Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
- crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes).
- iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
- iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
- iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010).
- kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
- memcg: drop kmem.limit_in_bytes (bsc#1208788)
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
- s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
- s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140).
- s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950).
- s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- virtio_balloon: fix deadlock on OOM (git-fixes).
- virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- virtio: Protect vqs list access (git-fixes).
- vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743).
Список пакетов
SUSE Linux Enterprise Real Time 12 SP5
Ссылки
- Link for SUSE-SU-2023:4359-1
- E-Mail link for SUSE-SU-2023:4359-1
- SUSE Security Ratings
- SUSE Bug 1206010
- SUSE Bug 1208788
- SUSE Bug 1210778
- SUSE Bug 1213705
- SUSE Bug 1213950
- SUSE Bug 1213977
- SUSE Bug 1215743
- SUSE Bug 1215745
- SUSE Bug 1216046
- SUSE Bug 1216051
- SUSE Bug 1216107
- SUSE Bug 1216140
- SUSE Bug 1216340
- SUSE Bug 1216513
- SUSE Bug 1216514
- SUSE CVE CVE-2023-31085 page
- SUSE CVE CVE-2023-34324 page
Описание
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
Затронутые продукты
Ссылки
- CVE-2023-31085
- SUSE Bug 1210778
- SUSE Bug 1220015
Описание
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).
Затронутые продукты
Ссылки
- CVE-2023-34324
- SUSE Bug 1215745
Описание
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Затронутые продукты
Ссылки
- CVE-2023-39189
- SUSE Bug 1216046
- SUSE Bug 1220015
Описание
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
Затронутые продукты
Ссылки
- CVE-2023-45862
- SUSE Bug 1216051