Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:0113-1
Rating:	important
References:	bsc#1108281 bsc#1109837 bsc#1179610 bsc#1202095 bsc#1211226 bsc#1211439 bsc#1214479 bsc#1215237 bsc#1217036 bsc#1217250 bsc#1217801 bsc#1217936 bsc#1217946 bsc#1217947 bsc#1218057 bsc#1218184 bsc#1218253 bsc#1218258 bsc#1218362 bsc#1218559 bsc#1218622 jsc#PED-5021 jsc#PED-5023
Cross-References:	CVE-2020-26555 CVE-2022-2586 CVE-2023-51779 CVE-2023-6121 CVE-2023-6606 CVE-2023-6610 CVE-2023-6931 CVE-2023-6932
CVSS scores:	CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-2586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6121 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2023-6121 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2023-6606 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2023-6606 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-6610 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2023-6610 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6931 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
• CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095).
• CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
• CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
• CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
• CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
• CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
• CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).

The following non-security bugs were fixed:

• Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
• Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
• KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057).
• KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217936).
• Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
• PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622).
• Resolve build warnings from previous series due to missing commit for Ice Lake freerunning counters perf/x86/intel/uncore: Add box_offsets for free-running counters (jsc#PED-5023 bsc#1211439).
• Revert "Limit kernel-source-azure build to architectures for which we build binaries (bsc#1108281)."
• bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
• bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
• bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
• bcache: check return value from btree_node_alloc_replacement() (git-fixes).
• bcache: prevent potential division by zero error (git-fixes).
• bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
• bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
• dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
• dm cache: add cond_resched() to various workqueue loops (git-fixes).
• dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
• dm flakey: do not corrupt the zero page (git-fixes).
• dm flakey: fix a crash with invalid table line (git-fixes).
• dm flakey: fix logic when corrupting a bio (git-fixes).
• dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
• dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
• dm stats: check for and propagate alloc_percpu failure (git-fixes).
• dm thin: add cond_resched() to various workqueue loops (git-fixes).
• dm verity: do not perform FEC for failed readahead IO (git-fixes).
• dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
• dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
• dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
• dm-verity: align struct dm_verity_fec_io properly (git-fixes).
• dm: remove flush_scheduled_work() during local_exit() (git-fixes).
• doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
• doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
• doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
• gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
• gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
• gve: Changes to add new TX queues (bsc#1214479).
• gve: Control path for DQO-QPL (bsc#1214479).
• gve: Do not fully free QPL pages on prefill errors (bsc#1214479).
• gve: Fix gve interrupt names (bsc#1214479).
• gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
• gve: RX path for DQO-QPL (bsc#1214479).
• gve: Set default duplex configuration to full (bsc#1214479).
• gve: Tx path for DQO-QPL (bsc#1214479).
• gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
• gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
• gve: fix frag_list chaining (bsc#1214479).
• gve: trivial spell fix Recive to Receive (bsc#1214479).
• gve: unify driver name usage (bsc#1214479).
• ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
• ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
• ip6_vti: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
• ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
• ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
• md/raid0: add discard support for the 'original' layout (git-fixes).
• md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
• md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
• md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
• md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes).
• md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
• md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
• mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
• nbd: Add the maximum limit of allocated index in nbd_dev_add (git-fixes).
• nbd: Fix debugfs_create_dir error checking (git-fixes).
• net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
• net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1217801).
• net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed (git-fixes).
• net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes).
• net: macb: disable scatter-gather for macb on sama5d3 (git-fixes).
• net: stmmac: Move debugfs init/exit to ->probe()/->remove() (git-fixes).
• net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
• net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
• net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
• net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
• netfilter: compat: prepare xt_compat_init_offsets to return errors (git-fixes).
• netfilter: compat: reject huge allocation requests (git-fixes).
• netfilter: ebtables: also count base chain policies (git-fixes).
• netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present (git-fixes).
• netfilter: ebtables: do not attempt to allocate 0-sized compat array (git-fixes).
• netfilter: nf_tables: fix use-after-free when deleting compat expressions (git-fixes).
• netfilter: nft_compat: use-after-free when deleting targets (git-fixes).
• netfilter: preserve KABI for xt_compat_init_offsets (git-fixes).
• nvme: sanitize metadata bounce buffer for reads (git-fixes).
• perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/cstate: Update C-state counters for Ice Lake (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add Ice Lake server uncore support (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake, AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Add uncore support for Snow Ridge server (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Factor out box ref/unref functions (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix IIO event constraints for Snowridge (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix missing marker for snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Fix the scale of the IMC free-running events (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR uncore support (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Support MMIO type uncore blocks (jsc#PED-5023 bsc#1211439).
• perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (jsc#PED-5023 bsc#1211439 (git-fixes)).
• perf/x86/intel/uncore: Update Ice Lake uncore units (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Fix Ice Lake event constraint table (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x register (jsc#PED-5023 bsc#1211439).
• perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023 bsc#1211439).
• perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023 bsc#1211439).
• perf/x86/msr: Add new CPU model numbers for Ice Lake (jsc#PED-5023 bsc#1211439).
• perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023 bsc#1211439).
• perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023 bsc#1211439).
• perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023 bsc#1211439).
• r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
• r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
• r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
• r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
• r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
• r8152: Run the unload routine if we have errors during probe (git-fixes).
• rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
• ring-buffer: Fix memory leak of free page (git-fixes).
• s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218362).
• sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
• tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes).
• tracing: Always update snapshot buffer size (git-fixes).
• tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
• tracing: Fix a possible race when disabling buffered events (bsc#1217036).
• tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
• tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
• tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
• tracing: Stop current tracer when resizing buffer (git-fixes).
• tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
• tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
• usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
• x86/cpu: Add Comet Lake to the Intel CPU models header (jsc#PED-5023 bsc#1211439).
• x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023 bsc#1211439).
• x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (jsc#PED-5023 bsc#1211439).
• x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023 bsc#1211439).
• x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023 bsc#1211439).
• xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
• xfrm: reuse uncached_list to track xdsts (git-fixes).
• xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
• xsk: Fix incorrect netdev reference count (git-fixes).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-113=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-113=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-113=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.163.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • kernel-azure-debugsource-4.12.14-16.163.1
  • kernel-azure-base-4.12.14-16.163.1
  • kernel-syms-azure-4.12.14-16.163.1
  • kernel-azure-devel-4.12.14-16.163.1
  • kernel-azure-base-debuginfo-4.12.14-16.163.1
  • kernel-azure-debuginfo-4.12.14-16.163.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.163.1
  • kernel-devel-azure-4.12.14-16.163.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.163.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • kernel-azure-debugsource-4.12.14-16.163.1
  • kernel-azure-base-4.12.14-16.163.1
  • kernel-syms-azure-4.12.14-16.163.1
  • kernel-azure-devel-4.12.14-16.163.1
  • kernel-azure-base-debuginfo-4.12.14-16.163.1
  • kernel-azure-debuginfo-4.12.14-16.163.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.163.1
  • kernel-devel-azure-4.12.14-16.163.1
• SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
  • kernel-azure-4.12.14-16.163.1
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • kernel-azure-debugsource-4.12.14-16.163.1
  • kernel-azure-base-4.12.14-16.163.1
  • kernel-syms-azure-4.12.14-16.163.1
  • kernel-azure-devel-4.12.14-16.163.1
  • kernel-azure-base-debuginfo-4.12.14-16.163.1
  • kernel-azure-debuginfo-4.12.14-16.163.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • kernel-source-azure-4.12.14-16.163.1
  • kernel-devel-azure-4.12.14-16.163.1

