SUSE-SU-2023:3309-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Aug 14 16:30:11 UTC 2023
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3309-1
Rating: important
References:
* #1188885
* #1202670
* #1206418
* #1207526
* #1207528
* #1211738
* #1212266
* #1213167
* #1213287
* #1213350
* #1213585
* #1213586
* #1213588
* #1213705
* #1213747
* #1213766
* #1213819
* #1213823
* #1213825
* #1213827
* #1213842
* #962880
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise High Availability Extension 12 SP5
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
An update that solves seven vulnerabilities and has 15 fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: A transient execution attack called "Gather Data Sampling"
affecting is mitigated, together with respective Intel CPU Microcode updates
(bsc#1206418, CVE-2022-40982).
* CVE-2023-0459: Fixed that copy_from_user on 64-bit versions of the Linux
kernel did not implement the __uaccess_begin_nospec allowing a user to
bypass the "access_ok" check which could be used to leak information
(bsc#1211738).
* CVE-2023-20569: A side channel attack known as ‘Inception’ or ‘RAS
Poisoning’ may allow an attacker to influence branch prediction, potentially
leading to information disclosure. (bsc#1213287).
* CVE-2023-3567: A use-after-free flaw was found in vcs_read in
drivers/tty/vt/vc_screen.c in vc_screen. This flaw allowed an attacker with
local user access to cause a system crash or leak internal kernel
information (bsc#1213167bsc#1213842).
* CVE-2023-3609: A use-after-free vulnerability was fixed in net/sched:
cls_u32 component can be exploited to achieve local privilege escalation. If
tcf_change_indev() fails, u32_set_parms() will immediately return an error
after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and set
it to zero, they can cause the reference to be freed, leading to a use-
after-free vulnerability. (bsc#1213586).
* CVE-2023-3611: An out-of-bounds write vulnerability was fixed in net/sched:
sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allowed an out-of-
bounds write because lmax is updated according to packet sizes without
bounds checks. (bsc#1213585).
* CVE-2023-3776: A use-after-free vulnerability was fixed in net/sched: cls_fw
component can be exploited to achieve local privilege escalation. If
tcf_change_indev() fails, fw_set_parms() will immediately return an error
after incrementing or decrementing the reference counter in
tcf_bind_filter(). If an attacker can control the reference counter and set
it to zero, they can cause the reference to be freed, leading to a use-
after-free vulnerability. (bsc#1213588).
The following non-security bugs were fixed:
* Fix double fget() in vhost_net_set_backend() (git-fixes).
* NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-
fixes).
* SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
* SUNRPC: remove the maximum number of retries in call_bind_status (git-
fixes).
* block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* livepatch: check kzalloc return values (git-fixes).
* media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
* net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* powerpc/64: Update Speculation_Store_Bypass in /proc/<pid>/status
(bsc#1188885 ltc#193722 git-fixes).
* powerpc/security: Fix Speculation_Store_Bypass reporting on Power10
(bsc#1188885 ltc#193722 git-fixes).
* rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME
They depend on CONFIG_TOOLCHAIN_HAS__.
* s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526).
* s390/cio: check the subchannel validity for dev_busid (bsc#1207526).
* s390/cio: introduce io_subchannel_type (bsc#1207526).
* s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits (git-
fixes bsc#1213827).
* s390/maccess: add no DAT mode to kernel_write (git-fixes bsc#1213825).
* s390/numa: move initial setup of node_to_cpumask_map (git-fixes
bsc#1213766).
* scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
* scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: Correct the index of array (bsc#1213747).
* scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
* scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
* scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
* scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: Fix end of loop test (bsc#1213747).
* scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
* scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
* scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
* svcrdma: Prevent page release when nothing was received (git-fixes).
* vfio-ccw: Prevent quiesce function going into an infinite loop (git-fixes
bsc#1213819).
* vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
(git-fixes bsc#1213823).
* vhost/test: fix build for vhost test (git-fixes).
* vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
* vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-
fixes).
* vhost/vsock: fix incorrect used length reported to the guest (git-fixes).
* vhost/vsock: fix packet delivery order to monitoring devices (git-fixes).
* vhost/vsock: split packets to send using multiple buffers (git-fixes).
* vhost: Fix the calculation in vhost_overflow() (git-fixes).
* vhost_net: disable zerocopy by default (git-fixes).
* vhost_net: fix OoB on sendmsg() failure (git-fixes).
* virtio-balloon: fix managed page counts when migrating pages between zones
(git-fixes).
* virtio-mmio: fix missing put_device() when vm_cmdline_parent registration
failed (git-fixes).
* virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
* virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
* virtio: Improve vq->broken access to avoid any compiler optimization (git-
fixes).
* virtio_net: Fix error handling in virtnet_restore() (git-fixes).
* virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
* virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
* virtio_ring: Fix querying of maximum DMA mapping size for virtio device
(git-fixes).
* vringh: Use wiov->used to check for read/write desc order (git-fixes).
* vringh: fix __vringh_iov() when riov and wiov are different (git-fixes).
* vsock/virtio: stop workers during the .remove() (git-fixes).
* vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock (git-
fixes).
