Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel

---

Announcement ID:	SUSE-SU-2023:0406-1
Rating:	important
References:	#1203183 #1203693 #1203740 #1204171 #1204614 #1204760 #1205149 #1206073 #1206113 #1206114 #1206314 #1206389 #1206393 #1206395 #1206398 #1206399 #1206515 #1206664 #1206677 #1206784 #1207036 #1207125 #1207134 #1207186 #1207188 #1207189 #1207190 #1207237 #1207769 #1207823
Cross-References:	CVE-2022-3105 CVE-2022-3107 CVE-2022-3108 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3564 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVE-2022-47520 CVE-2022-47929 CVE-2023-0266 CVE-2023-23454 CVE-2023-23455
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2

---

An update that solves 16 vulnerabilities, contains one feature and has 14 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
• CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
• CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
• CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
• CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
• CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664).
• CVE-2022-42328, CVE-2022-42329: Fixed deadlock inside the netback driver that could have been triggered from a VM guest (bnc#1206114).
• CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bnc#1206113).
• CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073).
• CVE-2022-3435: Fixed a out-of-bounds read in function fib_nh_match of the file net/ipv4/fib_semantics.c. It is possible to initiate the attack remotely (bnc#1204171).
• CVE-2022-3115: Fixed a null pointer dereference inside malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c that lacked a check of the return value of kzalloc() (bnc#1206393).
• CVE-2022-3112: Fixed a null pointer dereference in amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c that lacked a check of the return value of kzalloc() (bnc#1206399).
• CVE-2022-3108: Fixed missing check of return value of kmemdup() (bnc#1206389).
• CVE-2022-3107: Fixed missing check of return value of kvmalloc_array() (bnc#1206395).
• CVE-2022-3105: Fixed missing check of kmalloc_array() in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c (bnc#1206398).

The following non-security bugs were fixed:

• HID: betop: check shape of output reports (git-fixes, bsc#1207186).
• HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
• HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
• NFS: Handle missing attributes in OPEN reply (bsc#1203740).
• constraints: increase disk space for all architectures (bsc#1203693).
• ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
• mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
• net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
• net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
• netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
• rpm: suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
• sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
• sctp: sysctl: make extra pointers netns aware (bsc#1204760).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP 15-SP2:
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-406=1
• SUSE Linux Enterprise Server 15-SP2-LTSS:
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-406=1
• SUSE Linux Enterprise Module for Live Patching 15-SP2:
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-406=1
  Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by seperate standalone kernel livepatch updates.
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-406=1
• SUSE Linux Enterprise High Availability 15-SP2:
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-406=1
• SUSE Enterprise Storage 7:
  zypper in -t patch SUSE-Storage-7-2023-406=1

Package List:

• SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
  • kernel-default-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-docs-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
  • kernel-preempt-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
  • kernel-default-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):
  • kernel-preempt-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-docs-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
• SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-livepatch-5.3.18-150200.24.142.1
  • kernel-default-livepatch-devel-5.3.18-150200.24.142.1
  • kernel-livepatch-5_3_18-150200_24_142-default-1-150200.5.3.1
  • kernel-livepatch-SLE15-SP2_Update_33-debugsource-1-150200.5.3.1
• SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x):
  • kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-1-150200.5.3.1
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
  • kernel-default-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-docs-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1
• SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
  • cluster-md-kmp-default-5.3.18-150200.24.142.1
  • cluster-md-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • dlm-kmp-default-5.3.18-150200.24.142.1
  • dlm-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • gfs2-kmp-default-5.3.18-150200.24.142.1
  • gfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • ocfs2-kmp-default-5.3.18-150200.24.142.1
  • ocfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1
• SUSE Enterprise Storage 7 (aarch64 x86_64):
  • kernel-default-5.3.18-150200.24.142.1
  • kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
  • kernel-default-debuginfo-5.3.18-150200.24.142.1
  • kernel-default-debugsource-5.3.18-150200.24.142.1
  • kernel-default-devel-5.3.18-150200.24.142.1
  • kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-obs-build-5.3.18-150200.24.142.1
  • kernel-obs-build-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-5.3.18-150200.24.142.1
  • kernel-preempt-debuginfo-5.3.18-150200.24.142.1
  • kernel-preempt-debugsource-5.3.18-150200.24.142.1
  • kernel-preempt-devel-5.3.18-150200.24.142.1
  • kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
  • kernel-syms-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-5.3.18-150200.24.142.1
  • reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1
• SUSE Enterprise Storage 7 (noarch):
  • kernel-devel-5.3.18-150200.24.142.1
  • kernel-docs-5.3.18-150200.24.142.1
  • kernel-macros-5.3.18-150200.24.142.1
  • kernel-source-5.3.18-150200.24.142.1

References:

• https://www.suse.com/security/cve/CVE-2022-3105.html
• https://www.suse.com/security/cve/CVE-2022-3107.html
• https://www.suse.com/security/cve/CVE-2022-3108.html
• https://www.suse.com/security/cve/CVE-2022-3112.html
• https://www.suse.com/security/cve/CVE-2022-3115.html
• https://www.suse.com/security/cve/CVE-2022-3435.html
• https://www.suse.com/security/cve/CVE-2022-3564.html
• https://www.suse.com/security/cve/CVE-2022-3643.html
• https://www.suse.com/security/cve/CVE-2022-42328.html
• https://www.suse.com/security/cve/CVE-2022-42329.html
• https://www.suse.com/security/cve/CVE-2022-4662.html
• https://www.suse.com/security/cve/CVE-2022-47520.html
• https://www.suse.com/security/cve/CVE-2022-47929.html
• https://www.suse.com/security/cve/CVE-2023-0266.html
• https://www.suse.com/security/cve/CVE-2023-23454.html
• https://www.suse.com/security/cve/CVE-2023-23455.html
• https://bugzilla.suse.com/1203183
• https://bugzilla.suse.com/1203693
• https://bugzilla.suse.com/1203740
• https://bugzilla.suse.com/1204171
• https://bugzilla.suse.com/1204614
• https://bugzilla.suse.com/1204760
• https://bugzilla.suse.com/1205149
• https://bugzilla.suse.com/1206073
• https://bugzilla.suse.com/1206113
• https://bugzilla.suse.com/1206114
• https://bugzilla.suse.com/1206314
• https://bugzilla.suse.com/1206389
• https://bugzilla.suse.com/1206393
• https://bugzilla.suse.com/1206395
• https://bugzilla.suse.com/1206398
• https://bugzilla.suse.com/1206399
• https://bugzilla.suse.com/1206515
• https://bugzilla.suse.com/1206664
• https://bugzilla.suse.com/1206677
• https://bugzilla.suse.com/1206784
• https://bugzilla.suse.com/1207036
• https://bugzilla.suse.com/1207125
• https://bugzilla.suse.com/1207134
• https://bugzilla.suse.com/1207186
• https://bugzilla.suse.com/1207188
• https://bugzilla.suse.com/1207189
• https://bugzilla.suse.com/1207190
• https://bugzilla.suse.com/1207237
• https://bugzilla.suse.com/1207769
• https://bugzilla.suse.com/1207823