References:

• https://www.suse.com/security/cve/CVE-2020-26555.html
• https://www.suse.com/security/cve/CVE-2022-2586.html
• https://www.suse.com/security/cve/CVE-2023-51779.html
• https://www.suse.com/security/cve/CVE-2023-6121.html
• https://www.suse.com/security/cve/CVE-2023-6606.html
• https://www.suse.com/security/cve/CVE-2023-6610.html
• https://www.suse.com/security/cve/CVE-2023-6931.html
• https://www.suse.com/security/cve/CVE-2023-6932.html
• https://bugzilla.suse.com/show_bug.cgi?id=1108281
• https://bugzilla.suse.com/show_bug.cgi?id=1109837
• https://bugzilla.suse.com/show_bug.cgi?id=1179610
• https://bugzilla.suse.com/show_bug.cgi?id=1202095
• https://bugzilla.suse.com/show_bug.cgi?id=1211226
• https://bugzilla.suse.com/show_bug.cgi?id=1211439
• https://bugzilla.suse.com/show_bug.cgi?id=1214479
• https://bugzilla.suse.com/show_bug.cgi?id=1215237
• https://bugzilla.suse.com/show_bug.cgi?id=1217036
• https://bugzilla.suse.com/show_bug.cgi?id=1217250
• https://bugzilla.suse.com/show_bug.cgi?id=1217801
• https://bugzilla.suse.com/show_bug.cgi?id=1217936
• https://bugzilla.suse.com/show_bug.cgi?id=1217946
• https://bugzilla.suse.com/show_bug.cgi?id=1217947
• https://bugzilla.suse.com/show_bug.cgi?id=1218057
• https://bugzilla.suse.com/show_bug.cgi?id=1218184
• https://bugzilla.suse.com/show_bug.cgi?id=1218253
• https://bugzilla.suse.com/show_bug.cgi?id=1218258
• https://bugzilla.suse.com/show_bug.cgi?id=1218362
• https://bugzilla.suse.com/show_bug.cgi?id=1218559
• https://bugzilla.suse.com/show_bug.cgi?id=1218622
• https://jira.suse.com/browse/PED-5021
• https://jira.suse.com/browse/PED-5023