SUSE-SU-2023:2805-1: important: Security update for the Linux Kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Jul 11 08:37:10 UTC 2023



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:2805-1  
Rating: important  
References:

  * #1126703
  * #1204405
  * #1205756
  * #1205758
  * #1205760
  * #1205762
  * #1205803
  * #1206878
  * #1207036
  * #1207125
  * #1207168
  * #1207795
  * #1208600
  * #1208777
  * #1208837
  * #1209008
  * #1209039
  * #1209052
  * #1209256
  * #1209287
  * #1209289
  * #1209291
  * #1209532
  * #1209549
  * #1209687
  * #1209871
  * #1210329
  * #1210336
  * #1210337
  * #1210498
  * #1210506
  * #1210647
  * #1210715
  * #1210940
  * #1211105
  * #1211186
  * #1211449
  * #1212128
  * #1212129
  * #1212154
  * #1212501
  * #1212842

  
Cross-References:

  * CVE-2017-5753
  * CVE-2018-20784
  * CVE-2022-3566
  * CVE-2022-45884
  * CVE-2022-45885
  * CVE-2022-45886
  * CVE-2022-45887
  * CVE-2022-45919
  * CVE-2023-0590
  * CVE-2023-1077
  * CVE-2023-1095
  * CVE-2023-1118
  * CVE-2023-1249
  * CVE-2023-1380
  * CVE-2023-1390
  * CVE-2023-1513
  * CVE-2023-1611
  * CVE-2023-1670
  * CVE-2023-1989
  * CVE-2023-1990
  * CVE-2023-1998
  * CVE-2023-2124
  * CVE-2023-2162
  * CVE-2023-2194
  * CVE-2023-23454
  * CVE-2023-23455
  * CVE-2023-2513
  * CVE-2023-28328
  * CVE-2023-28464
  * CVE-2023-28772
  * CVE-2023-30772
  * CVE-2023-3090
  * CVE-2023-3141
  * CVE-2023-31436
  * CVE-2023-3159
  * CVE-2023-3161
  * CVE-2023-32269
  * CVE-2023-35824

  
CVSS scores:

  * CVE-2017-5753 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( SUSE ):  7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2017-5753 ( NVD ):  5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2018-20784 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2018-20784 ( NVD ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2018-20784 ( NVD ):  9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-3566 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-3566 ( NVD ):  7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45884 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45884 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45885 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45885 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45886 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45886 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45887 ( SUSE ):  4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45887 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-45919 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-45919 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-0590 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-0590 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1077 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1077 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1095 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1095 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1118 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1118 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1249 ( SUSE ):  5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  * CVE-2023-1249 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1380 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-1380 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-1390 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1390 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1513 ( SUSE ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-1513 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-1611 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1611 ( NVD ):  6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-1670 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
  * CVE-2023-1670 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1989 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1989 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1990 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-1990 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1998 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-1998 ( NVD ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-2124 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2124 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2162 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2162 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-2194 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  * CVE-2023-2194 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-23454 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-23454 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-23455 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-23455 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-2513 ( SUSE ):  6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2513 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28328 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-28328 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-28464 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28464 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28772 ( SUSE ):  7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-28772 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-30772 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-30772 ( NVD ):  6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3090 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3090 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3141 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  * CVE-2023-3141 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-31436 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-31436 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3159 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3159 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3161 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-3161 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-32269 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-32269 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-35824 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-35824 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP2
  * SUSE Linux Enterprise Server 12 SP2
  * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2

  
  
An update that solves 38 vulnerabilities and has four fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
  * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to
    dvb_register_device dynamically allocating fops (bsc#1205756).
  * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a
    use-after-free when a device is disconnected (bsc#1205758).
  * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in
    dvb_net.c that lead to a use-after-free (bsc#1205760).
  * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a
    dvb_frontend_detach call (bsc#1205762).
  * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur
    if there is a disconnect after an open, because of the lack of a wait_event
    (bsc#1205803).
  * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
  * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could
    cause memory corruption (bsc#1208600).
  * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed
    list head (bsc#1208777).
  * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in
    media/rc (bsc#1208837).
  * CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that
    allowed a local user to crash the system (bsc#1209039).
  * CVE-2023-1380: Fixed a slab-out-of-bound read problem in
    brcmf_get_assoc_ies() (bsc#1209287).
  * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit()
    (bsc#1209289).
  * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs
    structure that could be copied to userspace, causing an information leak
    (bsc#1209532).
  * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot
    (bsc#1209687).
  * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet
    driver. A local user could use this flaw to crash the system or potentially
    escalate their privileges on the system (bsc#1209871).
  * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
  * CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
  * CVE-2023-1998: Fixed a use after free during login when accessing the shost
    ipaddress (bsc#1210506).
  * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could
    have lead to denial-of-service or potentially privilege escalation
    (bsc#1210498).
  * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create
    (bsc#1210647).
  * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C
    device driver (bsc#1210715).
  * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler
    (bsc#1207036).
  * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
    net/sched/sch_atm.c because of type confusion (non-negative numbers can
    sometimes indicate a TC_ACT_SHOT condition rather than valid classification
    results) (bsc#1207125).
  * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem
    (bsc#1211105).
  * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in
    drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
  * CVE-2023-28464: Fixed user-after-free that could lead to privilege
    escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
  * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c
    (bsc#1209549).
  * CVE-2023-30772: Fixed race condition and resultant use-after-free in
    da9150_charger_remove (bsc#1210329).
  * CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver
    (bsc#1212842).
  * CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in
    drivers/memstick/host/r592.c, that allowed local attackers to crash the
    system at device disconnect (bsc#1212129).
  * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because
    lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
  * CVE-2023-3159: Fixed use-after-free issue in driver/firewire in
    outbound_phy_packet_callback (bsc#1212128).
  * CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
  * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact
    that accept() was also allowed for a successfully connected AF_NETROM socket
    (bsc#1211186).
  * CVE-2023-35824: Fixed a use-after-free in dm1105_remove in
    drivers/media/pci/dm1105/dm1105.c (bsc#1212501).

