Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- Fix kABI breakage (bsc#1208333)
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353).
- cifs: fix double free in dfs mounts (bsc#1209845).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
- cifs: missing null pointer check in cifs_mount (bsc#1209845).
- cifs: serialize all mount attempts (bsc#1209845).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- k-m-s: Drop Linux 2.6 support
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
Список пакетов
SUSE Linux Enterprise High Availability Extension 12 SP4
SUSE Linux Enterprise Live Patching 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2023:2232-1
- E-Mail link for SUSE-SU-2023:2232-1
- SUSE Security Ratings
- SUSE Bug 1076830
- SUSE Bug 1194535
- SUSE Bug 1202353
- SUSE Bug 1205128
- SUSE Bug 1207036
- SUSE Bug 1207125
- SUSE Bug 1207168
- SUSE Bug 1207185
- SUSE Bug 1207795
- SUSE Bug 1207845
- SUSE Bug 1208179
- SUSE Bug 1208333
- SUSE Bug 1208599
- SUSE Bug 1208777
- SUSE Bug 1208837
- SUSE Bug 1208850
- SUSE Bug 1209008
Описание
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Затронутые продукты
Ссылки
- CVE-2017-5753
- SUSE Bug 1068032
- SUSE Bug 1074562
- SUSE Bug 1074578
- SUSE Bug 1074701
- SUSE Bug 1075006
- SUSE Bug 1075419
- SUSE Bug 1075748
- SUSE Bug 1080039
- SUSE Bug 1087084
- SUSE Bug 1087939
- SUSE Bug 1089055
- SUSE Bug 1136865
- SUSE Bug 1178658
- SUSE Bug 1201877
- SUSE Bug 1209547
Описание
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
Затронутые продукты
Ссылки
- CVE-2020-36691
- SUSE Bug 1209613
- SUSE Bug 1209777
Описание
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
Затронутые продукты
Ссылки
- CVE-2021-3923
- SUSE Bug 1209778
Описание
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2021-4203
- SUSE Bug 1194535
Описание
In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel
Затронутые продукты
Ссылки
- CVE-2022-20567
- SUSE Bug 1208850
Описание
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Затронутые продукты
Ссылки
- CVE-2022-43945
- SUSE Bug 1205128
- SUSE Bug 1205130
- SUSE Bug 1208030
- SUSE Bug 1208085
- SUSE Bug 1209225
- SUSE Bug 1210124
Описание
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
Затронутые продукты
Ссылки
- CVE-2023-0394
- SUSE Bug 1207168
Описание
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
Затронутые продукты
Ссылки
- CVE-2023-0590
- SUSE Bug 1207795
- SUSE Bug 1207822
- SUSE Bug 1211495
- SUSE Bug 1211833
Описание
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.
Затронутые продукты
Ссылки
- CVE-2023-0597
- SUSE Bug 1207845
- SUSE Bug 1212395
- SUSE Bug 1213271
Описание
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.
Затронутые продукты
Ссылки
- CVE-2023-1076
- SUSE Bug 1208599
- SUSE Bug 1214019
Описание
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2023-1095
- SUSE Bug 1208777
Описание
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-1118
- SUSE Bug 1208837
- SUSE Bug 1208910
- SUSE Bug 1210423
- SUSE Bug 1211495
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
A remote denial of service vulnerability was found in the Linux kernel's TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
Затронутые продукты
Ссылки
- CVE-2023-1390
- SUSE Bug 1209289
- SUSE Bug 1210779
- SUSE Bug 1211495
Описание
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
Затронутые продукты
Ссылки
- CVE-2023-1513
- SUSE Bug 1209532
Описание
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
Затронутые продукты
Ссылки
- CVE-2023-1611
- SUSE Bug 1209687
Описание
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-1670
- SUSE Bug 1209871
- SUSE Bug 1222212
Описание
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
Затронутые продукты
Ссылки
- CVE-2023-1855
- SUSE Bug 1210202
Описание
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
Затронутые продукты
Ссылки
- CVE-2023-1989
- SUSE Bug 1210336
- SUSE Bug 1210500
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
Описание
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
Затронутые продукты
Ссылки
- CVE-2023-1990
- SUSE Bug 1210337
- SUSE Bug 1210501
- SUSE Bug 1214128
Описание
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
Затронутые продукты
Ссылки
- CVE-2023-1998
- SUSE Bug 1210506
Описание
An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-2124
- SUSE Bug 1210498
Описание
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-2162
- SUSE Bug 1210647
- SUSE Bug 1210662
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1222212
Описание
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23454
- SUSE Bug 1207036
- SUSE Bug 1207188
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
- SUSE Bug 1211833
Описание
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23455
- SUSE Bug 1207125
- SUSE Bug 1207189
- SUSE Bug 1211833
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2023-2483
- SUSE Bug 1211037
Описание
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-28328
- SUSE Bug 1209291
- SUSE Bug 1222212
Описание
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
Затронутые продукты
Ссылки
- CVE-2023-28464
- SUSE Bug 1209052
- SUSE Bug 1211111
- SUSE Bug 1220130
Описание
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
Затронутые продукты
Ссылки
- CVE-2023-28772
- SUSE Bug 1209549
- SUSE Bug 1211110
- SUSE Bug 1214378
Описание
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
Затронутые продукты
Ссылки
- CVE-2023-30772
- SUSE Bug 1210329