SUSE-SU-2023:2805-1: important: Security update for the Linux Kernel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jul 11 08:37:10 UTC 2023
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:2805-1
Rating: important
References:
* #1126703
* #1204405
* #1205756
* #1205758
* #1205760
* #1205762
* #1205803
* #1206878
* #1207036
* #1207125
* #1207168
* #1207795
* #1208600
* #1208777
* #1208837
* #1209008
* #1209039
* #1209052
* #1209256
* #1209287
* #1209289
* #1209291
* #1209532
* #1209549
* #1209687
* #1209871
* #1210329
* #1210336
* #1210337
* #1210498
* #1210506
* #1210647
* #1210715
* #1210940
* #1211105
* #1211186
* #1211449
* #1212128
* #1212129
* #1212154
* #1212501
* #1212842
Cross-References:
* CVE-2017-5753
* CVE-2018-20784
* CVE-2022-3566
* CVE-2022-45884
* CVE-2022-45885
* CVE-2022-45886
* CVE-2022-45887
* CVE-2022-45919
* CVE-2023-0590
* CVE-2023-1077
* CVE-2023-1095
* CVE-2023-1118
* CVE-2023-1249
* CVE-2023-1380
* CVE-2023-1390
* CVE-2023-1513
* CVE-2023-1611
* CVE-2023-1670
* CVE-2023-1989
* CVE-2023-1990
* CVE-2023-1998
* CVE-2023-2124
* CVE-2023-2162
* CVE-2023-2194
* CVE-2023-23454
* CVE-2023-23455
* CVE-2023-2513
* CVE-2023-28328
* CVE-2023-28464
* CVE-2023-28772
* CVE-2023-30772
* CVE-2023-3090
* CVE-2023-3141
* CVE-2023-31436
* CVE-2023-3159
* CVE-2023-3161
* CVE-2023-32269
* CVE-2023-35824
CVSS scores:
* CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2018-20784 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-20784 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-20784 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-28772 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-28772 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP2
* SUSE Linux Enterprise Server 12 SP2
* SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
An update that solves 38 vulnerabilities and has four fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
* CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
* CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to
dvb_register_device dynamically allocating fops (bsc#1205756).
* CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a
use-after-free when a device is disconnected (bsc#1205758).
* CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in
dvb_net.c that lead to a use-after-free (bsc#1205760).
* CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a
dvb_frontend_detach call (bsc#1205762).
* CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur
if there is a disconnect after an open, because of the lack of a wait_event
(bsc#1205803).
* CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
* CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could
cause memory corruption (bsc#1208600).
* CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed
list head (bsc#1208777).
* CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in
media/rc (bsc#1208837).
* CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that
allowed a local user to crash the system (bsc#1209039).
* CVE-2023-1380: Fixed a slab-out-of-bound read problem in
brcmf_get_assoc_ies() (bsc#1209287).
* CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit()
(bsc#1209289).
* CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
structure that could be copied to userspace, causing an information leak
(bsc#1209532).
* CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot
(bsc#1209687).
* CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet
driver. A local user could use this flaw to crash the system or potentially
escalate their privileges on the system (bsc#1209871).
* CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
* CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
* CVE-2023-1998: Fixed a use after free during login when accessing the shost
ipaddress (bsc#1210506).
* CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could
have lead to denial-of-service or potentially privilege escalation
(bsc#1210498).
* CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create
(bsc#1210647).
* CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C
device driver (bsc#1210715).
* CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler
(bsc#1207036).
* CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
net/sched/sch_atm.c because of type confusion (non-negative numbers can
sometimes indicate a TC_ACT_SHOT condition rather than valid classification
results) (bsc#1207125).
* CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem
(bsc#1211105).
* CVE-2023-28328: Fixed a denial of service issue in az6027 driver in
drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
* CVE-2023-28464: Fixed user-after-free that could lead to privilege
escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
* CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c
(bsc#1209549).
* CVE-2023-30772: Fixed race condition and resultant use-after-free in
da9150_charger_remove (bsc#1210329).
* CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver
(bsc#1212842).
* CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in
drivers/memstick/host/r592.c, that allowed local attackers to crash the
system at device disconnect (bsc#1212129).
* CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because
lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
* CVE-2023-3159: Fixed use-after-free issue in driver/firewire in
outbound_phy_packet_callback (bsc#1212128).
* CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
* CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact
that accept() was also allowed for a successfully connected AF_NETROM socket
(bsc#1211186).
