Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2023:1848-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves 16 vulnerabilities and has eight security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535).
- CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1208811).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1208811).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1208811).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1208811).
- Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1208811).
- cifs: fix double free in dfs mounts (bsc#1209845).
- cifs: fix nodfs mount option (bsc#1209845).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845).
- cifs: missing null pointer check in cifs_mount (bsc#1209845).
- cifs: serialize all mount attempts (bsc#1209845).
- cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-1848=1 -
SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-1848=1 -
SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-1848=1 -
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1848=1 -
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1848=1 -
SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1848=1 -
SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
-
openSUSE Leap 15.4 (nosrc)
- kernel-debug-4.12.14-150100.197.142.1
- kernel-zfcpdump-4.12.14-150100.197.142.1
- kernel-kvmsmall-4.12.14-150100.197.142.1
- kernel-default-4.12.14-150100.197.142.1
-
openSUSE Leap 15.4 (ppc64le x86_64)
- kernel-debug-base-4.12.14-150100.197.142.1
- kernel-debug-base-debuginfo-4.12.14-150100.197.142.1
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
- kernel-vanilla-devel-debuginfo-4.12.14-150100.197.142.1
- kernel-vanilla-base-debuginfo-4.12.14-150100.197.142.1
- kernel-vanilla-debugsource-4.12.14-150100.197.142.1
- kernel-default-base-debuginfo-4.12.14-150100.197.142.1
- kernel-vanilla-livepatch-devel-4.12.14-150100.197.142.1
- kernel-vanilla-devel-4.12.14-150100.197.142.1
- kernel-vanilla-debuginfo-4.12.14-150100.197.142.1
- kernel-vanilla-base-4.12.14-150100.197.142.1
-
openSUSE Leap 15.4 (x86_64)
- kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.142.1
- kernel-kvmsmall-base-4.12.14-150100.197.142.1
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-vanilla-4.12.14-150100.197.142.1
-
openSUSE Leap 15.4 (s390x)
- kernel-zfcpdump-man-4.12.14-150100.197.142.1
- kernel-default-man-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
- kernel-default-livepatch-4.12.14-150100.197.142.1
- kernel-default-livepatch-devel-4.12.14-150100.197.142.1
- kernel-default-debugsource-4.12.14-150100.197.142.1
- kernel-default-debuginfo-4.12.14-150100.197.142.1
- kernel-livepatch-4_12_14-150100_197_142-default-1-150100.3.5.1
-
SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
- kernel-default-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64)
- ocfs2-kmp-default-4.12.14-150100.197.142.1
- cluster-md-kmp-default-4.12.14-150100.197.142.1
- dlm-kmp-default-debuginfo-4.12.14-150100.197.142.1
- cluster-md-kmp-default-debuginfo-4.12.14-150100.197.142.1
- gfs2-kmp-default-debuginfo-4.12.14-150100.197.142.1
- dlm-kmp-default-4.12.14-150100.197.142.1
- kernel-default-debugsource-4.12.14-150100.197.142.1
- gfs2-kmp-default-4.12.14-150100.197.142.1
- kernel-default-debuginfo-4.12.14-150100.197.142.1
- ocfs2-kmp-default-debuginfo-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
- kernel-default-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64)
- kernel-default-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
- kernel-default-base-4.12.14-150100.197.142.1
- kernel-obs-build-debugsource-4.12.14-150100.197.142.1
- kernel-obs-build-4.12.14-150100.197.142.1
- kernel-default-base-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.142.1
- kernel-syms-4.12.14-150100.197.142.1
- kernel-default-debugsource-4.12.14-150100.197.142.1
- kernel-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
- kernel-source-4.12.14-150100.197.142.1
- kernel-macros-4.12.14-150100.197.142.1
- kernel-devel-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64)
- kernel-default-base-4.12.14-150100.197.142.1
