SUSE-SU-2023:0591-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20230591-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0591-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:0591-1
Related
Published
2023-03-02T08:21:46Z
Modified
2023-03-02T08:21:46Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdechelpers.c:amvdecset_canvases (bsc#1206399).
  • CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393).
  • CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).
  • CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
  • CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
  • CVE-2023-23455: Fixed a denial of service inside atmtcenqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125).

The following non-security bugs were fixed:

  • arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
  • arm64: dts: allwinner: H5: Add PMU node (git-fixes)
  • arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
  • arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
  • arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
  • arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
  • arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
  • arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
  • arm64: psci: Reduce the waiting time for cpupscicpu_kill() (git-fixes).
  • arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
  • arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
  • btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904).
  • drbd: destroy workqueue when drbd device was freed (git-fixes).
  • drbd: remove usage of list iterator variable after loop (git-fixes).
  • drbd: use after free in drbdcreatedevice() (git-fixes).
  • ext4: Detect already used quota file early (bsc#1206873).
  • ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h (bsc#1206878).
  • ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
  • ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
  • ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
  • ext4: avoid resizing to a partial cluster size (bsc#1206880).
  • ext4: choose hardlimit when softlimit is larger than hardlimit in ext4statfsproject() (bsc#1206854).
  • ext4: continue to expand file system when the target size does not reach (bsc#1206882).
  • ext4: convert BUGON's to WARNON's in mballoc.c (bsc#1206859).
  • ext4: correct maxinlinexattrvaluesize computing (bsc#1206878).
  • ext4: correct the error path of ext4writeinlinedataend() (bsc#1206875).
  • ext4: correct the misjudgment in ext4igetextra_inode (bsc#1206878).
  • ext4: fix BUGON() when directory entry has invalid reclen (bsc#1206886).
  • ext4: fix a data race at inode->i_disksize (bsc#1206855).
  • ext4: fix bug in extents parsing when ehentries == 0 and ehdepth > 0 (bsc#1206881).
  • ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
  • ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
  • ext4: fix null-ptr-deref in ext4writeinfo (bsc#1206884).
  • ext4: fix undefined behavior in bit shift for ext4checkflag_values (bsc#1206890).
  • ext4: fix uninititialized value in 'ext4evictinode' (bsc#1206893).
  • ext4: fix use-after-free in ext4extshift_extents (bsc#1206888).
  • ext4: fix use-after-free in ext4xattrset_entry (bsc#1206878).
  • ext4: fix warning in 'ext4darelease_space' (bsc#1206887).
  • ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
  • ext4: make ext4lazyinitthread freezable (bsc#1206885).
  • ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
  • ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
  • ext4: update soverheadclusters in the superblock during an on-line resize (bsc#1206876).
  • ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
  • fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
  • ibmveth: Always stop tx queues during close (bsc#1065729).
  • isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
  • lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
  • libfs: add DEFINESIMPLEATTRIBUTE_SIGNED for signed value (bsc#1206634).
  • lockd: lockd server-side shouldn't set fl_ops (git-fixes).
  • memcg, kmem: further deprecate kmem.limitinbytes (bsc#1206896).
  • memcg: Fix possible use-after-free in memcgwriteevent_control() (bsc#1206344).
  • mm, memcg: do not high throttle allocators based on wraparound
  • mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
  • mm, memcg: throttle allocators based on ancestral memory.high
  • mm/filemap.c: clear page error before actual read (bsc#1206635).
  • mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
  • module: Remove accidental change of moduleenablex() (git-fixes).
  • module: avoid gotos in modulesigcheck() (git-fixes).
  • module: merge repetitive strings in modulesigcheck() (git-fixes).
  • module: set MODULESTATEGOING state when a module fails to load (git-fixes).
  • modules: lockdep: Suppress suspicious RCU usage warning (git-fixes).
  • net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
  • net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
  • net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
  • netfilter: nfnetlinkosf: fix possible bogus match in nfosf_find() (bsc#1204614).
  • nfs4: Fix kmemleak when allocate slot failed (git-fixes).
  • nfs4: Fix oops when copyfilerange is attempted with NFS4.0 source (git-fixes).
  • nfs: Fix an Oops in nfsdautomount() (git-fixes).
  • nfs: Fix memory leaks (git-fixes).
  • nfs: Fix memory leaks in nfspageiostop_mirroring() (git-fixes).
  • nfs: Handle missing attributes in OPEN reply (bsc#1203740).
  • nfs: Zero-stateid SETATTR should first return delegation (git-fixes).
  • nfs: direct.c: Fix memory leak of dreq when nfsgetlock_context fails (git-fixes).
  • nfs: fix PNFSFLEXFILELAYOUT Kconfig default (git-fixes).
  • nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
  • nfs: nfsfindopen_context() may only select open files (git-fixes).
  • nfs: nfsxdrstatus should record the procedure name (git-fixes).
  • nfs: we do not support removing system.nfs4_acl (git-fixes).
  • nfsd: Clone should commit src file metadata too (git-fixes).
  • nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
  • nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
  • nfsd: Keep existing listeners on portlist error (git-fixes).
