Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3377-1

Опубликовано: 22 авг. 2023
Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
  • CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
  • CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
  • CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
  • CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
  • CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
  • CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
  • CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
  • CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
  • CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
  • CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).

The following non-security bugs were fixed:

  • afs: adjust ack interpretation to try and cope with nat (git-fixes).
  • afs: fix access after dec in put functions (git-fixes).
  • afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
  • afs: fix dynamic root getattr (git-fixes).
  • afs: fix fileserver probe rtt handling (git-fixes).
  • afs: fix infinite loop found by xfstest generic/676 (git-fixes).
  • afs: fix lost servers_outstanding count (git-fixes).
  • afs: fix server->active leak in afs_put_server (git-fixes).
  • afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
  • afs: fix updating of i_size with dv jump from server (git-fixes).
  • afs: fix vlserver probe rtt handling (git-fixes).
  • afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
  • afs: use refcount_t rather than atomic_t (git-fixes).
  • afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
  • alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
  • alsa: hda/realtek: support asus g713pv laptop (git-fixes).
  • alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
  • alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
  • alsa: usb-audio: update for native dsd support quirks (git-fixes).
  • asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
  • asoc: codecs: es8316: fix dmic config (git-fixes).
  • asoc: da7219: check for failure reading aad irq events (git-fixes).
  • asoc: da7219: flush pending aad irq when suspending (git-fixes).
  • asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
  • asoc: fsl_spdif: silence output on stop (git-fixes).
  • asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
  • asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
  • asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
  • asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
  • ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
  • block, bfq: fix division by zero error on zero wsum (bsc#1213653).
  • block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
  • can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
  • ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
  • coda: avoid partial allocation of sig_inputargs (git-fixes).
  • dlm: fix missing lkb refcount handling (git-fixes).
  • dlm: fix plock invalid read (git-fixes).
  • documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
  • drm/amd/display: disable mpc split by default on special asic (git-fixes).
  • drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
  • drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
  • drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
  • drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
  • drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes).
  • drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
  • drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
  • file: always lock position for fmode_atomic_pos (bsc#1213759).
  • fs: dlm: add midcomms init/start functions (git-fixes).
  • fs: dlm: do not set stop rx flag after node reset (git-fixes).
  • fs: dlm: filter user dlm messages for kernel locks (git-fixes).
  • fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
  • fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
  • fs: dlm: fix race in lowcomms (git-fixes).
  • fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
  • fs: dlm: move sending fin message into state change handling (git-fixes).
  • fs: dlm: retry accept() until -eagain or error returns (git-fixes).
  • fs: dlm: return positive pid value for f_getlk (git-fixes).
  • fs: dlm: start midcomms before scand (git-fixes).
  • fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
  • fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
  • fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
  • fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
  • gve: set default duplex configuration to full (git-fixes).
  • gve: unify driver name usage (git-fixes).
  • hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes).
  • hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes).
  • iavf: fix out-of-bounds when setting channels on remove (git-fixes).
  • iavf: fix use-after-free in free_netdev (git-fixes).
  • iavf: use internal state to free traffic irqs (git-fixes).
  • igc: check if hardware tx timestamping is enabled earlier (git-fixes).
  • igc: enable and fix rx hash usage by netstack (git-fixes).
  • igc: fix inserting of empty frame for launchtime (git-fixes).
  • igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
  • igc: fix launchtime before start of cycle (git-fixes).
  • igc: fix race condition in ptp tx code (git-fixes).
  • igc: handle pps start time programming for past time values (git-fixes).
  • igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
  • igc: remove delay during tx ring configuration (git-fixes).
  • igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
  • igc: work around hw bug causing missing timestamps (git-fixes).
  • input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
  • input: iqs269a - do not poll during ati (git-fixes).
  • input: iqs269a - do not poll during suspend or resume (git-fixes).
  • jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
  • jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
  • jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
  • jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
  • jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
  • jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
  • jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
  • kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
  • kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
  • kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
  • kvm: do not null dereference ops->destroy (git-fixes)
  • kvm: downgrade two bug_ons to warn_on_once (git-fixes)
  • kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
  • kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
  • kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
  • kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
  • kvm: vmx: restore vmx_vmexit alignment (git-fixes).
  • kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
  • libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
  • media: staging: atomisp: select v4l2_fwnode (git-fixes).
  • net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
  • net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901).
  • net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
  • net: phy: marvell10g: fix 88x3310 power up (git-fixes).
  • nfsd: add encoding of op_recall flag for write delegation (git-fixes).
  • nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
  • nfsd: fix sparse warning (git-fixes).
  • nfsd: remove open coding of string copy (git-fixes).
  • nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
  • nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
  • nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
  • nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
  • octeontx-af: fix hardware timestamp configuration (git-fixes).
  • octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
  • octeontx2-pf: add additional check for mcam rules (git-fixes).
  • phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
  • pinctrl: amd: do not show invalid config param errors (git-fixes).
  • pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
  • platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes).
  • rdma/bnxt_re: fix hang during driver unload (git-fixes)
  • rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
  • rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