* CVE-2023-35824: Fixed a use-after-free in dm1105_remove in
drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
The following non-security bugs were fixed:
* Do not sign the vanilla kernel (bsc#1209008).
* Drop dvb-core fix patch due to regression (bsc#1205758).
* Revert CVE-2018-20784 due to regression (bsc#1126703).
* binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039
CVE-2023-1249).
* bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464).
* bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished
work (CVE-2023-1989 bsc#1210336).
* btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611
bsc#1209687).
* do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036
CVE-2023-23454 bsc#1207125 CVE-2023-23455).
* ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
* ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105
CVE-2023-2513).
* fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
* firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159
bsc#1212128).
* fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
* i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
(bsc#1210715 CVE-2023-2194).
* ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
(bsc#1207168).
* ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
CVE-2023-3090).
* kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753).
* kvm: initialize all of the kvm_debugregs structure before sending it to
userspace (bsc#1209532 CVE-2023-1513).
* media: dm1105: Fix use after free bug in dm1105_remove due to race condition
(bsc#1212501 CVE-2023-35824).
* media: dvb-core: Fix use-after-free due on race condition at dvb_net
(CVE-2022-45886 bsc#1205760).
* media: dvb-core: Fix use-after-free due to race at dvb_register_device()
(CVE-2022-45884 bsc#1205756).
* media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
(CVE-2022-45919 bsc#1205803).
* media: dvb-core: Fix use-after-free on race condition at dvb_frontend
(CVE-2022-45885 bsc#1205758).
* media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291
CVE-2023-28328).
* media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758).
* media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
* media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884
bsc#1205756).
* media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118
bsc#1208837).
* media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887
bsc#1205762).
* memstick: r592: Fix UAF bug in r592_remove due to race condition
(CVE-2023-3141 bsc#1212129 bsc#1211449).
* net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
(bsc#1210940 CVE-2023-31436).
* netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095
bsc#1208777).
* netrom: Fix use-after-free caused by accept on already connected socket
(bsc#1211186 CVE-2023-32269).
* nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
(git-fixes bsc#1210337 CVE-2023-1990).
* power: supply: da9150: Fix use after free bug in da9150_charger_remove due
to race condition (CVE-2023-30772 bsc#1210329).
* prlimit: do_prlimit needs to have a speculation check (bsc#1209256
CVE-2017-5753).
* sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600
CVE-2023-1077).
* scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
(bsc#1210647 CVE-2023-2162).
* seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772).
* tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566).
* tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390).
* wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
(bsc#1209287 CVE-2023-1380).
* x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506
CVE-2023-1998).
* xfs: verify buffer contents when we skip log replay (bsc#1210498
CVE-2023-2124).
* xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871
CVE-2023-1670).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2805=1
## Package List:
* SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64)
* kernel-default-4.4.121-92.205.1
* SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
* kernel-syms-4.4.121-92.205.1
* kernel-default-base-debuginfo-4.4.121-92.205.1
* kernel-default-debuginfo-4.4.121-92.205.1
* kernel-default-devel-4.4.121-92.205.1
* kernel-default-base-4.4.121-92.205.1
* kernel-default-debugsource-4.4.121-92.205.1
* SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
* kernel-devel-4.4.121-92.205.1
* kernel-macros-4.4.121-92.205.1
* kernel-source-4.4.121-92.205.1
