Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287).
- CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
Список пакетов
SUSE Linux Enterprise High Availability Extension 12 SP4
SUSE Linux Enterprise Live Patching 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2023:2537-1
- E-Mail link for SUSE-SU-2023:2537-1
- SUSE Security Ratings
- SUSE Bug 1204405
- SUSE Bug 1205756
- SUSE Bug 1205758
- SUSE Bug 1205760
- SUSE Bug 1205762
- SUSE Bug 1205803
- SUSE Bug 1206878
- SUSE Bug 1209287
- SUSE Bug 1210629
- SUSE Bug 1210715
- SUSE Bug 1210783
- SUSE Bug 1210940
- SUSE Bug 1211105
- SUSE Bug 1211186
- SUSE Bug 1211260
- SUSE Bug 1211592
- SUSE CVE CVE-2022-3566 page
Описание
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3566
- SUSE Bug 1204405
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
Затронутые продукты
Ссылки
- CVE-2022-45884
- SUSE Bug 1205756
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
Затронутые продукты
Ссылки
- CVE-2022-45885
- SUSE Bug 1205758
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
Затронутые продукты
Ссылки
- CVE-2022-45886
- SUSE Bug 1205760
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
Затронутые продукты
Ссылки
- CVE-2022-45887
- SUSE Bug 1205762
- SUSE Bug 1220015
Описание
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
Затронутые продукты
Ссылки
- CVE-2022-45919
- SUSE Bug 1205803
- SUSE Bug 1208912
- SUSE Bug 1214128
- SUSE Bug 1215674
Описание
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-1380
- SUSE Bug 1209287
Описание
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
Затронутые продукты
Ссылки
- CVE-2023-2176
- SUSE Bug 1210629
- SUSE Bug 1210630
- SUSE Bug 1213842
Описание
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
Затронутые продукты
Ссылки
- CVE-2023-2194
- SUSE Bug 1210715
Описание
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Затронутые продукты
Ссылки
- CVE-2023-2513
- SUSE Bug 1211105
Описание
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.
Затронутые продукты
Ссылки
- CVE-2023-31084
- SUSE Bug 1210783
Описание
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
Затронутые продукты
Ссылки
- CVE-2023-31436
- SUSE Bug 1210940
- SUSE Bug 1211260
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1223091
- SUSE Bug 1224419
Описание
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
Затронутые продукты
Ссылки
- CVE-2023-32269
- SUSE Bug 1211186