Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:2500-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  • CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • openSUSE Leap 15.4
  • Public Cloud Module 15-SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves 23 vulnerabilities, contains 14 features and has 52 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
  • CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
  • CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
  • CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
  • CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
  • CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
  • CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
  • CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
  • CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
  • CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
  • CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
  • CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
  • CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
  • CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
  • CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
  • CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
  • CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
  • CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
  • CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
  • CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
  • CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
  • CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
  • CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).

The following non-security bugs were fixed:

  • 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
  • ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
  • ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
  • ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
  • ACPI: tables: Add support for NBFT (bsc#1195921).
  • ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
  • ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
  • ALSA: caiaq: input: Add error handling for unsupported input methods in snd_usb_caiaq_input_init (git-fixes).
  • ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
  • ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
  • ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
  • ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
  • ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
  • ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
  • ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
  • ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
  • ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
  • ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
  • ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
  • ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
  • ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
  • ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
  • ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
  • ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes).
  • ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
  • ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
  • ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
  • ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
  • ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
  • ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
  • ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
  • ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
  • ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
  • ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
  • ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
  • ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
  • ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
  • Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
  • Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git-fixes).
  • Bluetooth: btintel: Add LE States quirk support (git-fixes).
  • Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
  • HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
  • HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
  • HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
  • HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
  • HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
  • HID: wacom: Set a default resolution for older tablets (git-fixes).
  • HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
  • HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
  • HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
  • IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
  • IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
  • IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
  • IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
  • Input: xpad - add constants for GIP interface numbers (git-fixes).
  • KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
  • KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
  • KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes)
  • KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
  • KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
  • KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
  • KVM: Prevent module exit until all VMs are freed (git-fixes)
  • KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
  • KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes).
  • KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
  • KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
  • KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
  • KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
  • KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
  • KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
  • KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
  • KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
  • KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fix