The following non-security bugs were fixed:

  * Do not sign the vanilla kernel (bsc#1209008).
  * Drop dvb-core fix patch due to regression (bsc#1205758).
  * Revert CVE-2018-20784 due to regression (bsc#1126703).
  * binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039
    CVE-2023-1249).
  * bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464).
  * bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished
    work (CVE-2023-1989 bsc#1210336).
  * btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611
    bsc#1209687).
  * do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036
    CVE-2023-23454 bsc#1207125 CVE-2023-23455).
  * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
  * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105
    CVE-2023-2513).
  * fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
  * firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159
    bsc#1212128).
  * fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
  * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
    (bsc#1210715 CVE-2023-2194).
  * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
    (bsc#1207168).
  * ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
    CVE-2023-3090).
  * kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753).
  * kvm: initialize all of the kvm_debugregs structure before sending it to
    userspace (bsc#1209532 CVE-2023-1513).
  * media: dm1105: Fix use after free bug in dm1105_remove due to race condition
    (bsc#1212501 CVE-2023-35824).
  * media: dvb-core: Fix use-after-free due on race condition at dvb_net
    (CVE-2022-45886 bsc#1205760).
  * media: dvb-core: Fix use-after-free due to race at dvb_register_device()
    (CVE-2022-45884 bsc#1205756).
  * media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
    (CVE-2022-45919 bsc#1205803).
  * media: dvb-core: Fix use-after-free on race condition at dvb_frontend
    (CVE-2022-45885 bsc#1205758).
  * media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291
    CVE-2023-28328).
  * media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758).
  * media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
  * media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884
    bsc#1205756).
  * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118
    bsc#1208837).
  * media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887
    bsc#1205762).
  * memstick: r592: Fix UAF bug in r592_remove due to race condition
    (CVE-2023-3141 bsc#1212129 bsc#1211449).
  * net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
    (bsc#1210940 CVE-2023-31436).
  * netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095
    bsc#1208777).
  * netrom: Fix use-after-free caused by accept on already connected socket
    (bsc#1211186 CVE-2023-32269).
  * nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
    (git-fixes bsc#1210337 CVE-2023-1990).
  * power: supply: da9150: Fix use after free bug in da9150_charger_remove due
    to race condition (CVE-2023-30772 bsc#1210329).
  * prlimit: do_prlimit needs to have a speculation check (bsc#1209256
    CVE-2017-5753).
  * sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600
    CVE-2023-1077).
  * scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
    (bsc#1210647 CVE-2023-2162).
  * seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772).
  * tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566).
  * tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390).
  * wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
    (bsc#1209287 CVE-2023-1380).
  * x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506
    CVE-2023-1998).
  * xfs: verify buffer contents when we skip log replay (bsc#1210498
    CVE-2023-2124).
  * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871
    CVE-2023-1670).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2  
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2805=1

## Package List:

  * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64)
    * kernel-default-4.4.121-92.205.1
  * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
    * kernel-syms-4.4.121-92.205.1
    * kernel-default-base-debuginfo-4.4.121-92.205.1
    * kernel-default-debuginfo-4.4.121-92.205.1
    * kernel-default-devel-4.4.121-92.205.1
    * kernel-default-base-4.4.121-92.205.1
    * kernel-default-debugsource-4.4.121-92.205.1
  * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
    * kernel-devel-4.4.121-92.205.1
    * kernel-macros-4.4.121-92.205.1
    * kernel-source-4.4.121-92.205.1

