SUSE-SU-2023:1848-1

Описание

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
• CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
• CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
• CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
• CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
• CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
• CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
• CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
• CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
• CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
• CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
• CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
• CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
• CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
• CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
• CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
• CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).

The following non-security bugs were fixed:

• Do not sign the vanilla kernel (bsc#1209008).
• PCI: hv: Add a per-bus mutex state_lock (bsc#1208811).
• PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1208811).
• PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1208811).
• PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1208811).
• Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1208811).
• cifs: fix double free in dfs mounts (bsc#1209845).
• cifs: fix nodfs mount option (bsc#1209845).
• cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
• cifs: missing null pointer check in cifs_mount (bsc#1209845).
• cifs: serialize all mount attempts (bsc#1209845).
• cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
• ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
• ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
• ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
• kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).