Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:3390-1
Rating:	important
References:	bsc#1206418 bsc#1207088 bsc#1209342 bsc#1210584 bsc#1211738 bsc#1211867 bsc#1212301 bsc#1212741 bsc#1212835 bsc#1212846 bsc#1213059 bsc#1213167 bsc#1213245 bsc#1213286 bsc#1213287 bsc#1213354 bsc#1213543 bsc#1213546 bsc#1213585 bsc#1213586 bsc#1213588 bsc#1213868 bsc#1213970 bsc#1214019
Cross-References:	CVE-2022-40982 CVE-2023-0459 CVE-2023-20569 CVE-2023-20593 CVE-2023-2985 CVE-2023-3117 CVE-2023-3390 CVE-2023-34319 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3812 CVE-2023-4133 CVE-2023-4194
CVSS scores:	CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2023-20569 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3567 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3776 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:	SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Live Patching 15-SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves 16 vulnerabilities and has eight security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418).
• CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
• CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
• CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
• CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
• CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
• CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
• CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
• CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
• CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
• CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
• CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
• CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
• CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
• CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
• CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019).

The following non-security bugs were fixed:

• arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
• arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
• fix kabi when adding new cpuid leaves
• get module prefix from kmod (bsc#1212835).
• remove more packaging cruft for sle < 12 sp3
• cifs: fix open leaks in open_cached_dir() (bsc#1209342).
• clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
• clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
• init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
• init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
• init: provide arch_cpu_finalize_init() (bsc#1206418).
• init: remove check_bugs() leftovers (bsc#1206418).
• kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps")
• kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
• kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
• keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
• keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
• net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
• net: mana: add support for vlan tagging (bsc#1212301).
• rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
• rpm/check-for-config-changes: ignore also riscv_isa_ and dynamic_sigframe they depend on config_toolchain_has_.
• timers: add shutdown mechanism to the internal functions (bsc#1213970).
• timers: provide timer_shutdown_sync (bsc#1213970).
• timers: rename del_timer() to timer_delete() (bsc#1213970).
• timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
• timers: replace bug_on()s (bsc#1213970).
• timers: silently ignore timers with a null function (bsc#1213970).
• timers: split [try_to_]del_timer_sync to prepare for shutdown mode (bsc#1213970).
• timers: update kernel-doc for various functions (bsc#1213970).
• timers: use del_timer_sync() even on up (bsc#1213970).
• ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
• ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
• usrmerge: adjust module path in the kernel sources (bsc#1212835).
• x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
• x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
• x86/microcode/AMD: Make stub function static inline (bsc#1213868).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Live Patching 15-SP2
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-3390=1
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-3390=1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3390=1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3390=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3390=1

Package List:

• SUSE Linux Enterprise Live Patching 15-SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.160.2
  • kernel-livepatch-SLE15-SP2_Update_39-debugsource-1-150200.5.3.2
  • kernel-default-livepatch-devel-5.3.18-150200.24.160.2
  • kernel-default-debuginfo-5.3.18-150200.24.160.2
  • kernel-livepatch-5_3_18-150200_24_160-default-1-150200.5.3.2
  • kernel-default-livepatch-5.3.18-150200.24.160.2
  • kernel-livepatch-5_3_18-150200_24_160-default-debuginfo-1-150200.5.3.2
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.160.2
  • cluster-md-kmp-default-5.3.18-150200.24.160.2
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.160.2
  • ocfs2-kmp-default-5.3.18-150200.24.160.2
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.160.2
  • dlm-kmp-default-5.3.18-150200.24.160.2
  • gfs2-kmp-default-5.3.18-150200.24.160.2
  • kernel-default-debuginfo-5.3.18-150200.24.160.2
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.160.2
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.160.2
• SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc)
  • kernel-default-5.3.18-150200.24.160.2
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-default-5.3.18-150200.24.160.2
  • kernel-preempt-5.3.18-150200.24.160.2
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.160.2
  • kernel-obs-build-5.3.18-150200.24.160.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.160.2
  • kernel-preempt-devel-5.3.18-150200.24.160.2
  • kernel-preempt-debugsource-5.3.18-150200.24.160.2
  • kernel-obs-build-debugsource-5.3.18-150200.24.160.2
  • kernel-default-devel-5.3.18-150200.24.160.2
  • kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2
  • kernel-default-debuginfo-5.3.18-150200.24.160.2
  • kernel-syms-5.3.18-150200.24.160.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.160.2
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.160.2
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.160.1
  • kernel-source-5.3.18-150200.24.160.1
  • kernel-macros-5.3.18-150200.24.160.1
• SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.160.3
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.160.2
  • kernel-obs-build-5.3.18-150200.24.160.2
  • kernel-obs-build-debugsource-5.3.18-150200.24.160.2
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.160.2
  • reiserfs-kmp-default-5.3.18-150200.24.160.2
  • kernel-default-devel-5.3.18-150200.24.160.2
  • kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2
  • kernel-default-debuginfo-5.3.18-150200.24.160.2
  • kernel-syms-5.3.18-150200.24.160.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.160.1
  • kernel-source-5.3.18-150200.24.160.1
  • kernel-macros-5.3.18-150200.24.160.1
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.160.3
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64)
  • kernel-preempt-debugsource-5.3.18-150200.24.160.2
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.160.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.160.2
  • kernel-preempt-devel-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64)
  • kernel-default-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
  • kernel-default-debugsource-5.3.18-150200.24.160.2
  • kernel-obs-build-5.3.18-150200.24.160.2
  • kernel-obs-build-debugsource-5.3.18-150200.24.160.2
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.160.2
  • reiserfs-kmp-default-5.3.18-150200.24.160.2
  • kernel-default-devel-5.3.18-150200.24.160.2
  • kernel-default-base-5.3.18-150200.24.160.2.150200.9.79.2
  • kernel-default-debuginfo-5.3.18-150200.24.160.2
  • kernel-syms-5.3.18-150200.24.160.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
  • kernel-devel-5.3.18-150200.24.160.1
  • kernel-source-5.3.18-150200.24.160.1
  • kernel-macros-5.3.18-150200.24.160.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc)
  • kernel-docs-5.3.18-150200.24.160.3
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64)
  • kernel-preempt-5.3.18-150200.24.160.2
• SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
  • kernel-preempt-debugsource-5.3.18-150200.24.160.2
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.160.2
  • kernel-preempt-debuginfo-5.3.18-150200.24.160.2
  • kernel-preempt-devel-5.3.18-150200.24.160.2

