Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2023:2148-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves 16 vulnerabilities and has five security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
The following non-security bugs were fixed:
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- cifs: fix negotiate context parsing (bsc#1210301).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3
zypper in -t patch SUSE-2023-2148=1 -
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2148=1 -
SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2148=1
Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. -
SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2148=1 -
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2148=1 -
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2148=1 -
SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2148=1 -
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2148=1 -
SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2148=1 -
SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2148=1 -
SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-2148=1 -
SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2148=1 -
SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-2148=1 -
SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2148=1 -
SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2148=1 -
SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2148=1
Package List:
-
openSUSE Leap 15.3 (noarch nosrc)
- kernel-docs-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (noarch)
- kernel-source-vanilla-5.3.18-150300.59.121.2
- kernel-macros-5.3.18-150300.59.121.2
- kernel-source-5.3.18-150300.59.121.2
- kernel-devel-5.3.18-150300.59.121.2
- kernel-docs-html-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (nosrc ppc64le x86_64)
- kernel-debug-5.3.18-150300.59.121.2
- kernel-kvmsmall-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (ppc64le x86_64)
- kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.121.2
- kernel-debug-livepatch-devel-5.3.18-150300.59.121.2
- kernel-kvmsmall-devel-5.3.18-150300.59.121.2
- kernel-kvmsmall-debugsource-5.3.18-150300.59.121.2
- kernel-debug-devel-debuginfo-5.3.18-150300.59.121.2
- kernel-debug-debuginfo-5.3.18-150300.59.121.2
- kernel-debug-debugsource-5.3.18-150300.59.121.2
- kernel-kvmsmall-debuginfo-5.3.18-150300.59.121.2
- kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.121.2
- kernel-debug-devel-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
- kernel-default-extra-5.3.18-150300.59.121.2
- gfs2-kmp-default-5.3.18-150300.59.121.2
- reiserfs-kmp-default-5.3.18-150300.59.121.2
- cluster-md-kmp-default-debuginfo-5.3.18-150300.59.121.2
- kselftests-kmp-default-5.3.18-150300.59.121.2
- kernel-default-optional-5.3.18-150300.59.121.2
- ocfs2-kmp-default-5.3.18-150300.59.121.2
- kselftests-kmp-default-debuginfo-5.3.18-150300.59.121.2
- reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2
- kernel-default-devel-5.3.18-150300.59.121.2
- kernel-obs-build-5.3.18-150300.59.121.2
- cluster-md-kmp-default-5.3.18-150300.59.121.2
- kernel-default-base-rebuild-5.3.18-150300.59.121.2.150300.18.70.2
- dlm-kmp-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-devel-debuginfo-5.3.18-150300.59.121.2
- kernel-obs-qa-5.3.18-150300.59.121.1
- kernel-default-optional-debuginfo-5.3.18-150300.59.121.2
- kernel-default-livepatch-devel-5.3.18-150300.59.121.2
- kernel-syms-5.3.18-150300.59.121.1
- dlm-kmp-default-5.3.18-150300.59.121.2
- kernel-obs-build-debugsource-5.3.18-150300.59.121.2
- kernel-default-debugsource-5.3.18-150300.59.121.2
- kernel-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-extra-debuginfo-5.3.18-150300.59.121.2
- ocfs2-kmp-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-livepatch-5.3.18-150300.59.121.2
- gfs2-kmp-default-debuginfo-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (ppc64le s390x x86_64)
- kernel-livepatch-5_3_18-150300_59_121-default-1-150300.7.3.2
- kernel-livepatch-5_3_18-150300_59_121-default-debuginfo-1-150300.7.3.2
- kernel-livepatch-SLE15-SP3_Update_32-debugsource-1-150300.7.3.2
-
openSUSE Leap 15.3 (x86_64)
- kernel-livepatch-5_3_18-150300_59_121-preempt-1-150300.7.3.2
- kernel-livepatch-5_3_18-150300_59_121-preempt-debuginfo-1-150300.7.3.2
-
openSUSE Leap 15.3 (aarch64 x86_64)
- ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2
- kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.121.2
- reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-optional-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-extra-debuginfo-5.3.18-150300.59.121.2
- dlm-kmp-preempt-debuginfo-5.3.18-150300.59.121.2
- dlm-kmp-preempt-5.3.18-150300.59.121.2
- kernel-preempt-debugsource-5.3.18-150300.59.121.2
- gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-livepatch-devel-5.3.18-150300.59.121.2
- kernel-preempt-optional-5.3.18-150300.59.121.2
- ocfs2-kmp-preempt-5.3.18-150300.59.121.2
- gfs2-kmp-preempt-5.3.18-150300.59.121.2
- cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.121.2
- kselftests-kmp-preempt-5.3.18-150300.59.121.2
