Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395).
- CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
The following non-security bugs were fixed:
- Added support for enabling livepatching related packages on -RT (jsc#PED-1706).
- Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes, bsc#1207186).
- HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- Reverted 'constraints: increase disk space for all architectures' (bsc#1203693)
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
cluster-md-kmp-default-4.12.14-150100.197.134.1
dlm-kmp-default-4.12.14-150100.197.134.1
gfs2-kmp-default-4.12.14-150100.197.134.1
kernel-default-4.12.14-150100.197.134.1
ocfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
cluster-md-kmp-default-4.12.14-150100.197.134.1
dlm-kmp-default-4.12.14-150100.197.134.1
gfs2-kmp-default-4.12.14-150100.197.134.1
kernel-default-4.12.14-150100.197.134.1
ocfs2-kmp-default-4.12.14-150100.197.134.1
SUSE Linux Enterprise High Availability Extension 15 SP1
cluster-md-kmp-default-4.12.14-150100.197.134.1
dlm-kmp-default-4.12.14-150100.197.134.1
gfs2-kmp-default-4.12.14-150100.197.134.1
ocfs2-kmp-default-4.12.14-150100.197.134.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
kernel-default-4.12.14-150100.197.134.1
kernel-default-base-4.12.14-150100.197.134.1
kernel-default-devel-4.12.14-150100.197.134.1
kernel-devel-4.12.14-150100.197.134.1
kernel-docs-4.12.14-150100.197.134.1
kernel-macros-4.12.14-150100.197.134.1
kernel-obs-build-4.12.14-150100.197.134.1
kernel-source-4.12.14-150100.197.134.1
kernel-syms-4.12.14-150100.197.134.1
SUSE Linux Enterprise Live Patching 15 SP1
kernel-default-livepatch-4.12.14-150100.197.134.1
kernel-default-livepatch-devel-4.12.14-150100.197.134.1
kernel-livepatch-4_12_14-150100_197_134-default-1-150100.3.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
kernel-default-4.12.14-150100.197.134.1
kernel-default-base-4.12.14-150100.197.134.1
kernel-default-devel-4.12.14-150100.197.134.1
kernel-default-man-4.12.14-150100.197.134.1
kernel-devel-4.12.14-150100.197.134.1
kernel-docs-4.12.14-150100.197.134.1
kernel-macros-4.12.14-150100.197.134.1
kernel-obs-build-4.12.14-150100.197.134.1
kernel-source-4.12.14-150100.197.134.1
kernel-syms-4.12.14-150100.197.134.1
reiserfs-kmp-default-4.12.14-150100.197.134.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
kernel-default-4.12.14-150100.197.134.1
kernel-default-base-4.12.14-150100.197.134.1
kernel-default-devel-4.12.14-150100.197.134.1
kernel-devel-4.12.14-150100.197.134.1
kernel-docs-4.12.14-150100.197.134.1
kernel-macros-4.12.14-150100.197.134.1
kernel-obs-build-4.12.14-150100.197.134.1
kernel-source-4.12.14-150100.197.134.1
kernel-syms-4.12.14-150100.197.134.1
reiserfs-kmp-default-4.12.14-150100.197.134.1
openSUSE Leap 15.4
kernel-debug-base-4.12.14-150100.197.134.1
kernel-default-man-4.12.14-150100.197.134.1
kernel-kvmsmall-base-4.12.14-150100.197.134.1
kernel-vanilla-4.12.14-150100.197.134.1
kernel-vanilla-base-4.12.14-150100.197.134.1
kernel-vanilla-devel-4.12.14-150100.197.134.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.134.1
kernel-zfcpdump-man-4.12.14-150100.197.134.1
Ссылки
- Link for SUSE-SU-2023:0410-1
- E-Mail link for SUSE-SU-2023:0410-1
- SUSE Security Ratings
- SUSE Bug 1203693
- SUSE Bug 1205149
- SUSE Bug 1206073
- SUSE Bug 1206389
- SUSE Bug 1206395
- SUSE Bug 1206664
- SUSE Bug 1206677
- SUSE Bug 1206784
- SUSE Bug 1207036
- SUSE Bug 1207186
- SUSE Bug 1207237
- SUSE CVE CVE-2022-3107 page
- SUSE CVE CVE-2022-3108 page
- SUSE CVE CVE-2022-3564 page
- SUSE CVE CVE-2022-4662 page
- SUSE CVE CVE-2022-47929 page
- SUSE CVE CVE-2023-23454 page
Описание
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-150100.197.134.1
Ссылки
- CVE-2022-3107
- SUSE Bug 1206395
Описание
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-150100.197.134.1
Ссылки
- CVE-2022-3108
- SUSE Bug 1206389
Описание
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-150100.197.134.1
Ссылки
- CVE-2022-3564
- SUSE Bug 1206073
- SUSE Bug 1206314
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
Описание
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-150100.197.134.1
Ссылки
- CVE-2022-4662
- SUSE Bug 1206664
Описание
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-150100.197.134.1
Ссылки
- CVE-2022-47929
- SUSE Bug 1207237
Описание
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:cluster-md-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dlm-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:gfs2-kmp-default-4.12.14-150100.197.134.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:kernel-default-4.12.14-150100.197.134.1
Ссылки
- CVE-2023-23454
- SUSE Bug 1207036
- SUSE Bug 1207188
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
- SUSE Bug 1211833