SUSE-SU-2023:4359-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234359-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4359-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4359-1
Related
Published
2023-11-03T12:47:09Z
Modified
2023-11-03T12:47:09Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
  • CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
  • CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
  • CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAPNETADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)

The following non-security bugs were fixed:

  • 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
  • audit: fix potential double free on error path from fsnotifyaddinode_mark (git-fixes).
  • crypto: virtio: Fix use-after-free in virtiocryptoskcipherfinalizereq() (git-fixes).
  • iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
  • iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
  • iommu/amd: Set iommu->int_enabled consistently when interrupts are set up (bsc#1206010).
  • kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
  • KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
  • memcg: drop kmem.limitinbytes (bsc#1208788)
  • mm, memcg: reconsider kmem.limitinbytes deprecation (bsc#1208788 bsc#1213705).
  • net: usb: dm9601: fix uninitialized variable use in dm9601mdioread (git-fixes).
  • net: usb: smsc75xx: Fix uninit-value access in _smsc75xxread_reg (git-fixes).
  • ratelimit: Fix data-races in _ratelimit() (git-fixes).
  • ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
  • s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
  • s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
  • s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140).
  • s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950).
  • s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322 bsc#1213950).
  • scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327 bsc#1213977 git-fixes).
  • scsi: zfcp: Fix a double put in zfcpportenqueue() (git-fixes bsc#1216514).
  • tools/thermal: Fix possible path truncations (git-fixes).
  • tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
  • tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
  • tracing: Fix race issue between cpu buffer write and swap (git-fixes).
  • uas: Add USFLNOREPORTOPCODES for JMicron JMS583Gen 2 (git-fixes).
  • usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
  • usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
  • usb: typec: altmodes/displayport: fix pinassignmentshow (git-fixes).
  • vhost-scsi: unbreak any layout for response (git-fixes).
  • virtio_balloon: fix deadlock on OOM (git-fixes).
  • virtioballoon: fix increment of vb->numpfns in fill_balloon() (git-fixes).
  • virtio_net: Fix error unwinding of XDP initialization (git-fixes).
  • virtio: Protect vqs list access (git-fixes).
  • vsock/virtio: add transport parameter to the virtiotransportresetnosock() (git-fixes).
  • xen-netback: use default TX queue size for vifs (git-fixes).
  • xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1215743).
  • xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1215743).
References

Affected packages

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.149.1",
            "dlm-kmp-rt": "4.12.14-10.149.1",
            "gfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug": "4.12.14-10.149.1",
            "kernel-rt-devel": "4.12.14-10.149.1",
            "cluster-md-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug-devel": "4.12.14-10.149.1",
            "kernel-source-rt": "4.12.14-10.149.1",
            "kernel-rt": "4.12.14-10.149.1",
            "ocfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-syms-rt": "4.12.14-10.149.1",
            "kernel-rt-base": "4.12.14-10.149.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-rt_debug

Package

Name
kernel-rt_debug
Purl
purl:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.149.1",
            "dlm-kmp-rt": "4.12.14-10.149.1",
            "gfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug": "4.12.14-10.149.1",
            "kernel-rt-devel": "4.12.14-10.149.1",
            "cluster-md-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug-devel": "4.12.14-10.149.1",
            "kernel-source-rt": "4.12.14-10.149.1",
            "kernel-rt": "4.12.14-10.149.1",
            "ocfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-syms-rt": "4.12.14-10.149.1",
            "kernel-rt-base": "4.12.14-10.149.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.149.1",
            "dlm-kmp-rt": "4.12.14-10.149.1",
            "gfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug": "4.12.14-10.149.1",
            "kernel-rt-devel": "4.12.14-10.149.1",
            "cluster-md-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug-devel": "4.12.14-10.149.1",
            "kernel-source-rt": "4.12.14-10.149.1",
            "kernel-rt": "4.12.14-10.149.1",
            "ocfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-syms-rt": "4.12.14-10.149.1",
            "kernel-rt-base": "4.12.14-10.149.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 12 SP5 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.12.14-10.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-devel-rt": "4.12.14-10.149.1",
            "dlm-kmp-rt": "4.12.14-10.149.1",
            "gfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug": "4.12.14-10.149.1",
            "kernel-rt-devel": "4.12.14-10.149.1",
            "cluster-md-kmp-rt": "4.12.14-10.149.1",
            "kernel-rt_debug-devel": "4.12.14-10.149.1",
            "kernel-source-rt": "4.12.14-10.149.1",
            "kernel-rt": "4.12.14-10.149.1",
            "ocfs2-kmp-rt": "4.12.14-10.149.1",
            "kernel-syms-rt": "4.12.14-10.149.1",
            "kernel-rt-base": "4.12.14-10.149.1"
        }
    ]
}