Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:3988-1
Rating:	important
References:	bsc#1023051 bsc#1065729 bsc#1120059 bsc#1177719 bsc#1187236 bsc#1188885 bsc#1193629 bsc#1194869 bsc#1203329 bsc#1203330 bsc#1205462 bsc#1206453 bsc#1208902 bsc#1208949 bsc#1208995 bsc#1209284 bsc#1209799 bsc#1210048 bsc#1210169 bsc#1210448 bsc#1210643 bsc#1211220 bsc#1212091 bsc#1212142 bsc#1212423 bsc#1212526 bsc#1212857 bsc#1212873 bsc#1213026 bsc#1213123 bsc#1213546 bsc#1213580 bsc#1213601 bsc#1213666 bsc#1213733 bsc#1213757 bsc#1213759 bsc#1213916 bsc#1213921 bsc#1213927 bsc#1213946 bsc#1213949 bsc#1213968 bsc#1213970 bsc#1213971 bsc#1214000 bsc#1214019 bsc#1214073 bsc#1214120 bsc#1214149 bsc#1214180 bsc#1214233 bsc#1214238 bsc#1214285 bsc#1214297 bsc#1214299 bsc#1214305 bsc#1214350 bsc#1214368 bsc#1214370 bsc#1214371 bsc#1214372 bsc#1214380 bsc#1214386 bsc#1214392 bsc#1214393 bsc#1214397 bsc#1214404 bsc#1214428 bsc#1214451 bsc#1214635 bsc#1214659 bsc#1214661 bsc#1214727 bsc#1214729 bsc#1214742 bsc#1214743 bsc#1214756 bsc#1214813 bsc#1214873 bsc#1214928 bsc#1214976 bsc#1214988 bsc#1215123 bsc#1215124 bsc#1215148 bsc#1215221 bsc#1215523 jsc#PED-2023 jsc#PED-2025 jsc#PED-3924 jsc#PED-4579 jsc#PED-4759 jsc#PED-4927 jsc#PED-4929 jsc#PED-5738 jsc#PED-6003 jsc#PED-6004
Cross-References:	CVE-2022-38457 CVE-2022-40133 CVE-2023-1192 CVE-2023-1859 CVE-2023-2007 CVE-2023-20588 CVE-2023-2177 CVE-2023-34319 CVE-2023-3610 CVE-2023-37453 CVE-2023-3772 CVE-2023-3863 CVE-2023-40283 CVE-2023-4128 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-4387 CVE-2023-4459 CVE-2023-4563 CVE-2023-4569 CVE-2023-4881
CVSS scores:	CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2023-34319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3772 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-3863 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4459 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected Products:	openSUSE Leap 15.5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Live Patching 15-SP5 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Real Time Module 15-SP5

An update that solves 24 vulnerabilities, contains 10 features and has 64 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192).
CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169).
CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643).
CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).

The following non-security bugs were fixed:

ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes).
ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
ARM: dts: imx6sll: fixup of operating points (git-fixes).
ARM: pxa: remove use of symbol_get() (git-fixes).
ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes).
ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
Bluetooth: L2CAP: Fix use-after-free (git-fixes).
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
Documentation: devices.txt: Remove ttyIOC* (git-fixes).
Documentation: d