Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Build in the correct KOTD repository with multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) With multibuild setting repository flags is no longer supported for individual spec files - see https://github.com/openSUSE/open-build-service/issues/3574 Add ExclusiveArch conditional that depends on a macro set up by bs-upload-kernel instead. With that each package should build only in one repository - either standard or QA. Note: bs-upload-kernel does not interpret rpm conditionals, and only uses the first ExclusiveArch line to determine the architectures to enable.
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584, jsc#PED-3459).
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- libceph: use kernel_connect() (bsc#1217981).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
Список пакетов
Container rancher/elemental-teal-rt/5.4:latest
SUSE Linux Enterprise Live Patching 15 SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Real Time Module 15 SP4
openSUSE Leap Micro 5.3
openSUSE Leap Micro 5.4
Ссылки
- Link for SUSE-SU-2024:0129-1
- E-Mail link for SUSE-SU-2024:0129-1
- SUSE Security Ratings
- SUSE Bug 1179610
- SUSE Bug 1183045
- SUSE Bug 1193285
- SUSE Bug 1211162
- SUSE Bug 1211226
- SUSE Bug 1212584
- SUSE Bug 1214747
- SUSE Bug 1214823
- SUSE Bug 1215237
- SUSE Bug 1215696
- SUSE Bug 1215885
- SUSE Bug 1216057
- SUSE Bug 1216559
- SUSE Bug 1216776
- SUSE Bug 1217036
- SUSE Bug 1217217
- SUSE Bug 1217250
Описание
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Затронутые продукты
Ссылки
- CVE-2020-26555
- SUSE Bug 1179610
- SUSE Bug 1215237
- SUSE Bug 1220015
Описание
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
Затронутые продукты
Ссылки
- CVE-2023-51779
- SUSE Bug 1218559
- SUSE Bug 1218610
- SUSE Bug 1220015
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598
Описание
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Затронутые продукты
Ссылки
- CVE-2023-6121
- SUSE Bug 1217250
Описание
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.
Затронутые продукты
Ссылки
- CVE-2023-6531
- SUSE Bug 1218447
- SUSE Bug 1218487
Описание
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-6546
- SUSE Bug 1218335
- SUSE Bug 1222685
Описание
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2023-6606
- SUSE Bug 1217947
- SUSE Bug 1220015
Описание
An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2023-6610
- SUSE Bug 1217946
Описание
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-6622
- SUSE Bug 1217938
Описание
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
Затронутые продукты
Ссылки
- CVE-2023-6931
- SUSE Bug 1214158
- SUSE Bug 1218258
- SUSE Bug 1220191
Описание
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
Затронутые продукты
Ссылки
- CVE-2023-6932
- SUSE Bug 1218253
- SUSE Bug 1218255
- SUSE Bug 1220015
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598