Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1214158 bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free issue due to a race condition during Bluetooth message reception (bsc#1218559).
The following non-security bugs were fixed:
- Enabled the LLC counters for “perf” (perf stat) on the Ice-Lake and Rocket-Lake CPUs (jsc#PED-5023 bsc#1211439).
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- KVM: s390/mm: Properly reset no-dat (bsc#1218057).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217936).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1217801).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218362).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
Список пакетов
Image SLES12-SP5-Azure-BYOS
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-On-Demand
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-EC2-BYOS
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-EC2-ECS-On-Demand
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-EC2-On-Demand
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-EC2-SAP-BYOS
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-EC2-SAP-On-Demand
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-GCE-BYOS
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-GCE-On-Demand
kernel-default-4.12.14-122.189.1
Image SLES12-SP5-GCE-SAP-BYOS
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-GCE-SAP-On-Demand
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
kernel-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
SUSE Linux Enterprise High Availability Extension 12 SP5
cluster-md-kmp-default-4.12.14-122.189.1
dlm-kmp-default-4.12.14-122.189.1
gfs2-kmp-default-4.12.14-122.189.1
ocfs2-kmp-default-4.12.14-122.189.1
SUSE Linux Enterprise Live Patching 12 SP5
kernel-default-kgraft-4.12.14-122.189.1
kernel-default-kgraft-devel-4.12.14-122.189.1
kgraft-patch-4_12_14-122_189-default-1-8.3.1
SUSE Linux Enterprise Server 12 SP5
kernel-default-4.12.14-122.189.1
kernel-default-base-4.12.14-122.189.1
kernel-default-devel-4.12.14-122.189.1
kernel-default-man-4.12.14-122.189.1
kernel-devel-4.12.14-122.189.1
kernel-macros-4.12.14-122.189.1
kernel-source-4.12.14-122.189.1
kernel-syms-4.12.14-122.189.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
kernel-default-4.12.14-122.189.1
kernel-default-base-4.12.14-122.189.1
kernel-default-devel-4.12.14-122.189.1
kernel-default-man-4.12.14-122.189.1
kernel-devel-4.12.14-122.189.1
kernel-macros-4.12.14-122.189.1
kernel-source-4.12.14-122.189.1
kernel-syms-4.12.14-122.189.1
SUSE Linux Enterprise Software Development Kit 12 SP5
kernel-docs-4.12.14-122.189.1
kernel-obs-build-4.12.14-122.189.1
SUSE Linux Enterprise Workstation Extension 12 SP5
kernel-default-extra-4.12.14-122.189.1
Ссылки
- Link for SUSE-SU-2024:0117-1
- E-Mail link for SUSE-SU-2024:0117-1
- SUSE Security Ratings
- SUSE Bug 1109837
- SUSE Bug 1179610
- SUSE Bug 1202095
- SUSE Bug 1211226
- SUSE Bug 1211439
- SUSE Bug 1214158
- SUSE Bug 1214479
- SUSE Bug 1215237
- SUSE Bug 1217036
- SUSE Bug 1217250
- SUSE Bug 1217801
- SUSE Bug 1217936
- SUSE Bug 1217946
- SUSE Bug 1217947
- SUSE Bug 1218057
- SUSE Bug 1218184
- SUSE Bug 1218253
Описание
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2020-26555
- SUSE Bug 1179610
- SUSE Bug 1215237
- SUSE Bug 1220015
Описание
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2022-2586
- SUSE Bug 1202095
- SUSE Bug 1209719
Описание
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2023-51779
- SUSE Bug 1218559
- SUSE Bug 1218610
- SUSE Bug 1220015
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598
Описание
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2023-6121
- SUSE Bug 1217250
Описание
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2023-6606
- SUSE Bug 1217947
- SUSE Bug 1220015
Описание
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2023-6610
- SUSE Bug 1217946
Описание
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2023-6931
- SUSE Bug 1214158
- SUSE Bug 1218258
- SUSE Bug 1220191
Описание
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-HPC-BYOS:kernel-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:cluster-md-kmp-default-4.12.14-122.189.1
Image SLES12-SP5-Azure-SAP-BYOS:dlm-kmp-default-4.12.14-122.189.1
Ссылки
- CVE-2023-6932
- SUSE Bug 1218253
- SUSE Bug 1218255
- SUSE Bug 1220015
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598