Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2024:0117-1
Rating:	important
References:	bsc#1109837 bsc#1179610 bsc#1202095 bsc#1211226 bsc#1211439 bsc#1214158 bsc#1214479 bsc#1215237 bsc#1217036 bsc#1217250 bsc#1217801 bsc#1217936 bsc#1217946 bsc#1217947 bsc#1218057 bsc#1218184 bsc#1218253 bsc#1218258 bsc#1218362 bsc#1218559 bsc#1218622 jsc#PED-5021 jsc#PED-5023
Cross-References:	CVE-2020-26555 CVE-2022-2586 CVE-2023-51779 CVE-2023-6121 CVE-2023-6606 CVE-2023-6610 CVE-2023-6931 CVE-2023-6932
CVSS scores:	CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-2586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6121 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2023-6121 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2023-6606 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2023-6606 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-6610 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2023-6610 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6931 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves eight vulnerabilities, contains two features and has 13 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095).
• CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
• CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
• CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
• CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1214158 bsc#1218258).
• CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
• CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
• CVE-2023-51779: Fixed a use-after-free issue due to a race condition during Bluetooth message reception (bsc#1218559).

The following non-security bugs were fixed:

• Enabled the LLC counters for “perf” (perf stat) on the Ice-Lake and Rocket-Lake CPUs (jsc#PED-5023 bsc#1211439).
• Reviewed and added more information to README.SUSE (jsc#PED-5021).
• Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
• Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
• KVM: s390/mm: Properly reset no-dat (bsc#1218057).
• KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217936).
• PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1218622).
• gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
• gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
• gve: Changes to add new TX queues (bsc#1214479).
• gve: Control path for DQO-QPL (bsc#1214479).
• gve: Do not fully free QPL pages on prefill errors (bsc#1214479).
• gve: Fix gve interrupt names (bsc#1214479).
• gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
• gve: RX path for DQO-QPL (bsc#1214479).
• gve: Set default duplex configuration to full (bsc#1214479).
• gve: Tx path for DQO-QPL (bsc#1214479).
• gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
• gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
• gve: fix frag_list chaining (bsc#1214479).
• gve: trivial spell fix Recive to Receive (bsc#1214479).
• gve: unify driver name usage (bsc#1214479).
• net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
• net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1217801).
• s390/vx: fix save/restore of fpu kernel context (bsc#1218362).
• tracing: Fix a possible race when disabling buffered events (bsc#1217036).
• tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
• tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
• tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-HA-12-SP5-2024-117=1 SUSE-SLE-SERVER-12-SP5-2024-117=1
• SUSE Linux Enterprise High Availability Extension 12 SP5
  zypper in -t patch SUSE-SLE-HA-12-SP5-2024-117=1
• SUSE Linux Enterprise Live Patching 12-SP5
  zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-117=1
• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-117=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-117=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-117=1
• SUSE Linux Enterprise Workstation Extension 12 12-SP5
  zypper in -t patch SUSE-SLE-WE-12-SP5-2024-117=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • kernel-default-debuginfo-4.12.14-122.189.1
  • cluster-md-kmp-default-debuginfo-4.12.14-122.189.1
  • ocfs2-kmp-default-4.12.14-122.189.1
  • dlm-kmp-default-4.12.14-122.189.1
  • kernel-default-base-debuginfo-4.12.14-122.189.1
  • kernel-syms-4.12.14-122.189.1
  • gfs2-kmp-default-debuginfo-4.12.14-122.189.1
  • kernel-default-debugsource-4.12.14-122.189.1
  • dlm-kmp-default-debuginfo-4.12.14-122.189.1
  • ocfs2-kmp-default-debuginfo-4.12.14-122.189.1
  • gfs2-kmp-default-4.12.14-122.189.1
  • cluster-md-kmp-default-4.12.14-122.189.1
  • kernel-default-base-4.12.14-122.189.1
  • kernel-default-devel-4.12.14-122.189.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64)
  • kernel-default-4.12.14-122.189.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • kernel-devel-4.12.14-122.189.1
  • kernel-source-4.12.14-122.189.1
  • kernel-macros-4.12.14-122.189.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • kernel-default-devel-debuginfo-4.12.14-122.189.1
• SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64)
  • kernel-default-debuginfo-4.12.14-122.189.1
  • cluster-md-kmp-default-debuginfo-4.12.14-122.189.1
  • ocfs2-kmp-default-4.12.14-122.189.1
  • dlm-kmp-default-4.12.14-122.189.1
  • gfs2-kmp-default-debuginfo-4.12.14-122.189.1
  • kernel-default-debugsource-4.12.14-122.189.1
  • dlm-kmp-default-debuginfo-4.12.14-122.189.1
  • ocfs2-kmp-default-debuginfo-4.12.14-122.189.1
  • gfs2-kmp-default-4.12.14-122.189.1
  • cluster-md-kmp-default-4.12.14-122.189.1
• SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc)
  • kernel-default-4.12.14-122.189.1
• SUSE Linux Enterprise Live Patching 12-SP5 (nosrc)
  • kernel-default-4.12.14-122.189.1
• SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
  • kernel-default-debuginfo-4.12.14-122.189.1
  • kernel-default-kgraft-4.12.14-122.189.1
  • kernel-default-debugsource-4.12.14-122.189.1
  • kernel-default-kgraft-devel-4.12.14-122.189.1
  • kgraft-patch-4_12_14-122_189-default-1-8.3.1
• SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc)
  • kernel-docs-4.12.14-122.189.1
• SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
  • kernel-obs-build-debugsource-4.12.14-122.189.1
  • kernel-obs-build-4.12.14-122.189.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64)
  • kernel-default-4.12.14-122.189.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • kernel-default-debuginfo-4.12.14-122.189.1
  • kernel-default-base-debuginfo-4.12.14-122.189.1
  • kernel-syms-4.12.14-122.189.1
  • kernel-default-debugsource-4.12.14-122.189.1
  • kernel-default-base-4.12.14-122.189.1
  • kernel-default-devel-4.12.14-122.189.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • kernel-devel-4.12.14-122.189.1
  • kernel-source-4.12.14-122.189.1
  • kernel-macros-4.12.14-122.189.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • kernel-default-devel-debuginfo-4.12.14-122.189.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-4.12.14-122.189.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debuginfo-4.12.14-122.189.1
  • kernel-default-base-debuginfo-4.12.14-122.189.1
  • kernel-syms-4.12.14-122.189.1
  • kernel-default-debugsource-4.12.14-122.189.1
  • kernel-default-base-4.12.14-122.189.1
  • kernel-default-devel-4.12.14-122.189.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • kernel-devel-4.12.14-122.189.1
  • kernel-source-4.12.14-122.189.1
  • kernel-macros-4.12.14-122.189.1
• SUSE Linux Enterprise Server 12 SP5 (s390x)
  • kernel-default-man-4.12.14-122.189.1
• SUSE Linux Enterprise Server 12 SP5 (x86_64)
  • kernel-default-devel-debuginfo-4.12.14-122.189.1
• SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc)
  • kernel-default-4.12.14-122.189.1
• SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
  • kernel-default-extra-debuginfo-4.12.14-122.189.1
  • kernel-default-debugsource-4.12.14-122.189.1
  • kernel-default-debuginfo-4.12.14-122.189.1
  • kernel-default-extra-4.12.14-122.189.1

References:

• https://www.suse.com/security/cve/CVE-2020-26555.html
• https://www.suse.com/security/cve/CVE-2022-2586.html
• https://www.suse.com/security/cve/CVE-2023-51779.html
• https://www.suse.com/security/cve/CVE-2023-6121.html
• https://www.suse.com/security/cve/CVE-2023-6606.html
• https://www.suse.com/security/cve/CVE-2023-6610.html
• https://www.suse.com/security/cve/CVE-2023-6931.html
• https://www.suse.com/security/cve/CVE-2023-6932.html
• https://bugzilla.suse.com/show_bug.cgi?id=1109837
• https://bugzilla.suse.com/show_bug.cgi?id=1179610
• https://bugzilla.suse.com/show_bug.cgi?id=1202095
• https://bugzilla.suse.com/show_bug.cgi?id=1211226
• https://bugzilla.suse.com/show_bug.cgi?id=1211439
• https://bugzilla.suse.com/show_bug.cgi?id=1214158
• https://bugzilla.suse.com/show_bug.cgi?id=1214479
• https://bugzilla.suse.com/show_bug.cgi?id=1215237
• https://bugzilla.suse.com/show_bug.cgi?id=1217036
• https://bugzilla.suse.com/show_bug.cgi?id=1217250
• https://bugzilla.suse.com/show_bug.cgi?id=1217801
• https://bugzilla.suse.com/show_bug.cgi?id=1217936
• https://bugzilla.suse.com/show_bug.cgi?id=1217946
• https://bugzilla.suse.com/show_bug.cgi?id=1217947
• https://bugzilla.suse.com/show_bug.cgi?id=1218057
• https://bugzilla.suse.com/show_bug.cgi?id=1218184
• https://bugzilla.suse.com/show_bug.cgi?id=1218253
• https://bugzilla.suse.com/show_bug.cgi?id=1218258
• https://bugzilla.suse.com/show_bug.cgi?id=1218362
• https://bugzilla.suse.com/show_bug.cgi?id=1218559
• https://bugzilla.suse.com/show_bug.cgi?id=1218622
• https://jira.suse.com/browse/PED-5021
• https://jira.suse.com/browse/PED-5023