SUSE-SU-2023:2805-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2805-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:2805-1
Related
Published
2023-07-11T04:31:55Z
Modified
2023-07-11T04:31:55Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
  • CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
  • CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvbregisterdevice dynamically allocating fops (bsc#1205756).
  • CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
  • CVE-2022-45886: Fixed a .disconnect versus dvbdeviceopen race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
  • CVE-2022-45887: Fixed a memory leak in ttusbdec.c caused by the lack of a dvbfrontend_detach call (bsc#1205762).
  • CVE-2022-45919: Fixed a use-after-free in dvbcaen50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
  • CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
  • CVE-2023-1077: Fixed a type confusion in picknextrt_entity(), that could cause memory corruption (bsc#1208600).
  • CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
  • CVE-2023-1118: Fixed a use-after-free bugs caused by enetxirqsim() in media/rc (bsc#1208837).
  • CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
  • CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmfgetassoc_ies() (bsc#1209287).
  • CVE-2023-1390: Fixed remote DoS vulnerability in tipclinkxmit() (bsc#1209289).
  • CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
  • CVE-2023-1611: Fixed an use-after-free flaw in btrfssearchslot (bsc#1209687).
  • CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
  • CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
  • CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
  • CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
  • CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
  • CVE-2023-2162: Fixed an use-after-free flaw in iscsiswtcpsessioncreate (bsc#1210647).
  • CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
  • CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
  • CVE-2023-23455: Fixed a denial of service inside atmtcenqueue in net/sched/schatm.c because of type confusion (non-negative numbers can sometimes indicate a TCACT_SHOT condition rather than valid classification results) (bsc#1207125).
  • CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
  • CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
  • CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hciconncleanup in net/uetooth/hci_conn.c (bsc#1209052).
  • CVE-2023-28772: Fixed buffer overflow in seqbufputmemhex in lib/seqbuf.c (bsc#1209549).
  • CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150chargerremove (bsc#1210329).
  • CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
  • CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
  • CVE-2023-31436: Fixed an out-of-bounds write in qfqchangeclass() because lmax can exceed QFQMINLMAX (bsc#1210940).
  • CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outboundphypacket_callback (bsc#1212128).
  • CVE-2023-3161: Fixed shift-out-of-bounds in fbconsetfont() (bsc#1212154).
  • CVE-2023-32269: Fixed a use-after-free in afnetrom.c, related to the fact that accept() was also allowed for a successfully connected AFNETROM socket (bsc#1211186).
  • CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).

The following non-security bugs were fixed:

  • Do not sign the vanilla kernel (bsc#1209008).
  • Drop dvb-core fix patch due to regression (bsc#1205758).
  • Revert CVE-2018-20784 due to regression (bsc#1126703).
  • binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
  • bluetooth: Fix double free in hciconncleanup (bsc#1209052 CVE-2023-28464).
  • bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336).
  • btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687).
  • do not fallthrough in cbqclassify and stop on TCACT_SHOT (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
  • ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h (bsc#1206878).
  • ext4: fix use-after-free in ext4xattrset_entry (bsc#1206878 bsc#1211105 CVE-2023-2513).
  • fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
  • firewire: fix potential uaf in outboundphypacket_callback() (CVE-2023-3159 bsc#1212128).
  • fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
  • i2c: xgene-slimpro: Fix out-of-bounds bug in xgeneslimproi2c_xfer() (bsc#1210715 CVE-2023-2194).
  • ipv6: raw: Deduct extension header length in rawv6pushpending_frames (bsc#1207168).
  • ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
  • kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753).
  • kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513).
  • media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824).
  • media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760).
  • media: dvb-core: Fix use-after-free due to race at dvbregisterdevice() (CVE-2022-45884 bsc#1205756).
  • media: dvb-core: Fix use-after-free due to race condition at dvbcaen50221 (CVE-2022-45919 bsc#1205803).
  • media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758).
  • media: dvb-usb: az6027: fix null-ptr-deref in az6027i2cxfer() (bsc#1209291 CVE-2023-28328).
  • media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758).
  • media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
  • media: dvbdev: fix error logic at dvbregisterdevice() (CVE-2022-45884 bsc#1205756).
  • media: rc: Fix use-after-free bugs caused by enetxirqsim() (CVE-2023-1118 bsc#1208837).
  • media: ttusb-dec: fix memory leak in ttusbdecexit_dvb() (CVE-2022-45887 bsc#1205762).
  • memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449).
  • net: sched: schqfq: prevent slab-out-of-bounds in qfqactivate_agg (bsc#1210940 CVE-2023-31436).
  • netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777).
  • netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269).
  • nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990).
  • power: supply: da9150: Fix use after free bug in da9150chargerremove due to race condition (CVE-2023-30772 bsc#1210329).
  • prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753).
  • sched/rt: picknextrtentity(): check listentry (bsc#1208600 CVE-2023-1077).
  • scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162).
  • seqbuf: Fix overflow in seqbufputmemhex() (bsc#1209549 CVE-2023-28772).
  • tcp: Fix data races around icsk->icskafops (bsc#1204405 CVE-2022-3566).
  • tipc: fix NULL deref in tipclinkxmit() (bsc#1209289 CVE-2023-1390).
  • wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassoc_ies() (bsc#1209287 CVE-2023-1380).
  • x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998).
  • xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124).
  • xirc2pscs: Fix use after free bug in xirc2psdetach (bsc#1209871 CVE-2023-1670).
References

Affected packages

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.205.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.205.1",
            "kernel-devel": "4.4.121-92.205.1",
            "kernel-default-base": "4.4.121-92.205.1",
            "kernel-default": "4.4.121-92.205.1",
            "kernel-source": "4.4.121-92.205.1",
            "kernel-syms": "4.4.121-92.205.1",
            "kernel-default-devel": "4.4.121-92.205.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.205.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.205.1",
            "kernel-devel": "4.4.121-92.205.1",
            "kernel-default-base": "4.4.121-92.205.1",
            "kernel-default": "4.4.121-92.205.1",
            "kernel-source": "4.4.121-92.205.1",
            "kernel-syms": "4.4.121-92.205.1",
            "kernel-default-devel": "4.4.121-92.205.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.121-92.205.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "4.4.121-92.205.1",
            "kernel-devel": "4.4.121-92.205.1",
            "kernel-default-base": "4.4.121-92.205.1",
            "kernel-default": "4.4.121-92.205.1",
            "kernel-source": "4.4.121-92.205.1",
            "kernel-syms": "4.4.121-92.205.1",
            "kernel-default-devel": "4.4.121-92.205.1"
        }
    ]
}