- reiserfs-kmp-default-4.12.14-150100.197.142.1
- kernel-obs-build-debugsource-4.12.14-150100.197.142.1
- kernel-obs-build-4.12.14-150100.197.142.1
- kernel-default-base-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.142.1
- kernel-syms-4.12.14-150100.197.142.1
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-debugsource-4.12.14-150100.197.142.1
- kernel-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
- kernel-source-4.12.14-150100.197.142.1
- kernel-macros-4.12.14-150100.197.142.1
- kernel-devel-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
- kernel-default-man-4.12.14-150100.197.142.1
- kernel-zfcpdump-debuginfo-4.12.14-150100.197.142.1
- kernel-zfcpdump-debugsource-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
- kernel-zfcpdump-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64)
- kernel-default-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
- kernel-default-base-4.12.14-150100.197.142.1
- reiserfs-kmp-default-4.12.14-150100.197.142.1
- kernel-obs-build-debugsource-4.12.14-150100.197.142.1
- kernel-obs-build-4.12.14-150100.197.142.1
- kernel-default-base-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.142.1
- kernel-syms-4.12.14-150100.197.142.1
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-debugsource-4.12.14-150100.197.142.1
- kernel-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
- kernel-source-4.12.14-150100.197.142.1
- kernel-macros-4.12.14-150100.197.142.1
- kernel-devel-4.12.14-150100.197.142.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.142.1
-
SUSE CaaS Platform 4.0 (nosrc x86_64)
- kernel-default-4.12.14-150100.197.142.1
-
SUSE CaaS Platform 4.0 (x86_64)
- kernel-default-base-4.12.14-150100.197.142.1
- reiserfs-kmp-default-4.12.14-150100.197.142.1
- kernel-obs-build-debugsource-4.12.14-150100.197.142.1
- kernel-obs-build-4.12.14-150100.197.142.1
- kernel-default-base-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-debuginfo-4.12.14-150100.197.142.1
- kernel-syms-4.12.14-150100.197.142.1
- reiserfs-kmp-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-debugsource-4.12.14-150100.197.142.1
- kernel-default-debuginfo-4.12.14-150100.197.142.1
- kernel-default-devel-4.12.14-150100.197.142.1
-
SUSE CaaS Platform 4.0 (noarch)
- kernel-source-4.12.14-150100.197.142.1
- kernel-macros-4.12.14-150100.197.142.1
- kernel-devel-4.12.14-150100.197.142.1
-
SUSE CaaS Platform 4.0 (noarch nosrc)
- kernel-docs-4.12.14-150100.197.142.1
References:
- https://www.suse.com/security/cve/CVE-2017-5753.html
- https://www.suse.com/security/cve/CVE-2021-3923.html
- https://www.suse.com/security/cve/CVE-2021-4203.html
- https://www.suse.com/security/cve/CVE-2022-20567.html
- https://www.suse.com/security/cve/CVE-2023-0394.html
- https://www.suse.com/security/cve/CVE-2023-0590.html
- https://www.suse.com/security/cve/CVE-2023-1076.html
- https://www.suse.com/security/cve/CVE-2023-1095.html
- https://www.suse.com/security/cve/CVE-2023-1281.html
- https://www.suse.com/security/cve/CVE-2023-1390.html
- https://www.suse.com/security/cve/CVE-2023-1513.html
- https://www.suse.com/security/cve/CVE-2023-23454.html
- https://www.suse.com/security/cve/CVE-2023-23455.html
- https://www.suse.com/security/cve/CVE-2023-28328.html
- https://www.suse.com/security/cve/CVE-2023-28464.html
- https://www.suse.com/security/cve/CVE-2023-28772.html
- https://bugzilla.suse.com/show_bug.cgi?id=1076830
- https://bugzilla.suse.com/show_bug.cgi?id=1192273
- https://bugzilla.suse.com/show_bug.cgi?id=1194535
- https://bugzilla.suse.com/show_bug.cgi?id=1207036
- https://bugzilla.suse.com/show_bug.cgi?id=1207125
- https://bugzilla.suse.com/show_bug.cgi?id=1207168
- https://bugzilla.suse.com/show_bug.cgi?id=1207795
- https://bugzilla.suse.com/show_bug.cgi?id=1208179
- https://bugzilla.suse.com/show_bug.cgi?id=1208599
- https://bugzilla.suse.com/show_bug.cgi?id=1208777
- https://bugzilla.suse.com/show_bug.cgi?id=1208811
- https://bugzilla.suse.com/show_bug.cgi?id=1208850
- https://bugzilla.suse.com/show_bug.cgi?id=1209008
- https://bugzilla.suse.com/show_bug.cgi?id=1209052
-