Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:0152-1
Rating:	important
References:	bsc#1065729 bsc#1151927 bsc#1156395 bsc#1157049 bsc#1190969 bsc#1203183 bsc#1203693 bsc#1203740 bsc#1204171 bsc#1204250 bsc#1204614 bsc#1204693 bsc#1204760 bsc#1204989 bsc#1205149 bsc#1205256 bsc#1205495 bsc#1205496 bsc#1205601 bsc#1205695 bsc#1206073 bsc#1206113 bsc#1206114 bsc#1206174 bsc#1206175 bsc#1206176 bsc#1206177 bsc#1206178 bsc#1206179 bsc#1206344 bsc#1206389 bsc#1206393 bsc#1206394 bsc#1206395 bsc#1206397 bsc#1206398 bsc#1206399 bsc#1206515 bsc#1206602 bsc#1206634 bsc#1206635 bsc#1206636 bsc#1206637 bsc#1206640 bsc#1206641 bsc#1206642 bsc#1206643 bsc#1206644 bsc#1206645 bsc#1206646 bsc#1206647 bsc#1206648 bsc#1206649 bsc#1206663 bsc#1206664 bsc#1206784 bsc#1206841 bsc#1206854 bsc#1206855 bsc#1206857 bsc#1206858 bsc#1206859 bsc#1206860 bsc#1206873 bsc#1206875 bsc#1206876 bsc#1206877 bsc#1206878 bsc#1206880 bsc#1206881 bsc#1206882 bsc#1206883 bsc#1206884 bsc#1206885 bsc#1206886 bsc#1206887 bsc#1206888 bsc#1206889 bsc#1206890 bsc#1206891 bsc#1206893 bsc#1206896 bsc#1206904 bsc#1207036 bsc#1207125 bsc#1207134 bsc#1207186 bsc#1207198 bsc#1207218 bsc#1207237 jsc#PED-1445 jsc#PED-1706 jsc#PED-568
Cross-References:	CVE-2019-19083 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3564 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVE-2022-47520 CVE-2022-47929 CVE-2023-0266 CVE-2023-23454 CVE-2023-23455
CVSS scores:	CVE-2019-19083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-19083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3435 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3435 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3564 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 ( NVD ): 5.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-3643 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3643 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42328 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L CVE-2022-47520 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47929 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-47929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-0266 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 ( NVD ): 7.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.4 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability Extension 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 SUSE Linux Enterprise Live Patching 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves 19 vulnerabilities, contains three features and has 71 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134)
CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237)
CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036)
CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125)
CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049).
CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114).
CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113).
CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)

The following non-security bugs were fixed:

afs: Fix some tracing details (git-fixes).
arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
arm64: dts: allwinner: H5: Add PMU node (git-fixes)
arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
block: Do not reread partition table on exclusively open device (bsc#1190969).
ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).
ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).
cuse: prevent clone (bsc#1206177).
drbd: destroy workqueue when drbd device was freed (git-fixes).
drbd: remove usage of list iterator variable after loop (git-fixes).
drbd: use after free in drbd_create_device() (git-fixes).
dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
ext4: avoid resizing to a partial cluster size (bsc#1206880).
ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).
ext4: continue to expand file system when the target size does not reach (bsc#1206882).
ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).
ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
ext4: Detect already used quota file early (bsc#1206873).
ext4: fix a data race at inode->i_disksize (bsc#1206855).
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
ext4: Fixup pages without buffers (bsc#1205495).
ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
fuse: do not check refcount after stealing page (bsc#1206174).
fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179).
fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175).
HID: betop: check shape of output reports (git-fixes, bsc#1207186).
HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
ibmveth: Always stop tx queues during close (bsc#1065729).
ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).
lockd: lockd server-side shouldn't set fl_ops (git-fixes).
memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250).
mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
mm/filemap.c: clear page error before actual read (bsc#1206635).
mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
module: avoid gotos in module_sig_check() (git-fixes).
module: lockdep: Suppress suspicious RCU usage warning (git-fixes).
module: merge repetitive strings in module_sig_check() (git-fixes).
module: Remove accidental change of module_enable_x() (git-fixes).
module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).
net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
net: usb: cdc_ncm: do not spew notifications (git-fixes).
net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).
NFS: Fix an Oops in nfs_d_automount() (git-fixes).
NFS: Fix memory leaks (git-fixes).
NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
NFS: Handle missing attributes in OPEN reply (bsc#1203740).
NFS: nfs_find_open_context() may only select open files (git-fixes).
NFS: nfs_xdr_status should record the procedure name (git-fixes).
NFS: nfs4clinet: check the return value of kstrdup() (git-fixes).
NFS: we do not support removing system.nfs4_acl (git-fixes).
NFS: Zero-stateid SETATTR should first return delegation (git-fixes).
NFS4: Fix kmemleak when allocate slot failed (git-fixes).
NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).
NFSD: Clone should commit src file metadata too (git-fixes).
NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes).
NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
NFSD: Keep existing listeners on portlist error (git-fixes).
NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
NFSD: safer handling of corrupted c_type (git-fixes).
NFSv4 expose nfs_parse_server_name function (git-fixes).
NFSv4 only print the label when its queried (git-fixes).
NFSv4 remove zero number of fs_locations entries error check (git-fixes).
NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
NFSv4: Fix races between open and dentry revalidation (git-fixes).
NFSv4: Protect the state recovery thread against direct reclaim (git-fixes).
NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
NFSv4.2: error out when relink swapfile (git-fixes).
NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes).
NFSv4/pNFS: Fix a use-after-free bug in open (