SUSE-SU-2024:0156-1

Описание

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
• CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
• CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
• CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
• CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
• CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
• CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).
• CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
• CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
• CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).

The following non-security bugs were fixed:

• Reviewed and added more information to README.SUSE (jsc#PED-5021).
• Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
• Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
• KVM: s390/mm: Properly reset no-dat (bsc#1218056).
• KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
• KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
• NFS: Fix O_DIRECT locking issues (bsc#1211162).
• NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
• NFS: Fix a potential data corruption (bsc#1211162).
• NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
• NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
• NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
• NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
• NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
• NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
• Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459)
• block: fix revalidate performance regression (bsc#1216057).
• bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
• ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
• ceph: fix type promotion bug on 32bit systems (bsc#1217982).
• clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
• clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
• clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
• clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
• clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
• clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
• clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
• clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
• dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
• fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
• libceph: use kernel_connect() (bsc#1217981).
• mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
• net/smc: Fix pos miscalculation in statistics (bsc#1218139).
• net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
• nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
• remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
• s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
• scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
• swiotlb: fix a braino in the alignment check fix (bsc#1216559).
• swiotlb: fix slot alignment checks (bsc#1216559).
• tracing: Disable preemption when using the filter buffer (bsc#1217036).
• tracing: Fix a possible race when disabling buffered events (bsc#1217036).
• tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
• tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
• tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
• tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
• uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
• vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
• x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
• x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
• x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
• x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
• x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).