Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-20784: Fixed a denial of service (infinite loop in update_blocked_averages) by mishandled leaf cfs_rq in kernel/sched/fair.c (bsc#1126703).
- CVE-2018-3639: Fixed Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1087082).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3106: Fixed crash in XFRM_MSG_GETSA netlink handler (bsc#1213251).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
The following non-security bugs were fixed:
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (git-fixes) No it's not git-fixes it's used to make sle12-sp2 compile with newer toolchain to make the life of all the poor souls maintaining this ancient kernel on their modern machines, a little bit easier....
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
Ссылки
- Link for SUSE-SU-2023:3324-1
- E-Mail link for SUSE-SU-2023:3324-1
- SUSE Security Ratings
- SUSE Bug 1087082
- SUSE Bug 1126703
- SUSE Bug 1206418
- SUSE Bug 1207561
- SUSE Bug 1209779
- SUSE Bug 1210584
- SUSE Bug 1211738
- SUSE Bug 1211867
- SUSE Bug 1212502
- SUSE Bug 1213059
- SUSE Bug 1213167
- SUSE Bug 1213251
- SUSE Bug 1213286
- SUSE Bug 1213287
- SUSE Bug 1213585
- SUSE Bug 1213588
- SUSE CVE CVE-2018-20784 page
Описание
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
Затронутые продукты
Ссылки
- CVE-2018-20784
- SUSE Bug 1126703
Описание
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Затронутые продукты
Ссылки
- CVE-2018-3639
- SUSE Bug 1074701
- SUSE Bug 1085235
- SUSE Bug 1085308
- SUSE Bug 1087078
- SUSE Bug 1087082
- SUSE Bug 1092631
- SUSE Bug 1092885
- SUSE Bug 1094912
- SUSE Bug 1098813
- SUSE Bug 1100394
- SUSE Bug 1102640
- SUSE Bug 1105412
- SUSE Bug 1111963
- SUSE Bug 1172781
- SUSE Bug 1172782
- SUSE Bug 1172783
- SUSE Bug 1173489
- SUSE Bug 1178658
- SUSE Bug 1201877
Описание
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-40982
- SUSE Bug 1206418
- SUSE Bug 1215674
Описание
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
Затронутые продукты
Ссылки
- CVE-2023-0459
- SUSE Bug 1211738
- SUSE Bug 1215674
Описание
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.
Затронутые продукты
Ссылки
- CVE-2023-1637
- SUSE Bug 1209779
Описание
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Затронутые продукты
Ссылки
- CVE-2023-20569
- SUSE Bug 1213287
Описание
An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Затронутые продукты
Ссылки
- CVE-2023-20593
- SUSE Bug 1213286
- SUSE Bug 1213616
- SUSE Bug 1215674
Описание
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
Затронутые продукты
Ссылки
- CVE-2023-2985
- SUSE Bug 1211867
Описание
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
Затронутые продукты
Ссылки
- CVE-2023-3106
- SUSE Bug 1213251
- SUSE Bug 1222212
Описание
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-3268
- SUSE Bug 1212502
- SUSE Bug 1215674
Описание
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Затронутые продукты
Ссылки
- CVE-2023-35001
- SUSE Bug 1213059
- SUSE Bug 1213063
- SUSE Bug 1217531
Описание
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2023-3567
- SUSE Bug 1213167
- SUSE Bug 1213244
- SUSE Bug 1213842
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531
Описание
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
Затронутые продукты
Ссылки
- CVE-2023-3611
- SUSE Bug 1213585
- SUSE Bug 1223091
- SUSE Bug 1223973
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
Затронутые продукты
Ссылки
- CVE-2023-3776
- SUSE Bug 1213588
- SUSE Bug 1215119
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531
- SUSE Bug 1221578
- SUSE Bug 1221598
- SUSE Bug 1223091
- SUSE Bug 1223973