Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:4733-1
Rating:	important
References:	bsc#1084909 bsc#1210780 bsc#1214037 bsc#1214344 bsc#1214764 bsc#1215371 bsc#1216058 bsc#1216259 bsc#1216584 bsc#1216965 bsc#1216976 bsc#1217140 bsc#1217332 bsc#1217408 bsc#1217780 jsc#PED-3184 jsc#PED-5021
Cross-References:	CVE-2023-31083 CVE-2023-39197 CVE-2023-39198 CVE-2023-45863 CVE-2023-45871 CVE-2023-5717 CVE-2023-6176
CVSS scores:	CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2023-39197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-45871 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6176 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
• CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
• CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
• CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
• CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
• CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
• CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).

The following non-security bugs were fixed:

• ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
• Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
• net: mana: Configure hwc timeout from hardware (bsc#1214037).
• net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
• powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro 5.1
  zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4733=1
• SUSE Linux Enterprise Micro 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4733=1
• SUSE Linux Enterprise Micro for Rancher 5.2
  zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4733=1

Package List:

• SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.152.1
• SUSE Linux Enterprise Micro 5.1 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.152.1
  • kernel-rt-debuginfo-5.3.18-150300.152.1
• SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.152.1
• SUSE Linux Enterprise Micro 5.2 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.152.1
  • kernel-rt-debuginfo-5.3.18-150300.152.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
  • kernel-rt-5.3.18-150300.152.1
• SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
  • kernel-rt-debugsource-5.3.18-150300.152.1
  • kernel-rt-debuginfo-5.3.18-150300.152.1

References:

• https://www.suse.com/security/cve/CVE-2023-31083.html
• https://www.suse.com/security/cve/CVE-2023-39197.html
• https://www.suse.com/security/cve/CVE-2023-39198.html
• https://www.suse.com/security/cve/CVE-2023-45863.html
• https://www.suse.com/security/cve/CVE-2023-45871.html
• https://www.suse.com/security/cve/CVE-2023-5717.html
• https://www.suse.com/security/cve/CVE-2023-6176.html
• https://bugzilla.suse.com/show_bug.cgi?id=1084909
• https://bugzilla.suse.com/show_bug.cgi?id=1210780
• https://bugzilla.suse.com/show_bug.cgi?id=1214037
• https://bugzilla.suse.com/show_bug.cgi?id=1214344
• https://bugzilla.suse.com/show_bug.cgi?id=1214764
• https://bugzilla.suse.com/show_bug.cgi?id=1215371
• https://bugzilla.suse.com/show_bug.cgi?id=1216058
• https://bugzilla.suse.com/show_bug.cgi?id=1216259
• https://bugzilla.suse.com/show_bug.cgi?id=1216584
• https://bugzilla.suse.com/show_bug.cgi?id=1216965
• https://bugzilla.suse.com/show_bug.cgi?id=1216976
• https://bugzilla.suse.com/show_bug.cgi?id=1217140
• https://bugzilla.suse.com/show_bug.cgi?id=1217332
• https://bugzilla.suse.com/show_bug.cgi?id=1217408
• https://bugzilla.suse.com/show_bug.cgi?id=1217780
• https://jira.suse.com/browse/PED-3184
• https://jira.suse.com/browse/PED-5021