Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:3971-1
Rating:	important
References:	bsc#1023051 bsc#1120059 bsc#1177719 bsc#1188885 bsc#1193629 bsc#1194869 bsc#1203329 bsc#1203330 bsc#1205462 bsc#1206453 bsc#1208902 bsc#1208949 bsc#1209284 bsc#1209799 bsc#1210048 bsc#1210448 bsc#1211220 bsc#1212091 bsc#1212142 bsc#1212423 bsc#1212526 bsc#1212857 bsc#1212873 bsc#1213026 bsc#1213123 bsc#1213546 bsc#1213580 bsc#1213601 bsc#1213666 bsc#1213733 bsc#1213757 bsc#1213759 bsc#1213916 bsc#1213921 bsc#1213927 bsc#1213946 bsc#1213949 bsc#1213968 bsc#1213970 bsc#1213971 bsc#1214000 bsc#1214019 bsc#1214073 bsc#1214120 bsc#1214149 bsc#1214180 bsc#1214233 bsc#1214238 bsc#1214285 bsc#1214297 bsc#1214299 bsc#1214305 bsc#1214350 bsc#1214368 bsc#1214370 bsc#1214371 bsc#1214372 bsc#1214380 bsc#1214386 bsc#1214392 bsc#1214393 bsc#1214397 bsc#1214404 bsc#1214428 bsc#1214451 bsc#1214635 bsc#1214659 bsc#1214661 bsc#1214727 bsc#1214729 bsc#1214742 bsc#1214743 bsc#1214756 bsc#1214976 bsc#1215522 bsc#1215523 bsc#1215552 bsc#1215553 jsc#PED-3924 jsc#PED-4579 jsc#PED-4759 jsc#PED-4927 jsc#PED-4929 jsc#PED-5738 jsc#PED-6003 jsc#PED-6004
Cross-References:	CVE-2022-38457 CVE-2022-40133 CVE-2023-2007 CVE-2023-20588 CVE-2023-34319 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-3863 CVE-2023-40283 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-4387 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569
CVSS scores:	CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-3863 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4459 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	Basesystem Module 15-SP5 Development Tools Module 15-SP5 Legacy Module 15-SP5 openSUSE Leap 15.5 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Availability Extension 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Live Patching 15-SP5 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Workstation Extension 15 SP5

An update that solves 20 vulnerabilities, contains eight features and has 58 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).

The following non-security bugs were fixed:

ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes).
ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
ARM: dts: imx6sll: fixup of operating points (git-fixes).
ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes).
ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
Bluetooth: L2CAP: Fix use-after-free (git-fixes).
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
Documentation: devices.txt: Remove ttyIOC* (git-fixes).
Documentation: devices.txt: Remove ttySIOC* (git-fixes).
Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
Drop amdgpu patch causing spamming (bsc#1215523)
Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
HID: wacom: remove the battery when the EKR is off (git-fixes).
HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
IB/uverbs: Fix an potential error pointer dereference (git-fixes)
Input: exc3000 - properly stop timer on shutdown (git-fixes).
KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
Kbuild: move to -std=gnu11 (bsc#1214756).
PCI/ASPM: Avoid link retraining race (git-fixes).
PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
PCI: meson: Remove cast between incompatible function type (git-fixes).
PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
PCI: microchip: Remove cast between incompatible function type (git-fixes).
PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
PCI: rockchip: Remove writes to unused registers (git-fixes).
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
PCI: tegra194: Fix possible array out of bounds access (git-fixes).
PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
RDMA/efa: Fix wrong resources deallocation order (git-fixes)
RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
RDMA/hns: Fix port active speed (git-fixes)
RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
RDMA/siw: Correct wrong debug message (git-fixes)
RDMA/umem: Set iova in ODP flow (git-fixes)
README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes).
SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
amba: bus: fix refcount leak (git-fixes).
arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
backlight/bd6107: Compare against struct fb_info.device (git-fixes).
backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
batman-adv: Do not increase MTU when set by user (git-fixes).
batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
batman-adv: Trigger events for auto adjusted MTU (git-fixes).
bnx2x: fix page fault following EEH recovery (bsc#1214299).
bpf: Disable preemption in bpf_event_output (git-fixes).
bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
bus: ti-sysc: Fix cast to enum warning (git-fixes).
bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
ceph: defer stopping mdsc delayed_work (bsc#1214392).
ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
cifs: allow dumping keys for directories too (bsc#1193629).
cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
cifs: if deferred close is disabled then close files immediately (git-fixes).
cifs: is_network_name_deleted should return a bool (bsc#1193629).
cifs: update internal module version number for cifs.ko (bsc#1193629).
clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
clk: imx8mp: fix sai4 clock (git-fixes).
clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
clk: sunxi-ng: Modify mismatched function name (git-fixes).
clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
clocksource: hyper-v: Introduce a po