Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed a lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
The following non-security bugs were fixed:
- kabi/severities: add l2tp local symbols
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Live Patching 15 SP1
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:0768-1
- E-Mail link for SUSE-SU-2023:0768-1
- SUSE Security Ratings
- SUSE Bug 1186449
- SUSE Bug 1194535
- SUSE Bug 1201420
- SUSE Bug 1203331
- SUSE Bug 1203332
- SUSE Bug 1204356
- SUSE Bug 1204662
- SUSE Bug 1205711
- SUSE Bug 1207051
- SUSE Bug 1207773
- SUSE Bug 1207795
- SUSE Bug 1207845
- SUSE Bug 1207875
- SUSE Bug 1208700
- SUSE Bug 1208837
- SUSE Bug 1209188
- SUSE CVE CVE-2021-4203 page
Описание
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2021-4203
- SUSE Bug 1194535
Описание
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-2991
- SUSE Bug 1201420
- SUSE Bug 1203993
- SUSE Bug 1211495
Описание
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Затронутые продукты
Ссылки
- CVE-2022-36280
- SUSE Bug 1203332
Описание
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Затронутые продукты
Ссылки
- CVE-2022-38096
- SUSE Bug 1203331
Описание
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
Затронутые продукты
Ссылки
- CVE-2022-4129
- SUSE Bug 1205711
Описание
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
Затронутые продукты
Ссылки
- CVE-2023-0045
- SUSE Bug 1207773
Описание
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
Затронутые продукты
Ссылки
- CVE-2023-0590
- SUSE Bug 1207795
- SUSE Bug 1207822
- SUSE Bug 1211495
- SUSE Bug 1211833
Описание
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.
Затронутые продукты
Ссылки
- CVE-2023-0597
- SUSE Bug 1207845
- SUSE Bug 1212395
- SUSE Bug 1213271
Описание
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-1118
- SUSE Bug 1208837
- SUSE Bug 1208910
- SUSE Bug 1210423
- SUSE Bug 1211495
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
Затронутые продукты
Ссылки
- CVE-2023-23559
- SUSE Bug 1207051
Описание
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
Затронутые продукты
Ссылки
- CVE-2023-26545
- SUSE Bug 1208700
- SUSE Bug 1208909
- SUSE Bug 1210423