_bug.cgi?id=1212513
• https://bugzilla.suse.com/show_bug.cgi?id=1212606
• https://bugzilla.suse.com/show_bug.cgi?id=1212842