Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4349-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-34324 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-39189 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-45862 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise High Availability Extension 12 SP5
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Software Development Kit 12 SP5
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves four vulnerabilities and has 11 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
  • CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
  • CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
  • CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)

The following non-security bugs were fixed:

  • 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
  • audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
  • CKC: Clarify usage
  • crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() (git-fixes).
  • iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
  • iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
  • iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010).
  • kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
  • KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
  • memcg: drop kmem.limit_in_bytes (bsc#1208788)
  • mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
  • net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
  • net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
  • ratelimit: Fix data-races in ___ratelimit() (git-fixes).
  • ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
  • s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
  • s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
  • s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140).
  • s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950).
  • s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950).
  • sched: Avoid scale real weight down to zero (git fixes (sched)).
  • sched: correct SD_flags returned by tl->sd_flags() (git fixes (sched)).
  • sched: Reenable interrupts in do_sched_yield() (git fixes (sched)).
  • sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() (git fixes (sched)).
  • sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (git fixes (sched)).
  • sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
  • sched/rt: Minimize rq->lock contention in do_sched_rt_period_timer() (git fixes (sched)).
  • sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE (git fixes (sched)).
  • scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes).
  • scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514).
  • tools/thermal: Fix possible path truncations (git-fixes).
  • tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
  • tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
  • tracing: Fix race issue between cpu buffer write and swap (git-fixes).
  • uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
  • usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
  • usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
  • usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
  • use optional first argument as a base-ref instead of upstream branch
  • vhost-scsi: unbreak any layout for response (git-fixes).
  • virtio_balloon: fix deadlock on OOM (git-fixes).
  • virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes).
  • virtio_net: Fix error unwinding of XDP initialization (git-fixes).
  • virtio: Protect vqs list access (git-fixes).
  • vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() (git-fixes).
  • xen-netback: use default TX queue size for vifs (git-fixes).
  • xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743).
  • xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
    zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4349=1 SUSE-SLE-SERVER-12-SP5-2023-4349=1
  • SUSE Linux Enterprise High Availability Extension 12 SP5
    zypper in -t patch SUSE-SLE-HA-12-SP5-2023-4349=1
  • SUSE Linux Enterprise Live Patching 12-SP5
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-4349=1
  • SUSE Linux Enterprise Software Development Kit 12 SP5
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4349=1
  • SUSE Linux Enterprise High Performance Computing 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4349=1
  • SUSE Linux Enterprise Server 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4349=1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5
    zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4349=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
    • kernel-default-debuginfo-4.12.14-122.183.1
    • kernel-default-base-4.12.14-122.183.1
    • dlm-kmp-default-4.12.14-122.183.1
    • cluster-md-kmp-default-debuginfo-4.12.14-122.183.1
    • cluster-md-kmp-default-4.12.14-122.183.1
    • kernel-syms-4.12.14-122.183.1
    • gfs2-kmp-default-debuginfo-4.12.14-122.183.1
    • ocfs2-kmp-default-debuginfo-4.12.14-122.183.1
    • kernel-default-devel-4.12.14-122.183.1
    • gfs2-kmp-default-4.12.14-122.183.1
    • ocfs2-kmp-default-4.12.14-122.183.1
    • dlm-kmp-default-debuginfo-4.12.14-122.183.1
    • kernel-default-debugsource-4.12.14-122.183.1
    • kernel-default-base-debuginfo-4.12.14-122.183.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64)
    • kernel-default-4.12.14-122.183.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    • kernel-macros-4.12.14-122.183.1
    • kernel-devel-4.12.14-122.183.1
    • kernel-source-4.12.14-122.183.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    • kernel-default-devel-debuginfo-4.12.14-122.183.1
  • SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64)
    • kernel-default-debuginfo-4.12.14-122.183.1
    • dlm-kmp-default-4.12.14-122.183.1
    • cluster-md-kmp-default-debuginfo-4.12.14-122.183.1
    • cluster-md-kmp-default-4.12.14-122.183.1
    • gfs2-kmp-default-debuginfo-4.12.14-122.183.1
    • ocfs2-kmp-default-debuginfo-4.12.14-122.183.1
    • gfs2-kmp-default-4.12.14-122.183.1
    • ocfs2-kmp-default-4.12.14-122.183.1
    • dlm-kmp-default-debuginfo-4.12.14-122.183.1
    • kernel-default-debugsource-4.12.14-122.183.1
  • SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
    • kernel-default-4.12.14-122.183.1
  • SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
    • kernel-default-4.12.14-122.183.1
  • SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
    • kernel-default-debuginfo-4.12.14-122.183.1
    • kernel-default-kgraft-4.12.14-122.183.1
    • kgraft-patch-4_12_14-122_183-default-1-8.3.1
    • kernel-default-kgraft-devel-4.12.14-122.183.1
    • kernel-default-debugsource-4.12.14-122.183.1
  • SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
    • kernel-docs-4.12.14-122.183.1
  • SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
    • kernel-obs-build-debugsource-4.12.14-122.183.1
    • kernel-obs-build-4.12.14-122.183.1
  • SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64)
    • kernel-default-4.12.14-122.183.1
  • SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
    • kernel-default-debuginfo-4.12.14-122.183.1
    • kernel-default-base-4.12.14-122.183.1
    • kernel-syms-4.12.14-122.183.1
    • kernel-default-devel-4.12.14-122.183.1
    • kernel-default-debugsource-4.12.14-122.183.1
    • kernel-default-base-debuginfo-4.12.14-122.183.1
  • SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    • kernel-macros-4.12.14-122.183.1
    • kernel-devel-4.12.14-122.183.1
    • kernel-source-4.12.14-122.183.1
  • SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    • kernel-default-devel-debuginfo-4.12.14-122.183.1
  • SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-4.12.14-122.183.1
  • SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-4.12.14-122.183.1
    • kernel-default-base-4.12.14-122.183.1
    • kernel-syms-4.12.14-122.183.1
    • kernel-default-devel-4.12.14-122.183.1
    • kernel-default-debugsource-4.12.14-122.183.1
    • kernel-default-base-debuginfo-4.12.14-122.183.1
  • SUSE Linux Enterprise Server 12 SP5 (noarch)
    • kernel-macros-4.12.14-122.183.1
    • kernel-devel-4.12.14-122.183.1
    • kernel-source-4.12.14-122.183.1
  • SUSE Linux Enterprise Server 12 SP5 (s390x)
    • kernel-default-man-4.12.14-122.183.1
  • SUSE Linux Enterprise Server 12 SP5 (x86_64)
    • kernel-default-devel-debuginfo-4.12.14-122.183.1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
    • kernel-default-4.12.14-122.183.1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
    • kernel-default-debuginfo-4.12.14-122.183.1
    • kernel-default-extra-debuginfo-4.12.14-122.183.1
    • kernel-default-extra-4.12.14-122.183.1
    • kernel-default-debugsource-4.12.14-122.183.1

References: