Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4058-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
  • CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-39192 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
  • CVE-2023-39193 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
  • CVE-2023-39194 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2023-42753 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-42753 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2023-4389 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  • CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • openSUSE Leap 15.5
  • Public Cloud Module 15-SP5
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 18 vulnerabilities, contains three features and has 71 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

  • CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
  • CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
  • CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
  • CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
  • CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation (bsc#1215899).
  • CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
  • CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
  • CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
  • CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
  • CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
  • CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
  • CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (bsc#1214022).
  • CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
  • CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
  • CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
  • CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
  • CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).

The following non-security bugs were fixed:

  • ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
  • ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
  • ARM: pxa: remove use of symbol_get() (git-fixes).
  • ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
  • ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
  • ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
  • ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
  • ASoC: meson: spdifin: start hw on dai probe (git-fixes).
  • ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
  • ASoC: rt5640: Fix sleep in atomic context (git-fixes).
  • ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes).
  • ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
  • ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
  • Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
  • Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
  • Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
  • Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
  • Drop amdgpu patch causing spamming (bsc#1215523).
  • Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
  • KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
  • KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
  • KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
  • KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
  • KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
  • KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
  • KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
  • KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
  • KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
  • KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
  • NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
  • NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
  • NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
  • NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
  • NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
  • NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
  • NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
  • NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
  • PCI: Free released resource after coalescing (git-fixes).
  • RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
  • Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (git-fixes).
  • Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
  • SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
  • USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
  • USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
  • arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
  • arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
  • arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
  • arm64: module-plts: inline linux/moduleloader.h (git-fixes)
  • arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
  • arm64: sdei: abort running SDEI handlers during crash (git-fixes)
  • arm64: tegra: Update AHUB clock parent and rate (git-fixes)
  • ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
  • ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
  • ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
  • ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
  • backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
  • blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)
  • blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
  • blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
  • block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
  • bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
  • bpf: Clear the probe_addr for uprobe (git-fixes).
  • btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
  • clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
  • drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
  • drm/amd/display: Add smu write msg id fail retry process (git-fixes).
  • drm/amd/display: Remove wait while locked (git-fixes).
  • drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
  • drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
  • drm/amd/display: prevent potential division by zero errors (git-fixes).
  • drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
  • drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
  • drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
  • drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
  • drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
  • drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
  • drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes).
  • drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
  • drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
  • drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
  • drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
  • drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
  • ext4: Remove ext4 locking of moved directory (bsc#1214957).
  • ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
  • ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
  • ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
  • ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
  • ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
  • ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
  • ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
  • ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
  • fs: Establish locking order for unrelated directories (bsc#1214958).
  • fs: Lock moved directories (bsc#1214959).
  • fs: do not update freeing inode i_io_list (bsc#1214813).
  • fs: lockd: avoid possible wrong NULL parameter (git-fixes).
  • fs: no need to check source (bsc#1215752).
  • fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
  • fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
  • gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
  • gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
  • gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
  • gve: Changes to add new TX queues (bsc#1214479).
  • gve: Control path for DQO-QPL (bsc#1214479).
  • gve: Fix gve interrupt names (bsc#1214479).
  • gve: RX path for DQO-QPL (bsc#1214479).
  • gve: Tx path for DQO-QPL (bsc#1214479).
  • gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
  • gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
  • gve: fix frag_list chaining (bsc#1214479).
  • gve: trivial spell fix Recive to Receive (bsc#1214479).
  • gve: use vmalloc_array and vcalloc (bsc#1214479).
  • hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
  • hwrng: virtio - add an internal buffer (git-fixes).
  • hwrng: virtio - always add a pending request (git-fixes).
  • hwrng: virtio - do not wait on cleanup (git-fixes).
  • hwrng: virtio - do not waste entropy (git-fixes).
  • i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
  • i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
  • i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
  • idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
  • iommu/virtio: Detach domain on endpoint release (git-fixes).
  • iommu/virtio: Return size mapped for a detached domain (git-fixes).
  • jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
  • jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
  • jbd2: correct the end of the journal recovery scan range (bsc#1214955).
  • jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
  • jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
  • jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
  • jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
  • jbd2: remove t_checkpoint_io_list (bsc#1214946).
  • jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
  • kabi/severities: ignore mlx4 internal symbols
  • s390/ipl: add support for List-Directed dump from ECKD DASD (jsc#PED-2023, jsc#PED-2025).
  • kconfig: fix possible buffer overflow (git-fixes).
  • kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
  • kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
  • kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
  • loop: Fix use-after-free issues (bsc#1214991).
  • loop: loop_set_status_from_info() check before assignment (bsc#1214990).
  • mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
  • mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
  • mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
  • mlx4: Delete custom device management logic (bsc#1187236).
  • mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
  • mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
  • mlx4: Move the bond work to the core driver (bsc#1187236).
  • mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
  • mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
  • mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
  • mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
  • module: Expose module_init_layout_section() (git-fixes)
  • net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
  • net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
  • net: mana: Add page pool for RX buffers (bsc#1214040).
  • net: mana: Configure hwc timeout from hardware (bsc#1214037).
  • net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
  • net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
  • nfs/blocklayout: Use the passed in gfp flags (git-fixes).
  • nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
  • nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
  • ntb: Clean up tx tail index on link down (git-fixes).
  • ntb: Drop packets when qp link is down (git-fixes).
  • ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
  • nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
  • nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
  • nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
  • nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
  • nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
  • pNFS: Fix assignment of xprtdata.cred (git-fixes).