SUSE-SU-2024:0110-1: important: Security update for the Linux Kernel

SLE-UPDATES null at suse.de
Wed Jan 17 12:36:51 UTC 2024



# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0110-1  
Rating: important  
References:

  * bsc#1179610
  * bsc#1211226
  * bsc#1215237
  * bsc#1215375
  * bsc#1217250
  * bsc#1217709
  * bsc#1217946
  * bsc#1217947
  * bsc#1218105
  * bsc#1218184
  * bsc#1218253
  * bsc#1218258
  * bsc#1218559
  * jsc#PED-5021

  
Cross-References:

  * CVE-2020-26555
  * CVE-2023-51779
  * CVE-2023-6121
  * CVE-2023-6606
  * CVE-2023-6610
  * CVE-2023-6931
  * CVE-2023-6932

  
CVSS scores:

  * CVE-2020-26555 ( SUSE ):  5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2020-26555 ( NVD ):  5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2023-51779 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6121 ( SUSE ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-6121 ( NVD ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-6606 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-6606 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-6610 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-6610 ( NVD ):  7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-6931 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6931 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6932 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-6932 ( NVD ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise Micro 5.1
  * SUSE Linux Enterprise Micro 5.2
  * SUSE Linux Enterprise Micro for Rancher 5.2

  
  
An update that solves seven vulnerabilities, contains one feature and has six
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security bugfixes.

The following security bugs were fixed:

  * CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the
    Bluetooth subsystem that would allow replay attacks (bsc#1179610
    bsc#1215237).
  * CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted
    packet in the NVMe-oF/TCP subsystem (bsc#1217250).
  * CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving
    a malformed length from a server (bsc#1217947).
  * CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing
    debug information (bsc#1217946).
  * CVE-2023-6931: Fixed an out of bounds write in the Performance Events
    subsystem when adding a new event (bsc#1218258).
  * CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query
    packet due to reference count mismanagement (bsc#1218253).
  * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race
    condition in bt_sock_recvmsg (bsc#1218559).

The following non-security bugs were fixed:

  * Reviewed and added more information to README.SUSE (jsc#PED-5021).
  * Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226,
    bsc#1218184).
  * clocksource: Avoid accidental unstable marking of clocksources
    (bsc#1218105).
  * clocksource: Suspend the watchdog temporarily when high read latency
    detected (bsc#1218105).
  * efi/mokvar: Reserve the table only if it is in boot services data
    (bsc#1215375).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Micro 5.1  
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-110=1

  * SUSE Linux Enterprise Micro 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-110=1

  * SUSE Linux Enterprise Micro for Rancher 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-110=1

## Package List:

  * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
    * kernel-rt-5.3.18-150300.155.1
  * SUSE Linux Enterprise Micro 5.1 (x86_64)
    * kernel-rt-debugsource-5.3.18-150300.155.1
    * kernel-rt-debuginfo-5.3.18-150300.155.1
  * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
    * kernel-rt-5.3.18-150300.155.1
  * SUSE Linux Enterprise Micro 5.2 (x86_64)
    * kernel-rt-debugsource-5.3.18-150300.155.1
    * kernel-rt-debuginfo-5.3.18-150300.155.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
    * kernel-rt-5.3.18-150300.155.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
    * kernel-rt-debugsource-5.3.18-150300.155.1
    * kernel-rt-debuginfo-5.3.18-150300.155.1

## References:

  * https://www.suse.com/security/cve/CVE-2020-26555.html
  * https://www.suse.com/security/cve/CVE-2023-51779.html
  * https://www.suse.com/security/cve/CVE-2023-6121.html
  * https://www.suse.com/security/cve/CVE-2023-6606.html
  * https://www.suse.com/security/cve/CVE-2023-6610.html
  * https://www.suse.com/security/cve/CVE-2023-6931.html
  * https://www.suse.com/security/cve/CVE-2023-6932.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1179610
  * https://bugzilla.suse.com/show_bug.cgi?id=1211226
  * https://bugzilla.suse.com/show_bug.cgi?id=1215237
  * https://bugzilla.suse.com/show_bug.cgi?id=1215375
  * https://bugzilla.suse.com/show_bug.cgi?id=1217250
  * https://bugzilla.suse.com/show_bug.cgi?id=1217709
  * https://bugzilla.suse.com/show_bug.cgi?id=1217946
  * https://bugzilla.suse.com/show_bug.cgi?id=1217947
  * https://bugzilla.suse.com/show_bug.cgi?id=1218105
  * https://bugzilla.suse.com/show_bug.cgi?id=1218184
  * https://bugzilla.suse.com/show_bug.cgi?id=1218253
  * https://bugzilla.suse.com/show_bug.cgi?id=1218258
  * https://bugzilla.suse.com/show_bug.cgi?id=1218559
  * https://jira.suse.com/browse/PED-5021

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240117/34d1f6e4/attachment.htm>


More information about the sle-updates mailing list