SUSE-SU-2023:0406-1

Описание

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
• CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
• CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
• CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
• CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
• CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
• CVE-2022-42328, CVE-2022-42329: Fixed deadlock inside the netback driver that could have been triggered from a VM guest (bnc#1206114).
• CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bnc#1206113).
• CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
• CVE-2022-3435: Fixed a out-of-bounds read in function fib_nh_match of the file net/ipv4/fib_semantics.c. It is possible to initiate the attack remotely (bnc#1204171).
• CVE-2022-3115: Fixed a null pointer dereference inside malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c that lacked a check of the return value of kzalloc() (bnc#1206393).
• CVE-2022-3112: Fixed a null pointer dereference in amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c that lacked a check of the return value of kzalloc() (bnc#1206399).
• CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389).
• CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395).
• CVE-2022-3105: Fixed missing check of kmalloc_array() in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c (bnc#1206398).

The following non-security bugs were fixed:

• HID: betop: check shape of output reports (git-fixes, bsc#1207186).
• HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
• HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
• NFS: Handle missing attributes in OPEN reply (bsc#1203740).
• constraints: increase disk space for all architectures (bsc#1203693).
• ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
• mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
• net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
• net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
• netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
• rpm: suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
• sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
• sctp: sysctl: make extra pointers netns aware (bsc#1204760).