Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- fix kabi when adding new cpuid leaves
- get module prefix from kmod (bsc#1212835).
- remove more packaging cruft for sle < 12 sp3
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown_sync (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
Список пакетов
Image SLES15-SP2-BYOS-Azure
Image SLES15-SP2-HPC-BYOS-Azure
Image SLES15-SP2-SAP-Azure
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP2-SAP-BYOS-Azure
Image SLES15-SP2-SAP-BYOS-EC2-HVM
Image SLES15-SP2-SAP-BYOS-GCE
Image SLES15-SP2-SAP-EC2-HVM
Image SLES15-SP2-SAP-GCE
SUSE Linux Enterprise High Availability Extension 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Live Patching 15 SP2
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
Ссылки
- Link for SUSE-SU-2023:3390-1
- E-Mail link for SUSE-SU-2023:3390-1
- SUSE Security Ratings
- SUSE Bug 1206418
- SUSE Bug 1207088
- SUSE Bug 1209342
- SUSE Bug 1210584
- SUSE Bug 1211738
- SUSE Bug 1211867
- SUSE Bug 1212301
- SUSE Bug 1212741
- SUSE Bug 1212835
- SUSE Bug 1212846
- SUSE Bug 1213059
- SUSE Bug 1213167
- SUSE Bug 1213245
- SUSE Bug 1213286
- SUSE Bug 1213287
- SUSE Bug 1213354
- SUSE Bug 1213543
Описание
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Затронутые продукты
Ссылки
- CVE-2022-40982
- SUSE Bug 1206418
- SUSE Bug 1215674
Описание
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47
Затронутые продукты
Ссылки
- CVE-2023-0459
- SUSE Bug 1211738
- SUSE Bug 1215674
Описание
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Затронутые продукты
Ссылки
- CVE-2023-20569
- SUSE Bug 1213287
Описание
An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Затронутые продукты
Ссылки
- CVE-2023-20593
- SUSE Bug 1213286
- SUSE Bug 1213616
- SUSE Bug 1215674
Описание
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
Затронутые продукты
Ссылки
- CVE-2023-2985
- SUSE Bug 1211867
Описание
** REJECT ** Duplicate of CVE-2023-3390.
Затронутые продукты
Ссылки
- CVE-2023-3117
- SUSE Bug 1212934
- SUSE Bug 1213245
Описание
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
Затронутые продукты
Ссылки
- CVE-2023-3390
- SUSE Bug 1212846
- SUSE Bug 1212934
- SUSE Bug 1216225
Описание
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
Затронутые продукты
Ссылки
- CVE-2023-34319
- SUSE Bug 1213546
Описание
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Затронутые продукты
Ссылки
- CVE-2023-35001
- SUSE Bug 1213059
- SUSE Bug 1213063
- SUSE Bug 1217531
Описание
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2023-3567
- SUSE Bug 1213167
- SUSE Bug 1213244
- SUSE Bug 1213842
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
Затронутые продукты
Ссылки
- CVE-2023-3609
- SUSE Bug 1213586
- SUSE Bug 1213587
- SUSE Bug 1217444
- SUSE Bug 1217531
Описание
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
Затронутые продукты
Ссылки
- CVE-2023-3611
- SUSE Bug 1213585
- SUSE Bug 1223091
- SUSE Bug 1223973
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
Затронутые продукты
Ссылки
- CVE-2023-3776
- SUSE Bug 1213588
- SUSE Bug 1215119
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531
- SUSE Bug 1221578
- SUSE Bug 1221598
- SUSE Bug 1223091
- SUSE Bug 1223973
Описание
An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-3812
- SUSE Bug 1213543
- SUSE Bug 1213706
- SUSE Bug 1217444
- SUSE Bug 1217531
Описание
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.
Затронутые продукты
Ссылки
- CVE-2023-4133
- SUSE Bug 1213970
Описание
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.
Затронутые продукты
Ссылки
- CVE-2023-4194
- SUSE Bug 1214019