SUSE-SU-2023:3785-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20233785-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3785-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:3785-1
Related
Published
2023-09-26T11:19:19Z
Modified
2023-09-26T11:19:19Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
  • CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
  • CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
  • CVE-2023-3863: Fixed a use-after-free flaw was found in nfcllcpfind_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
  • CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
  • CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
  • CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
  • CVE-2023-4134: Fixed use-after-free in cyttsp4watchdogwork() (bsc#1213971).
  • CVE-2023-4147: Fixed use-after-free in nftablesnewrule (bsc#1213968).
  • CVE-2023-4194: Fixed a type confusion in net tunchropen() (bsc#1214019).
  • CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
  • CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
  • CVE-2023-4387: Fixed use-after-free flaw in vmxnet3rqallocrxbuf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
  • CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3rqcleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
  • CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
  • CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
  • CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).

The following non-security bugs were fixed:

  • ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • Do not add and remove genksyms ifdefs
  • clocksource/drivers/armarchtimer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
  • e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
  • e1000: Fix typos in comments (jsc#PED-5738).
  • e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
  • e1000: drop unneeded assignment in e1000setitr() (jsc#PED-5738).
  • e1000: switch to napiconsumeskb() (jsc#PED-5738).
  • intel/e1000:fix repeated words in comments (jsc#PED-5738).
  • intel: remove checker warning (jsc#PED-5738).
  • kabi/severities: Ignore newly added SRSO mitigation functions
  • md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
  • md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
  • net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738).
  • net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
  • powerpc/rtas: block error injection when locked down (bsc#1023051).
  • powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
  • powerpc/rtas: move syscall filter setup into separate function (bsc#1023051).
  • powerpc/rtas: remove ibmsuspendme_token (bsc#1023051).
  • powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
  • pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
  • timers: Add shutdown mechanism to the internal functions (bsc#1213970).
  • timers: Provide timershutdownsync (bsc#1213970).
  • timers: Rename deltimer() to timerdelete() (bsc#1213970).
  • timers: Rename deltimersync() to timerdeletesync() (bsc#1213970).
  • timers: Replace BUG_ON()s (bsc#1213970).
  • timers: Silently ignore timers with a NULL function (bsc#1213970).
  • timers: Split [tryto]deltimersync to prepare for shutdown mode (bsc#1213970).
  • timers: Update kernel-doc for various functions (bsc#1213970).
  • timers: Use deltimersync() even on UP (bsc#1213970).
  • x86/cpu/kvm: Provide UNTRAINRETVM (git-fixes).
  • x86/cpu: Cleanup the untrain mess (git-fixes).
  • x86/cpu: Rename original retbleed methods (git-fixes).
  • x86/cpu: Rename srso(.*)alias to srsoalias\1 (git-fixes).
  • x86/retpoline: Do not clobber RFLAGS during srsosaferet() (git-fixes).
  • x86/speculation: Add cpushowgds() prototype (git-fixes).
  • x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
  • x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
  • x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
  • x86/srso: Explain the untraining sequences a bit more (git-fixes).
  • x86: Move gdsucodemitigated() declaration to header (git-fixes).
  • xfs: fix sb write verify for lazysbcount (bsc#1214275).
  • xfs: gut error handling in xfstransunreserveandmod_sb() (bsc#1214275).
  • xfs: update superblock counters correctly for !lazysbcount (bsc#1214275).
References

Affected packages

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.141.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.141.1"
        }
    ]
}