- kernel-preempt-extra-5.3.18-150300.59.121.2
- reiserfs-kmp-preempt-5.3.18-150300.59.121.2
- kernel-preempt-devel-5.3.18-150300.59.121.2
- cluster-md-kmp-preempt-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (nosrc s390x)
- kernel-zfcpdump-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (s390x)
- kernel-zfcpdump-debuginfo-5.3.18-150300.59.121.2
- kernel-zfcpdump-debugsource-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (nosrc)
- dtb-aarch64-5.3.18-150300.59.121.1
-
openSUSE Leap 15.3 (aarch64)
- kernel-64kb-devel-debuginfo-5.3.18-150300.59.121.2
- dtb-mediatek-5.3.18-150300.59.121.1
- dtb-altera-5.3.18-150300.59.121.1
- reiserfs-kmp-64kb-5.3.18-150300.59.121.2
- dtb-marvell-5.3.18-150300.59.121.1
- cluster-md-kmp-64kb-5.3.18-150300.59.121.2
- kernel-64kb-optional-5.3.18-150300.59.121.2
- dtb-arm-5.3.18-150300.59.121.1
- dtb-renesas-5.3.18-150300.59.121.1
- dtb-exynos-5.3.18-150300.59.121.1
- gfs2-kmp-64kb-5.3.18-150300.59.121.2
- kernel-64kb-livepatch-devel-5.3.18-150300.59.121.2
- dtb-hisilicon-5.3.18-150300.59.121.1
- dlm-kmp-64kb-5.3.18-150300.59.121.2
- kernel-64kb-extra-5.3.18-150300.59.121.2
- kselftests-kmp-64kb-5.3.18-150300.59.121.2
- dtb-amd-5.3.18-150300.59.121.1
- kernel-64kb-devel-5.3.18-150300.59.121.2
- cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.121.2
- dtb-amlogic-5.3.18-150300.59.121.1
- dtb-nvidia-5.3.18-150300.59.121.1
- dtb-allwinner-5.3.18-150300.59.121.1
- dtb-broadcom-5.3.18-150300.59.121.1
- dtb-xilinx-5.3.18-150300.59.121.1
- dtb-zte-5.3.18-150300.59.121.1
- kernel-64kb-extra-debuginfo-5.3.18-150300.59.121.2
- ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.121.2
- kernel-64kb-optional-debuginfo-5.3.18-150300.59.121.2
- dtb-freescale-5.3.18-150300.59.121.1
- kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.121.2
- dtb-lg-5.3.18-150300.59.121.1
- kernel-64kb-debuginfo-5.3.18-150300.59.121.2
- ocfs2-kmp-64kb-5.3.18-150300.59.121.2
- gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.121.2
- dtb-apm-5.3.18-150300.59.121.1
- dtb-rockchip-5.3.18-150300.59.121.1
- dlm-kmp-64kb-debuginfo-5.3.18-150300.59.121.2
- kernel-64kb-debugsource-5.3.18-150300.59.121.2
- dtb-qcom-5.3.18-150300.59.121.1
- dtb-sprd-5.3.18-150300.59.121.1
- dtb-cavium-5.3.18-150300.59.121.1
- dtb-al-5.3.18-150300.59.121.1
- dtb-socionext-5.3.18-150300.59.121.1
- reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.121.2
-
openSUSE Leap 15.3 (aarch64 nosrc)
- kernel-64kb-5.3.18-150300.59.121.2
-
openSUSE Leap 15.4 (nosrc)
- dtb-aarch64-5.3.18-150300.59.121.1
-
openSUSE Leap 15.4 (aarch64)
- dtb-al-5.3.18-150300.59.121.1
- dtb-zte-5.3.18-150300.59.121.1
-
SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
- kernel-default-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
- kernel-default-livepatch-5.3.18-150300.59.121.2
- kernel-default-debugsource-5.3.18-150300.59.121.2
- kernel-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-livepatch-devel-5.3.18-150300.59.121.2
- kernel-livepatch-5_3_18-150300_59_121-default-1-150300.7.3.2
-
SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64)
- ocfs2-kmp-default-debuginfo-5.3.18-150300.59.121.2
- cluster-md-kmp-default-5.3.18-150300.59.121.2
- dlm-kmp-default-5.3.18-150300.59.121.2
- gfs2-kmp-default-5.3.18-150300.59.121.2
- kernel-default-debugsource-5.3.18-150300.59.121.2
- dlm-kmp-default-debuginfo-5.3.18-150300.59.121.2
- cluster-md-kmp-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-debuginfo-5.3.18-150300.59.121.2
- ocfs2-kmp-default-5.3.18-150300.59.121.2
- gfs2-kmp-default-debuginfo-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
- kernel-default-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc)
- kernel-64kb-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64)
- kernel-64kb-devel-debuginfo-5.3.18-150300.59.121.2
- kernel-64kb-devel-5.3.18-150300.59.121.2
- kernel-64kb-debuginfo-5.3.18-150300.59.121.2
- kernel-64kb-debugsource-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64)
- kernel-preempt-5.3.18-150300.59.121.2
- kernel-default-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64)
- kernel-default-devel-5.3.18-150300.59.121.2
- kernel-obs-build-5.3.18-150300.59.121.2
- kernel-preempt-debugsource-5.3.18-150300.59.121.2
- kernel-syms-5.3.18-150300.59.121.1
- kernel-obs-build-debugsource-5.3.18-150300.59.121.2
- kernel-default-debugsource-5.3.18-150300.59.121.2
- reiserfs-kmp-default-5.3.18-150300.59.121.2
- kernel-default-devel-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-debuginfo-5.3.18-150300.59.121.2
- kernel-default-debuginfo-5.3.18-150300.59.121.2
- kernel-preempt-devel-5.3.18-150300.59.121.2
- kernel-preempt-devel-debuginfo-5.3.18-150300.59.121.2
- reiserfs-kmp-default-debuginfo-5.3.18-150300.59.121.2
- kernel-default-base-5.3.18-150300.59.121.2.150300.18.70.2
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
- kernel-macros-5.3.18-150300.59.121.2
- kernel-source-5.3.18-150300.59.121.2
- kernel-devel-5.3.18-150300.59.121.2
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc)
- kernel-docs-5.3.18-150300.59.121.2