Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drop dvb-core fix patch due to bug (bsc#1205758).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
Список пакетов
Image SLES15-SP2-BYOS-Azure
Image SLES15-SP2-HPC-BYOS-Azure
Image SLES15-SP2-SAP-Azure
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP2-SAP-BYOS-Azure
Image SLES15-SP2-SAP-BYOS-EC2-HVM
Image SLES15-SP2-SAP-BYOS-GCE
Image SLES15-SP2-SAP-EC2-HVM
Image SLES15-SP2-SAP-GCE
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Availability Extension 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Live Patching 15 SP2
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
Ссылки
- Link for SUSE-SU-2023:2834-1
- E-Mail link for SUSE-SU-2023:2834-1
- SUSE Security Ratings
- SUSE Bug 1160435
- SUSE Bug 1187829
- SUSE Bug 1205758
- SUSE Bug 1208600
- SUSE Bug 1209039
- SUSE Bug 1210533
- SUSE Bug 1211449
- SUSE Bug 1211519
- SUSE Bug 1212128
- SUSE Bug 1212129
- SUSE Bug 1212154
- SUSE Bug 1212158
- SUSE Bug 1212494
- SUSE Bug 1212501
- SUSE Bug 1212502
- SUSE Bug 1212504
- SUSE Bug 1212513
Описание
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
Затронутые продукты
Ссылки
- CVE-2023-1077
- SUSE Bug 1208600
- SUSE Bug 1208839
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
Затронутые продукты
Ссылки
- CVE-2023-1249
- SUSE Bug 1209039
Описание
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Затронутые продукты
Ссылки
- CVE-2023-2002
- SUSE Bug 1210533
- SUSE Bug 1210566
Описание
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
Затронутые продукты
Ссылки
- CVE-2023-3090
- SUSE Bug 1212842
- SUSE Bug 1212849
- SUSE Bug 1214128
- SUSE Bug 1219701
Описание
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
Затронутые продукты
Ссылки
- CVE-2023-3141
- SUSE Bug 1212129
- SUSE Bug 1215674
Описание
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
Затронутые продукты
Ссылки
- CVE-2023-3159
- SUSE Bug 1212128
- SUSE Bug 1212347
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1215674
Описание
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
Затронутые продукты
Ссылки
- CVE-2023-3161
- SUSE Bug 1212154
- SUSE Bug 1215674
Описание
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-3268
- SUSE Bug 1212502
- SUSE Bug 1215674
Описание
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
Затронутые продукты
Ссылки
- CVE-2023-3358
- SUSE Bug 1212606
Описание
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Затронутые продукты
Ссылки
- CVE-2023-35788
- SUSE Bug 1212504
- SUSE Bug 1212509
Описание
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
Затронутые продукты
Ссылки
- CVE-2023-35823
- SUSE Bug 1212494
Описание
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
Затронутые продукты
Ссылки
- CVE-2023-35824
- SUSE Bug 1212501
- SUSE Bug 1215674
Описание
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
Затронутые продукты
Ссылки
- CVE-2023-35828
- SUSE Bug 1212513