References:

• https://www.suse.com/security/cve/CVE-2022-40982.html
• https://www.suse.com/security/cve/CVE-2023-0459.html
• https://www.suse.com/security/cve/CVE-2023-20569.html
• https://www.suse.com/security/cve/CVE-2023-20593.html
• https://www.suse.com/security/cve/CVE-2023-2985.html
• https://www.suse.com/security/cve/CVE-2023-3117.html
• https://www.suse.com/security/cve/CVE-2023-3390.html
• https://www.suse.com/security/cve/CVE-2023-34319.html
• https://www.suse.com/security/cve/CVE-2023-35001.html
• https://www.suse.com/security/cve/CVE-2023-3567.html
• https://www.suse.com/security/cve/CVE-2023-3609.html
• https://www.suse.com/security/cve/CVE-2023-3611.html
• https://www.suse.com/security/cve/CVE-2023-3776.html
• https://www.suse.com/security/cve/CVE-2023-3812.html
• https://www.suse.com/security/cve/CVE-2023-4133.html
• https://www.suse.com/security/cve/CVE-2023-4194.html
• https://bugzilla.suse.com/show_bug.cgi?id=1206418
• https://bugzilla.suse.com/show_bug.cgi?id=1207088
• https://bugzilla.suse.com/show_bug.cgi?id=1209342
• https://bugzilla.suse.com/show_bug.cgi?id=1210584
• https://bugzilla.suse.com/show_bug.cgi?id=1211738
• https://bugzilla.suse.com/show_bug.cgi?id=1211867
• https://bugzilla.suse.com/show_bug.cgi?id=1212301
• https://bugzilla.suse.com/show_bug.cgi?id=1212741
• https://bugzilla.suse.com/show_bug.cgi?id=1212835
• https://bugzilla.suse.com/show_bug.cgi?id=1212846
• https://bugzilla.suse.com/show_bug.cgi?id=1213059
• https://bugzilla.suse.com/show_bug.cgi?id=1213167
• https://bugzilla.suse.com/show_bug.cgi?id=1213245
• https://bugzilla.suse.com/show_bug.cgi?id=1213286
• https://bugzilla.suse.com/show_bug.cgi?id=1213287
• https://bugzilla.suse.com/show_bug.cgi?id=1213354
• https://bugzilla.suse.com/show_bug.cgi?id=1213543
• https://bugzilla.suse.com/show_bug.cgi?id=1213546
• https://bugzilla.suse.com/show_bug.cgi?id=1213585
• https://bugzilla.suse.com/show_bug.cgi?id=1213586
• https://bugzilla.suse.com/show_bug.cgi?id=1213588
• https://bugzilla.suse.com/show_bug.cgi?id=1213868
• https://bugzilla.suse.com/show_bug.cgi?id=1213970
• https://bugzilla.suse.com/show_bug.cgi?id=1214019