  • nfsd: Return nfserrserverfault if spliceok but buf->pages have data (git-fixes).
  • nfsd: do not call nfsdfileput from client states seqfile display (git-fixes).
  • nfsd: fix error handling in NFSv4.0 callbacks (git-fixes).
  • nfsd: safer handling of corrupted c_type (git-fixes).
  • nfsv4 expose nfsparseserver_name function (git-fixes).
  • nfsv4 only print the label when its queried (git-fixes).
  • nfsv4 remove zero number of fs_locations entries error check (git-fixes).
  • nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
  • nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
  • nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
  • nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
  • nfsv4.2: Clear FATTR4WORD2SECURITY_LABEL when done decoding (git-fixes).
  • nfsv4.2: Fix a memory stomp in decodeattrsecurity_label (git-fixes).
  • nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).
  • nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
  • nfsv4.2: error out when relink swapfile (git-fixes).
  • nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
  • nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
  • nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
  • nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
  • nfsv4: Fix a deadlock between nfs4openrecover_helper() and delegreturn (git-fixes).
  • nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
  • nfsv4: Fix races between open and dentry revalidation (git-fixes).
  • nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
  • nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
  • pnfs/nfsv4: Try to return invalid layout in pnfslayoutprocess() (git-fixes).
  • powerpc/64: Init jump labels before parseearlyparam() (bsc#1065729).
  • powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
  • powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).
  • powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
  • powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729).
  • powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).
  • powerpc/pci: Fix getphbnumber() locking (bsc#1065729).
  • powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
  • powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).
  • powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
  • powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).
  • powerpc/powernv: add missing ofnodeput (bsc#1065729).
  • powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).
  • powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
  • powerpc/pseries: Stop calling printk in rtasstopself() (bsc#1065729).
  • powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
  • powerpc/rtas: avoid device tree lookups in rtasosterm() (bsc#1065729).
  • powerpc/rtas: avoid scheduling in rtasosterm() (bsc#1065729).
  • powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).
  • powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
  • powerpc/xive: Add a check for memory allocation failure (git-fixes).
  • powerpc/xive: add missing iounmap() in error path in xivespaprpopulateirqdata() (git-fixes).
  • powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).
  • powerpc: Force inlining of cpuhasfeature() to avoid build failure (bsc#1065729).
  • powerpc: improve handling of unrecoverable system reset (bsc#1065729).
  • powerpc: sysdev: add missing iounmap() on error in mpicmsgrprobe() (bsc#1065729).
  • quota: Check next/prev free block number after reading from quota file (bsc#1206640).
  • rpc: fix NULL dereference on kmalloc failure (git-fixes).
  • rpc: fix gsssvcinit cleanup on failure (git-fixes).
  • sbitmap: fix lockup while swapping (bsc#1206602).
  • sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).
  • scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
  • scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
  • scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
  • scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
  • scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
  • scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
  • scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
  • scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
  • scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
  • scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
  • scsi: qla2xxx: Initialize vha->unknownatio[list, work] for NPIV hosts (jsc#PED-568).
  • scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
  • scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
  • string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
  • sunrpc: Do not leak netobj memory when gssreadproxy_verf() fails (git-fixes).
  • sunrpc: Do not start a timer on an already queued rpc task (git-fixes).
  • sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).
  • sunrpc: Fix potential leaks in sunrpccacheunhash() (git-fixes).
  • sunrpc: Fix socket waits for write buffer space (git-fixes).
  • sunrpc: Handle 0 length opaque XDR object data properly (git-fixes).
  • sunrpc: Mitigate condresched() in xprttransmit() (git-fixes).
  • sunrpc: Move simplegetbytes and simplegetnetobj into private header (git-fixes).
  • sunrpc: check that domain table is empty at module unload (git-fixes).
  • sunrpc: stop printk reading past end of string (git-fixes).
  • svcrdma: Fix another Receive buffer leak (git-fixes).
  • svcrdma: Fix backchannel return code (git-fixes).
  • tracing: Verify if trace array exists before destroying it (git-fixes).
  • udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
  • udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
  • udf: Fix a slab-out-of-bounds write bug in udffindentry() (bsc#1206649).
  • udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).
  • udf: Fix iocharset=utf8 mount option (bsc#1206647).
  • udf: Limit sparing table size (bsc#1206643).
  • udf: fix silent AED tagLocation corruption (bsc#1206645).
  • udf: fix the problem that the disc content is not displayed (bsc#1206644).
  • udfgetextendedattr() had no boundary checks (bsc#1206648).
  • xprtrdma: Fix regbuf data not freed in rpcrdmareqcreate() (git-fixes).
  • xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
References