* xen/blkfront: Only check REQ_FUA for writes (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3309=1 SUSE-SLE-
HA-12-SP5-2023-3309=1
* SUSE Linux Enterprise High Availability Extension 12 SP5
zypper in -t patch SUSE-SLE-HA-12-SP5-2023-3309=1
* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-3309=1
* SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-3309=1
* SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3309=1
* SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-3309=1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2023-3309=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
* ocfs2-kmp-default-4.12.14-122.173.1
* kernel-default-devel-4.12.14-122.173.1
* kernel-default-debugsource-4.12.14-122.173.1
* gfs2-kmp-default-debuginfo-4.12.14-122.173.1
* kernel-syms-4.12.14-122.173.1
* dlm-kmp-default-debuginfo-4.12.14-122.173.1
* ocfs2-kmp-default-debuginfo-4.12.14-122.173.1
* cluster-md-kmp-default-debuginfo-4.12.14-122.173.1
* kernel-default-debuginfo-4.12.14-122.173.1
* kernel-default-base-debuginfo-4.12.14-122.173.1
* dlm-kmp-default-4.12.14-122.173.1
* cluster-md-kmp-default-4.12.14-122.173.1
* kernel-default-base-4.12.14-122.173.1
* gfs2-kmp-default-4.12.14-122.173.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le
x86_64)
* kernel-default-4.12.14-122.173.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
* kernel-devel-4.12.14-122.173.1
* kernel-macros-4.12.14-122.173.1
* kernel-source-4.12.14-122.173.1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-122.173.1
* SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x
x86_64)
* ocfs2-kmp-default-4.12.14-122.173.1
* kernel-default-debugsource-4.12.14-122.173.1
* gfs2-kmp-default-debuginfo-4.12.14-122.173.1
* dlm-kmp-default-debuginfo-4.12.14-122.173.1
* ocfs2-kmp-default-debuginfo-4.12.14-122.173.1
* cluster-md-kmp-default-debuginfo-4.12.14-122.173.1
* kernel-default-debuginfo-4.12.14-122.173.1
* dlm-kmp-default-4.12.14-122.173.1
* cluster-md-kmp-default-4.12.14-122.173.1
* gfs2-kmp-default-4.12.14-122.173.1
* SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
* kernel-default-4.12.14-122.173.1
* SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
* kernel-default-4.12.14-122.173.1
* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_173-default-1-8.3.3
* kernel-default-debugsource-4.12.14-122.173.1
* kernel-default-kgraft-4.12.14-122.173.1
* kernel-default-debuginfo-4.12.14-122.173.1
* kernel-default-kgraft-devel-4.12.14-122.173.1
* SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
* kernel-docs-4.12.14-122.173.1
* SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
x86_64)
* kernel-obs-build-debugsource-4.12.14-122.173.1
* kernel-obs-build-4.12.14-122.173.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc
x86_64)
* kernel-default-4.12.14-122.173.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
* kernel-default-devel-4.12.14-122.173.1
* kernel-default-debugsource-4.12.14-122.173.1
* kernel-syms-4.12.14-122.173.1
* kernel-default-base-debuginfo-4.12.14-122.173.1
* kernel-default-debuginfo-4.12.14-122.173.1
* kernel-default-base-4.12.14-122.173.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
* kernel-devel-4.12.14-122.173.1
* kernel-macros-4.12.14-122.173.1
* kernel-source-4.12.14-122.173.1
* SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-122.173.1
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-4.12.14-122.173.1
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-4.12.14-122.173.1
* kernel-default-debugsource-4.12.14-122.173.1
* kernel-syms-4.12.14-122.173.1
* kernel-default-base-debuginfo-4.12.14-122.173.1
* kernel-default-debuginfo-4.12.14-122.173.1
* kernel-default-base-4.12.14-122.173.1
* SUSE Linux Enterprise Server 12 SP5 (noarch)
* kernel-devel-4.12.14-122.173.1
* kernel-macros-4.12.14-122.173.1
* kernel-source-4.12.14-122.173.1
* SUSE Linux Enterprise Server 12 SP5 (s390x)
* kernel-default-man-4.12.14-122.173.1
* SUSE Linux Enterprise Server 12 SP5 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-122.173.1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
* kernel-default-4.12.14-122.173.1
* SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
* kernel-default-debuginfo-4.12.14-122.173.1
* kernel-default-extra-4.12.14-122.173.1
* kernel-default-debugsource-4.12.14-122.173.1
* kernel-default-extra-debuginfo-4.12.14-122.173.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://bugzilla.suse.com/show_bug.cgi?id=1188885
* https://bugzilla.suse.com/show_bug.cgi?id=1202670
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207526
* https://bugzilla.suse.com/show_bug.cgi?id=1207528
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1212266
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213350
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213766
* https://bugzilla.suse.com/show_bug.cgi?id=1213819
* https://bugzilla.suse.com/show_bug.cgi?id=1213823
* https://bugzilla.suse.com/show_bug.cgi?id=1213825
* https://bugzilla.suse.com/show_bug.cgi?id=1213827
* https://bugzilla.suse.com/show_bug.cgi?id=1213842
* https://bugzilla.suse.com/show_bug.cgi?id=962880
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230814/2706d11f/attachment.htm>
More information about the sle-security-updates
mailing list