## References:

  * https://www.suse.com/security/cve/CVE-2017-5753.html
  * https://www.suse.com/security/cve/CVE-2018-20784.html
  * https://www.suse.com/security/cve/CVE-2022-3566.html
  * https://www.suse.com/security/cve/CVE-2022-45884.html
  * https://www.suse.com/security/cve/CVE-2022-45885.html
  * https://www.suse.com/security/cve/CVE-2022-45886.html
  * https://www.suse.com/security/cve/CVE-2022-45887.html
  * https://www.suse.com/security/cve/CVE-2022-45919.html
  * https://www.suse.com/security/cve/CVE-2023-0590.html
  * https://www.suse.com/security/cve/CVE-2023-1077.html
  * https://www.suse.com/security/cve/CVE-2023-1095.html
  * https://www.suse.com/security/cve/CVE-2023-1118.html
  * https://www.suse.com/security/cve/CVE-2023-1249.html
  * https://www.suse.com/security/cve/CVE-2023-1380.html
  * https://www.suse.com/security/cve/CVE-2023-1390.html
  * https://www.suse.com/security/cve/CVE-2023-1513.html
  * https://www.suse.com/security/cve/CVE-2023-1611.html
  * https://www.suse.com/security/cve/CVE-2023-1670.html
  * https://www.suse.com/security/cve/CVE-2023-1989.html
  * https://www.suse.com/security/cve/CVE-2023-1990.html
  * https://www.suse.com/security/cve/CVE-2023-1998.html
  * https://www.suse.com/security/cve/CVE-2023-2124.html
  * https://www.suse.com/security/cve/CVE-2023-2162.html
  * https://www.suse.com/security/cve/CVE-2023-2194.html
  * https://www.suse.com/security/cve/CVE-2023-23454.html
  * https://www.suse.com/security/cve/CVE-2023-23455.html
  * https://www.suse.com/security/cve/CVE-2023-2513.html
  * https://www.suse.com/security/cve/CVE-2023-28328.html
  * https://www.suse.com/security/cve/CVE-2023-28464.html
  * https://www.suse.com/security/cve/CVE-2023-28772.html
  * https://www.suse.com/security/cve/CVE-2023-30772.html
  * https://www.suse.com/security/cve/CVE-2023-3090.html
  * https://www.suse.com/security/cve/CVE-2023-3141.html
  * https://www.suse.com/security/cve/CVE-2023-31436.html
  * https://www.suse.com/security/cve/CVE-2023-3159.html
  * https://www.suse.com/security/cve/CVE-2023-3161.html
  * https://www.suse.com/security/cve/CVE-2023-32269.html
  * https://www.suse.com/security/cve/CVE-2023-35824.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1126703
  * https://bugzilla.suse.com/show_bug.cgi?id=1204405
  * https://bugzilla.suse.com/show_bug.cgi?id=1205756
  * https://bugzilla.suse.com/show_bug.cgi?id=1205758
  * https://bugzilla.suse.com/show_bug.cgi?id=1205760
  * https://bugzilla.suse.com/show_bug.cgi?id=1205762
  * https://bugzilla.suse.com/show_bug.cgi?id=1205803
  * https://bugzilla.suse.com/show_bug.cgi?id=1206878
  * https://bugzilla.suse.com/show_bug.cgi?id=1207036
  * https://bugzilla.suse.com/show_bug.cgi?id=1207125
  * https://bugzilla.suse.com/show_bug.cgi?id=1207168
  * https://bugzilla.suse.com/show_bug.cgi?id=1207795
  * https://bugzilla.suse.com/show_bug.cgi?id=1208600
  * https://bugzilla.suse.com/show_bug.cgi?id=1208777
  * https://bugzilla.suse.com/show_bug.cgi?id=1208837
  * https://bugzilla.suse.com/show_bug.cgi?id=1209008
  * https://bugzilla.suse.com/show_bug.cgi?id=1209039
  * https://bugzilla.suse.com/show_bug.cgi?id=1209052
  * https://bugzilla.suse.com/show_bug.cgi?id=1209256
  * https://bugzilla.suse.com/show_bug.cgi?id=1209287
  * https://bugzilla.suse.com/show_bug.cgi?id=1209289
  * https://bugzilla.suse.com/show_bug.cgi?id=1209291
  * https://bugzilla.suse.com/show_bug.cgi?id=1209532
  * https://bugzilla.suse.com/show_bug.cgi?id=1209549
  * https://bugzilla.suse.com/show_bug.cgi?id=1209687
  * https://bugzilla.suse.com/show_bug.cgi?id=1209871
  * https://bugzilla.suse.com/show_bug.cgi?id=1210329
  * https://bugzilla.suse.com/show_bug.cgi?id=1210336
  * https://bugzilla.suse.com/show_bug.cgi?id=1210337
  * https://bugzilla.suse.com/show_bug.cgi?id=1210498
  * https://bugzilla.suse.com/show_bug.cgi?id=1210506
  * https://bugzilla.suse.com/show_bug.cgi?id=1210647
  * https://bugzilla.suse.com/show_bug.cgi?id=1210715
  * https://bugzilla.suse.com/show_bug.cgi?id=1210940
  * https://bugzilla.suse.com/show_bug.cgi?id=1211105
  * https://bugzilla.suse.com/show_bug.cgi?id=1211186
  * https://bugzilla.suse.com/show_bug.cgi?id=1211449
  * https://bugzilla.suse.com/show_bug.cgi?id=1212128
  * https://bugzilla.suse.com/show_bug.cgi?id=1212129
  * https://bugzilla.suse.com/show_bug.cgi?id=1212154
  * https://bugzilla.suse.com/show_bug.cgi?id=1212501
  * https://bugzilla.suse.com/show_bug.cgi?id=1212842

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20230711/8565b13e/attachment.htm>


More information about the sle-updates mailing list