Affected packages

SUSE:Real Time Module 15 SP3 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.118.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.118.1",
            "dlm-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt-devel": "5.3.18-150300.118.1",
            "cluster-md-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt_debug-devel": "5.3.18-150300.118.1",
            "kernel-source-rt": "5.3.18-150300.118.1",
            "kernel-rt": "5.3.18-150300.118.1",
            "ocfs2-kmp-rt": "5.3.18-150300.118.1",
            "gfs2-kmp-rt": "5.3.18-150300.118.1",
            "kernel-syms-rt": "5.3.18-150300.118.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.118.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.118.1",
            "dlm-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt-devel": "5.3.18-150300.118.1",
            "cluster-md-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt_debug-devel": "5.3.18-150300.118.1",
            "kernel-source-rt": "5.3.18-150300.118.1",
            "kernel-rt": "5.3.18-150300.118.1",
            "ocfs2-kmp-rt": "5.3.18-150300.118.1",
            "gfs2-kmp-rt": "5.3.18-150300.118.1",
            "kernel-syms-rt": "5.3.18-150300.118.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.118.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.118.1",
            "dlm-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt-devel": "5.3.18-150300.118.1",
            "cluster-md-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt_debug-devel": "5.3.18-150300.118.1",
            "kernel-source-rt": "5.3.18-150300.118.1",
            "kernel-rt": "5.3.18-150300.118.1",
            "ocfs2-kmp-rt": "5.3.18-150300.118.1",
            "gfs2-kmp-rt": "5.3.18-150300.118.1",
            "kernel-syms-rt": "5.3.18-150300.118.1"
        }
    ]
}

SUSE:Real Time Module 15 SP3 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.118.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "5.3.18-150300.118.1",
            "dlm-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt-devel": "5.3.18-150300.118.1",
            "cluster-md-kmp-rt": "5.3.18-150300.118.1",
            "kernel-rt_debug-devel": "5.3.18-150300.118.1",
            "kernel-source-rt": "5.3.18-150300.118.1",
            "kernel-rt": "5.3.18-150300.118.1",
            "ocfs2-kmp-rt": "5.3.18-150300.118.1",
            "gfs2-kmp-rt": "5.3.18-150300.118.1",
            "kernel-syms-rt": "5.3.18-150300.118.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.118.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.118.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.118.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.118.1"
        }
    ]
}