## References:
* https://www.suse.com/security/cve/CVE-2017-5753.html
* https://www.suse.com/security/cve/CVE-2018-20784.html
* https://www.suse.com/security/cve/CVE-2022-3566.html
* https://www.suse.com/security/cve/CVE-2022-45884.html
* https://www.suse.com/security/cve/CVE-2022-45885.html
* https://www.suse.com/security/cve/CVE-2022-45886.html
* https://www.suse.com/security/cve/CVE-2022-45887.html
* https://www.suse.com/security/cve/CVE-2022-45919.html
* https://www.suse.com/security/cve/CVE-2023-0590.html
* https://www.suse.com/security/cve/CVE-2023-1077.html
* https://www.suse.com/security/cve/CVE-2023-1095.html
* https://www.suse.com/security/cve/CVE-2023-1118.html
* https://www.suse.com/security/cve/CVE-2023-1249.html
* https://www.suse.com/security/cve/CVE-2023-1380.html
* https://www.suse.com/security/cve/CVE-2023-1390.html
* https://www.suse.com/security/cve/CVE-2023-1513.html
* https://www.suse.com/security/cve/CVE-2023-1611.html
* https://www.suse.com/security/cve/CVE-2023-1670.html
* https://www.suse.com/security/cve/CVE-2023-1989.html
* https://www.suse.com/security/cve/CVE-2023-1990.html
* https://www.suse.com/security/cve/CVE-2023-1998.html
* https://www.suse.com/security/cve/CVE-2023-2124.html
* https://www.suse.com/security/cve/CVE-2023-2162.html
* https://www.suse.com/security/cve/CVE-2023-2194.html
* https://www.suse.com/security/cve/CVE-2023-23454.html
* https://www.suse.com/security/cve/CVE-2023-23455.html
* https://www.suse.com/security/cve/CVE-2023-2513.html
* https://www.suse.com/security/cve/CVE-2023-28328.html
* https://www.suse.com/security/cve/CVE-2023-28464.html
* https://www.suse.com/security/cve/CVE-2023-28772.html
* https://www.suse.com/security/cve/CVE-2023-30772.html
* https://www.suse.com/security/cve/CVE-2023-3090.html
* https://www.suse.com/security/cve/CVE-2023-3141.html
* https://www.suse.com/security/cve/CVE-2023-31436.html
* https://www.suse.com/security/cve/CVE-2023-3159.html
* https://www.suse.com/security/cve/CVE-2023-3161.html
* https://www.suse.com/security/cve/CVE-2023-32269.html
* https://www.suse.com/security/cve/CVE-2023-35824.html
* https://bugzilla.suse.com/show_bug.cgi?id=1126703
* https://bugzilla.suse.com/show_bug.cgi?id=1204405
* https://bugzilla.suse.com/show_bug.cgi?id=1205756
* https://bugzilla.suse.com/show_bug.cgi?id=1205758
* https://bugzilla.suse.com/show_bug.cgi?id=1205760
* https://bugzilla.suse.com/show_bug.cgi?id=1205762
* https://bugzilla.suse.com/show_bug.cgi?id=1205803
* https://bugzilla.suse.com/show_bug.cgi?id=1206878
* https://bugzilla.suse.com/show_bug.cgi?id=1207036
* https://bugzilla.suse.com/show_bug.cgi?id=1207125
* https://bugzilla.suse.com/show_bug.cgi?id=1207168
* https://bugzilla.suse.com/show_bug.cgi?id=1207795
* https://bugzilla.suse.com/show_bug.cgi?id=1208600
* https://bugzilla.suse.com/show_bug.cgi?id=1208777
* https://bugzilla.suse.com/show_bug.cgi?id=1208837
* https://bugzilla.suse.com/show_bug.cgi?id=1209008
* https://bugzilla.suse.com/show_bug.cgi?id=1209039
* https://bugzilla.suse.com/show_bug.cgi?id=1209052
* https://bugzilla.suse.com/show_bug.cgi?id=1209256
* https://bugzilla.suse.com/show_bug.cgi?id=1209287
* https://bugzilla.suse.com/show_bug.cgi?id=1209289
* https://bugzilla.suse.com/show_bug.cgi?id=1209291
* https://bugzilla.suse.com/show_bug.cgi?id=1209532
* https://bugzilla.suse.com/show_bug.cgi?id=1209549
* https://bugzilla.suse.com/show_bug.cgi?id=1209687
* https://bugzilla.suse.com/show_bug.cgi?id=1209871
* https://bugzilla.suse.com/show_bug.cgi?id=1210329
* https://bugzilla.suse.com/show_bug.cgi?id=1210336
* https://bugzilla.suse.com/show_bug.cgi?id=1210337
* https://bugzilla.suse.com/show_bug.cgi?id=1210498
* https://bugzilla.suse.com/show_bug.cgi?id=1210506
* https://bugzilla.suse.com/show_bug.cgi?id=1210647
* https://bugzilla.suse.com/show_bug.cgi?id=1210715
* https://bugzilla.suse.com/show_bug.cgi?id=1210940
* https://bugzilla.suse.com/show_bug.cgi?id=1211105
* https://bugzilla.suse.com/show_bug.cgi?id=1211186
* https://bugzilla.suse.com/show_bug.cgi?id=1211449
* https://bugzilla.suse.com/show_bug.cgi?id=1212128
* https://bugzilla.suse.com/show_bug.cgi?id=1212129
* https://bugzilla.suse.com/show_bug.cgi?id=1212154
* https://bugzilla.suse.com/show_bug.cgi?id=1212501
* https://bugzilla.suse.com/show_bug.cgi?id=1212842
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230711/315baee3/attachment.htm>
More information about the sle-security-updates
mailing list