Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:2653-1
Rating:	important
References:	bsc#1065729 bsc#1172073 bsc#1191731 bsc#1193629 bsc#1195655 bsc#1195921 bsc#1203906 bsc#1205650 bsc#1205756 bsc#1205758 bsc#1205760 bsc#1205762 bsc#1205803 bsc#1206024 bsc#1206578 bsc#1207553 bsc#1208604 bsc#1208758 bsc#1209287 bsc#1209288 bsc#1209856 bsc#1209982 bsc#1210165 bsc#1210294 bsc#1210449 bsc#1210450 bsc#1210498 bsc#1210533 bsc#1210551 bsc#1210647 bsc#1210741 bsc#1210775 bsc#1210783 bsc#1210791 bsc#1210806 bsc#1210940 bsc#1210947 bsc#1211037 bsc#1211043 bsc#1211044 bsc#1211089 bsc#1211105 bsc#1211113 bsc#1211131 bsc#1211205 bsc#1211263 bsc#1211280 bsc#1211281 bsc#1211449 bsc#1211465 bsc#1211519 bsc#1211564 bsc#1211590 bsc#1211592 bsc#1211686 bsc#1211687 bsc#1211688 bsc#1211689 bsc#1211690 bsc#1211691 bsc#1211692 bsc#1211693 bsc#1211714 bsc#1211796 bsc#1211804 bsc#1211807 bsc#1211808 bsc#1211847 bsc#1211855 bsc#1211960 jsc#PED-3692 jsc#PED-4022 jsc#SLE-18375 jsc#SLE-18377 jsc#SLE-18378 jsc#SLE-18379 jsc#SLE-18383 jsc#SLE-18384 jsc#SLE-18385 jsc#SLE-18978 jsc#SLE-18992 jsc#SLE-19001 jsc#SLE-19255 jsc#SLE-19556
Cross-References:	CVE-2022-4269 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1079 CVE-2023-1380 CVE-2023-1382 CVE-2023-2002 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162 CVE-2023-2269 CVE-2023-2483 CVE-2023-2513 CVE-2023-28410 CVE-2023-3006 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-32233 CVE-2023-33288
CVSS scores:	CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP4 Development Tools Module 15-SP4 Legacy Module 15-SP4 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Availability Extension 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Live Patching 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that solves 23 vulnerabilities, contains 14 features and has 47 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).

The following non-security bugs were fixed:

3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
ACPI: tables: Add support for NBFT (bsc#1195921).
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
ALSA: caiaq: input: Add error handling for unsupported input methods in snd_usb_caiaq_input_init (git-fixes).
ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git-fixes).
Bluetooth: btintel: Add LE States quirk support (git-fixes).
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
HID: wacom: Set a default resolution for older tablets (git-fixes).
HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
Input: xpad - add constants for GIP interface numbers (git-fixes).
KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes)
KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
KVM: Prevent module exit until all VMs are freed (git-fixes)
KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes).
KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes