SUSE-SU-2023:4358-1

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
• CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
• CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
• CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAPNETADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
• CVE-2023-3111: Fixed a use-after-free vulnerability in preparetorelocate in fs/btrfs/relocation.c (bsc#1212051).
• CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
• CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
• CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
• CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).

The following non-security bugs were fixed:

• nvme-fc: Prevent null pointer dereference in nvmefcio_getuuid() (bsc#1214842).