Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:0774-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-3523 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-3523 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
  • CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0045 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-0122 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2023-23000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
  • CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
  • CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • openSUSE Leap 15.4
  • Public Cloud Module 15-SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves 17 vulnerabilities and has 92 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

  • CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363).
  • CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
  • CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
  • CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
  • CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050).
  • CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
  • CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
  • CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
  • CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
  • CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
  • CVE-2023-22998: Fixed misinterpretatino of the irtio_gpu_object_shmem_init() return value (bsc#1208776).
  • CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function (bsc#1208816).
  • CVE-2023-23004: Fixed misinterpretatino of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843).
  • CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
  • CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
  • CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
  • CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).

The following non-security bugs were fixed:

  • acpi / x86: Add support for LPS0 callback handler (git-fixes).
  • acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
  • acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
  • acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
  • acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
  • acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
  • acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
  • acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
  • acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
  • acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
  • acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
  • acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
  • acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
  • acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
  • acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
  • acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
  • acpica: Drop port I/O validation for some regions (git-fixes).
  • acpica: nsrepair: handle cases without a return value correctly (git-fixes).
  • alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
  • alsa: hda/ca0132: minor fix for allocation size (git-fixes).
  • alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
  • alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
  • alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
  • alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
  • alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
  • alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
  • alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
  • alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
  • alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
  • alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
  • alsa: pci: lx6464es: fix a debug loop (git-fixes).
  • applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
  • arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
  • arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
  • arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
  • arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
  • arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
  • arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
  • arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
  • arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
  • arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
  • arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
  • arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
  • arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
  • arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
  • arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
  • arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
  • arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
  • arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
  • arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
  • arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
  • arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
  • arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
  • arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
  • arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
  • arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
  • arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
  • arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
  • arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
  • arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
  • arm: dts: am5748: keep usb4_tm disabled (git-fixes)
  • arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
  • arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
  • arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
  • arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
  • arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
  • arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
  • arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
  • arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
  • arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
  • arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
  • arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
  • arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
  • arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
  • arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
  • arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
  • arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
  • arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
  • arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
  • arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
  • arm: omap: remove debug-leds driver (git-fixes)
  • arm: remove some dead code (git-fixes)
  • arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
  • arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
  • arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
  • arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
  • asoc: Intel: boards: fix spelling in comments (git-fixes).
  • asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
  • asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes).
  • asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
  • asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
  • asoc: adau7118: do not disable regulators on device unbind (git-fixes).
  • asoc: cs42l56: fix DT probe (git-fixes).
  • asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
  • asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
  • asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
  • asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
  • asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
  • asoc: rsnd: fixup #endif position (git-fixes).
  • asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
  • asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
  • asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
  • asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
  • asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
  • auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
  • avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
  • backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
  • blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
  • blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
  • block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
  • block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes).
  • block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
  • block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
  • block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
  • block: fix and cleanup bio_check_ro (git-fixes).
  • block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
  • block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
  • bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
  • bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
  • bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes).
  • bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
  • can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
  • ceph: flush cap releases when the session is flushed (bsc#1208428).
  • cifs: Check the lease context if we actually got a lease (bsc#1193629).
  • cifs: Convert struct fealist away from 1-element array (bsc#1193629).
  • cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
  • cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
  • cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
  • cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
  • cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
  • cifs: Fix warning and UAF when destroy the MR list (git-fixes).
  • cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
  • cifs: Replace remaining 1-element arrays (bsc#1193629).
  • cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
  • cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
  • cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
  • cifs: do not include page data when checking signature (git-fixes).
  • cifs: do not take exclusive lock for updating target hints (bsc#1193629).
  • cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
  • cifs: fix mount on old smb servers (boo#1206935).
  • cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
  • cifs: get rid of dns resolve worker (bsc#1193629).
  • cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
  • cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
  • cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
  • cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
  • cifs: match even the scope id for ipv6 addre