Security update for the Linux Kernel
Announcement ID: | SUSE-SU-2024:0117-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1214158 bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free issue due to a race condition during Bluetooth message reception (bsc#1218559).
The following non-security bugs were fixed:
- Enabled the LLC counters for “perf” (perf stat) on the Ice-Lake and Rocket-Lake CPUs (jsc#PED-5023 bsc#1211439).
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- KVM: s390/mm: Properly reset no-dat (bsc#1218057).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217936).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1217801).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218362).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-HA-12-SP5-2024-117=1 SUSE-SLE-SERVER-12-SP5-2024-117=1
-
SUSE Linux Enterprise High Availability Extension 12 SP5
zypper in -t patch SUSE-SLE-HA-12-SP5-2024-117=1
-
SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-117=1
-
SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-117=1
-
SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-117=1
-
SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-117=1
-
SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2024-117=1
Package List:
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
- kernel-default-debuginfo-4.12.14-122.189.1
- cluster-md-kmp-default-debuginfo-4.12.14-122.189.1
- ocfs2-kmp-default-4.12.14-122.189.1
- dlm-kmp-default-4.12.14-122.189.1
- kernel-default-base-debuginfo-4.12.14-122.189.1
- kernel-syms-4.12.14-122.189.1
- gfs2-kmp-default-debuginfo-4.12.14-122.189.1
- kernel-default-debugsource-4.12.14-122.189.1
- dlm-kmp-default-debuginfo-4.12.14-122.189.1
- ocfs2-kmp-default-debuginfo-4.12.14-122.189.1
- gfs2-kmp-default-4.12.14-122.189.1
- cluster-md-kmp-default-4.12.14-122.189.1
- kernel-default-base-4.12.14-122.189.1
- kernel-default-devel-4.12.14-122.189.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64)
- kernel-default-4.12.14-122.189.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
- kernel-devel-4.12.14-122.189.1
- kernel-source-4.12.14-122.189.1
- kernel-macros-4.12.14-122.189.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-122.189.1
-
SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64)
- kernel-default-debuginfo-4.12.14-122.189.1
- cluster-md-kmp-default-debuginfo-4.12.14-122.189.1
- ocfs2-kmp-default-4.12.14-122.189.1
- dlm-kmp-default-4.12.14-122.189.1
- gfs2-kmp-default-debuginfo-4.12.14-122.189.1
- kernel-default-debugsource-4.12.14-122.189.1
- dlm-kmp-default-debuginfo-4.12.14-122.189.1
- ocfs2-kmp-default-debuginfo-4.12.14-122.189.1
- gfs2-kmp-default-4.12.14-122.189.1
- cluster-md-kmp-default-4.12.14-122.189.1
-
SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
- kernel-default-4.12.14-122.189.1
-
SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
- kernel-default-4.12.14-122.189.1
-
SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
- kernel-default-debuginfo-4.12.14-122.189.1
- kernel-default-kgraft-4.12.14-122.189.1
- kernel-default-debugsource-4.12.14-122.189.1
- kernel-default-kgraft-devel-4.12.14-122.189.1
- kgraft-patch-4_12_14-122_189-default-1-8.3.1
-
SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
- kernel-docs-4.12.14-122.189.1
-
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
- kernel-obs-build-debugsource-4.12.14-122.189.1
- kernel-obs-build-4.12.14-122.189.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-122.189.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
- kernel-default-debuginfo-4.12.14-122.189.1
- kernel-default-base-debuginfo-4.12.14-122.189.1
- kernel-syms-4.12.14-122.189.1
- kernel-default-debugsource-4.12.14-122.189.1
- kernel-default-base-4.12.14-122.189.1
- kernel-default-devel-4.12.14-122.189.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
- kernel-devel-4.12.14-122.189.1
- kernel-source-4.12.14-122.189.1
- kernel-macros-4.12.14-122.189.1
-
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-122.189.1
-
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.12.14-122.189.1
-
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
- kernel-default-debuginfo-4.12.14-122.189.1
- kernel-default-base-debuginfo-4.12.14-122.189.1
- kernel-syms-4.12.14-122.189.1
- kernel-default-debugsource-4.12.14-122.189.1
- kernel-default-base-4.12.14-122.189.1
- kernel-default-devel-4.12.14-122.189.1
-
SUSE Linux Enterprise Server 12 SP5 (noarch)
- kernel-devel-4.12.14-122.189.1
- kernel-source-4.12.14-122.189.1
- kernel-macros-4.12.14-122.189.1
-
SUSE Linux Enterprise Server 12 SP5 (s390x)
- kernel-default-man-4.12.14-122.189.1
-
SUSE Linux Enterprise Server 12 SP5 (x86_64)
- kernel-default-devel-debuginfo-4.12.14-122.189.1
-
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
- kernel-default-4.12.14-122.189.1
-
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
- kernel-default-extra-debuginfo-4.12.14-122.189.1
- kernel-default-debugsource-4.12.14-122.189.1
- kernel-default-debuginfo-4.12.14-122.189.1
- kernel-default-extra-4.12.14-122.189.1
References:
- https://www.suse.com/security/cve/CVE-2020-26555.html
- https://www.suse.com/security/cve/CVE-2022-2586.html
- https://www.suse.com/security/cve/CVE-2023-51779.html
- https://www.suse.com/security/cve/CVE-2023-6121.html
- https://www.suse.com/security/cve/CVE-2023-6606.html
- https://www.suse.com/security/cve/CVE-2023-6610.html
- https://www.suse.com/security/cve/CVE-2023-6931.html
- https://www.suse.com/security/cve/CVE-2023-6932.html
- https://bugzilla.suse.com/show_bug.cgi?id=1109837
- https://bugzilla.suse.com/show_bug.cgi?id=1179610
- https://bugzilla.suse.com/show_bug.cgi?id=1202095
- https://bugzilla.suse.com/show_bug.cgi?id=1211226
- https://bugzilla.suse.com/show_bug.cgi?id=1211439
- https://bugzilla.suse.com/show_bug.cgi?id=1214158
- https://bugzilla.suse.com/show_bug.cgi?id=1214479
- https://bugzilla.suse.com/show_bug.cgi?id=1215237
- https://bugzilla.suse.com/show_bug.cgi?id=1217036
- https://bugzilla.suse.com/show_bug.cgi?id=1217250
- https://bugzilla.suse.com/show_bug.cgi?id=1217801
- https://bugzilla.suse.com/show_bug.cgi?id=1217936
- https://bugzilla.suse.com/show_bug.cgi?id=1217946
- https://bugzilla.suse.com/show_bug.cgi?id=1217947
- https://bugzilla.suse.com/show_bug.cgi?id=1218057
- https://bugzilla.suse.com/show_bug.cgi?id=1218184
- https://bugzilla.suse.com/show_bug.cgi?id=1218253
- https://bugzilla.suse.com/show_bug.cgi?id=1218258
- https://bugzilla.suse.com/show_bug.cgi?id=1218362
- https://bugzilla.suse.com/show_bug.cgi?id=1218559
- https://bugzilla.suse.com/show_bug.cgi?id=1218622
- https://jira.suse.com/browse/PED-5021
- https://jira.suse.com/browse/PED-5023