  • rdma/irdma: add missing read barriers (git-fixes)
  • rdma/irdma: fix data race on cqp completion stats (git-fixes)
  • rdma/irdma: fix data race on cqp request done (git-fixes)
  • rdma/irdma: fix op_type reporting in cqes (git-fixes)
  • rdma/irdma: report correct wc error (git-fixes)
  • rdma/mlx4: make check for invalid flags stricter (git-fixes)
  • rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
  • regmap: account for register length in smbus i/o limits (git-fixes).
  • regmap: drop initial version of maximum transfer length fixes (git-fixes).
  • revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
  • revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
  • revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
  • revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
  • revert 'usb: xhci: tegra: fix error check' (git-fixes).
  • rpm: update dependency to match current kmod.
  • rxrpc, afs: fix selection of abort codes (git-fixes).
  • s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
  • s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
  • s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
  • s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
  • s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
  • s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715).
  • s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
  • scftorture: count reschedule ipis (git-fixes).
  • scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756).
  • scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
  • scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
  • scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
  • scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
  • scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
  • scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756).
  • scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
  • scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756).
  • scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
  • scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
  • scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
  • scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756).
  • scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756).
  • scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756).
  • scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
  • scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756).
  • scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
  • scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
  • scsi: lpfc: use struct_size() helper (bsc#1213756).
  • scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
  • scsi: qla2xxx: array index may go out of bound (bsc#1213747).
  • scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
  • scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
  • scsi: qla2xxx: correct the index of array (bsc#1213747).
  • scsi: qla2xxx: drop useless list_head (bsc#1213747).
  • scsi: qla2xxx: fix buffer overrun (bsc#1213747).
  • scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
  • scsi: qla2xxx: fix deletion race condition (bsc#1213747).
  • scsi: qla2xxx: fix end of loop test (bsc#1213747).
  • scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
  • scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
  • scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
  • scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
  • scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
  • scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
  • scsi: qla2xxx: fix tmf leak through (bsc#1213747).
  • scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
  • scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
  • scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
  • scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747).
  • scsi: qla2xxx: silence a static checker warning (bsc#1213747).
  • scsi: qla2xxx: turn off noisy message log (bsc#1213747).
  • scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
  • scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
  • scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
  • serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
  • serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
  • soundwire: qcom: update status correctly with mask (git-fixes).
  • staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
  • staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
  • sunrpc: always free ctxt when freeing deferred request (git-fixes).
  • sunrpc: double free xprt_ctxt while still in use (git-fixes).
  • sunrpc: fix trace_svc_register() call site (git-fixes).
  • sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
  • sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
  • sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
  • svcrdma: prevent page release when nothing was received (git-fixes).
  • tpm_tis: explicitly check for error code (git-fixes).
  • tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
  • ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
  • ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes).
  • ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
  • ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
  • ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
  • ubifs: fix build errors as symbol undefined (git-fixes).
  • ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
  • ubifs: fix memory leak in alloc_wbufs() (git-fixes).
  • ubifs: fix memory leak in do_rename (git-fixes).
  • ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
  • ubifs: fix to add refcount once page is set private (git-fixes).
  • ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
  • ubifs: free memory for tmpfile name (git-fixes).
  • ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
  • ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
  • ubifs: rectify space budget for ubifs_xrename() (git-fixes).
  • ubifs: rename whiteout atomically (git-fixes).
  • ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
  • ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
  • ubifs: reserve one leb for each journal head while doing budget (git-fixes).
  • ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
  • ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes).
  • update patches.suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference.
  • usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
  • usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
  • usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
  • usb: xhci-mtk: set the dma max_seg_size (git-fixes).
  • vhost: support packed when setting-getting vring_base (git-fixes).
  • vhost_net: revert upend_idx only on retriable error (git-fixes).
  • virtio-net: maintain reverse cleanup order (git-fixes).
  • virtio_net: fix error unwinding of xdp initialization (git-fixes).
  • x86/pvh: obtain vga console info in dom0 (git-fixes).
  • xen/blkfront: only check req_fua for writes (git-fixes).
  • xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15 SP4
kernel-azure-5.14.21-150400.14.63.1
kernel-azure-devel-5.14.21-150400.14.63.1
kernel-devel-azure-5.14.21-150400.14.63.1
kernel-source-azure-5.14.21-150400.14.63.1
kernel-syms-azure-5.14.21-150400.14.63.1
openSUSE Leap 15.4
cluster-md-kmp-azure-5.14.21-150400.14.63.1
dlm-kmp-azure-5.14.21-150400.14.63.1
gfs2-kmp-azure-5.14.21-150400.14.63.1
kernel-azure-5.14.21-150400.14.63.1
kernel-azure-devel-5.14.21-150400.14.63.1
kernel-azure-extra-5.14.21-150400.14.63.1
kernel-azure-livepatch-devel-5.14.21-150400.14.63.1
kernel-azure-optional-5.14.21-150400.14.63.1
kernel-devel-azure-5.14.21-150400.14.63.1
kernel-source-azure-5.14.21-150400.14.63.1
kernel-syms-azure-5.14.21-150400.14.63.1
kselftests-kmp-azure-5.14.21-150400.14.63.1
ocfs2-kmp-azure-5.14.21-150400.14.63.1
reiserfs-kmp-azure-5.14.21-150400.14.63.1

Ссылки

Описание

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки

Описание

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-azure-devel-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-devel-azure-5.14.21-150400.14.63.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4:kernel-source-azure-5.14.21-150400.14.63.1
Ссылки
Уязвимость SUSE-SU-2023:3377-1