SUSE-SU-2023:3421-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20233421-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3421-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:3421-1
Related
Published
2023-08-24T08:55:49Z
Modified
2023-08-24T08:55:49Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).
  • CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
  • CVE-2023-0459: Fixed information leak in _uaccessbegin_nospec (bsc#1211738).
  • CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
  • CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
  • CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplusputsuper in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
  • CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAPNETADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
  • CVE-2023-31248: Fixed an use-after-free vulnerability in nftchainlookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
  • CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nftablesapi.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
  • CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
  • CVE-2023-3567: Fixed a use-after-free in vcsread in drivers/tty/vt/vcscreen.c (bsc#1213167).
  • CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
  • CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
  • CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
  • CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).

The following non-security bugs were fixed:

  • arm: cpu: switch to archcpufinalize_init() (bsc#1206418).
  • get module prefix from kmod (bsc#1212835).
  • remove more packaging cruft for sle < 12 sp3
  • block, bfq: fix division by zero error on zero wsum (bsc#1213653).
  • init, x86: move memencryptinit() into archcpufinalize_init() (bsc#1206418).
  • init: invoke archcpufinalize_init() earlier (bsc#1206418).
  • init: provide archcpufinalize_init() (bsc#1206418).
  • init: remove check_bugs() leftovers (bsc#1206418).
  • jbd2: export jbd2journal[grab|put]journalhead (bsc#1199304).
  • kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
  • kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
  • kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
  • keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
  • lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: add _alwaysinline annotation to _downread_common() and inlined callers (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: better collate rwsemreadtrylock() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption in all downread*() and upread() code paths (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption in all downwrite*() and upwrite() code paths (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: fold _down{read,write}*() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: introduce rwsemwritetrylock() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: optimize downreadtrylock() under highly contended case (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: pass the current atomic count to rwsemdownread_slowpath() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
  • locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
  • locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
  • locking: remove rcuread{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
  • net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
  • net: mana: add support for vlan tagging (bsc#1212301).
  • ocfs2: fix a deadlock when commit trans (bsc#1199304).
  • ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
  • ocfs2: fix race between searching chunks and release journalhead from bufferhead (bsc#1199304).
  • rpm/check-for-config-changes: ignore also paholehas* we now also have options like configpaholehaslangexclude.
  • rpm/check-for-config-changes: ignore also riscvisa* and dynamicsigframe they depend on configtoolchainhas*.
  • rwsem-rt: implement downreadinterruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).
  • rwsem: implement downreadinterruptible (bsc#1207270 jsc#ped-4567).
  • rwsem: implement downreadkillable_nested (bsc#1207270 jsc#ped-4567).
  • ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
  • ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
  • usrmerge: adjust module path in the kernel sources (bsc#1212835).
  • x86/cpu: switch to archcpufinalize_init() (bsc#1206418).
  • x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
  • x86/microcode/AMD: Make stub function static inline (bsc#1213868).
References

Affected packages

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.138.3

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.138.3"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.138.3

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.138.3"
        }
    ]
}