

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4032-1  
Rating: important  
References:

  * #1109837
  * #1152446
  * #1154048
  * #1213016
  * #1214157
  * #1214380
  * #1214586
  * #1214940
  * #1214943
  * #1214945
  * #1214946
  * #1214948
  * #1214949
  * #1214950
  * #1214952
  * #1214953
  * #1215122
  * #1215136
  * #1215164
  * #1215165
  * #1215607
  * #1215877
  * #1215897
  * #1215898

  
Cross-References:

  * CVE-2020-36766
  * CVE-2023-1192
  * CVE-2023-1206
  * CVE-2023-1859
  * CVE-2023-39192
  * CVE-2023-39193
  * CVE-2023-39194
  * CVE-2023-42754
  * CVE-2023-4622
  * CVE-2023-4623
  * CVE-2023-4881
  * CVE-2023-4921

  
CVSS scores:

  * CVE-2020-36766 ( SUSE ):  2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2020-36766 ( NVD ):  3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  * CVE-2023-1192 ( SUSE ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1206 ( SUSE ):  5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1206 ( NVD ):  5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-1859 ( SUSE ):  1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
  * CVE-2023-1859 ( NVD ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-39192 ( SUSE ):  6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
  * CVE-2023-39192 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
  * CVE-2023-39193 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-39193 ( NVD ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-39194 ( SUSE ):  3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
  * CVE-2023-39194 ( NVD ):  3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
  * CVE-2023-42754 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-42754 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4622 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4622 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4623 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4623 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4881 ( SUSE ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-4881 ( NVD ):  6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  * CVE-2023-4921 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4921 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5

  
  
An update that solves 12 vulnerabilities and has 12 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2023-39194: Fixed a flaw in the processing of state filters which could
    allow a local attackers to disclose sensitive information. (bsc#1215861)
  * CVE-2023-39193: Fixed a flaw in the processing of state filters which could
    allow a local attackers to disclose sensitive information. (bsc#1215860)
  * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow
    a local attackers to disclose sensitive information. (bsc#1215858)
  * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which
    could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
  * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
    table. A user located in the local network or with a high bandwidth
    connection can increase the CPU usage of the server that accepts IPV6
    connections up to 95% (bsc#1212703).
  * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
    scheduler which could be exploited to achieve local privilege escalatio
    (bsc#1215275).
  * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
    sockets component which could be exploited to achieve local privilege
    escalation (bsc#1215117).
  * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
    which could be exploited to achieve local privilege escalation
    (bsc#1215115).
  * CVE-2020-36766: Fixed a potential information leak in in the CEC driver
    (bsc#1215299).
  * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
    could be exploited to crash the system (bsc#1210169).
  * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
    that could lead to potential information disclosure or a denial of service
    (bsc#1215221).
  * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
    (bsc#1208995).

The following non-security bugs were fixed:

  * 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).
  * arm64: insn: Fix ldadd instruction encoding (git-fixes)
  * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
  * blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).
  * blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick
    (bsc#1214586).
  * blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).
  * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC
    (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
  * direct-io: allow direct writes to empty inodes (bsc#1215164).
  * Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).
  * drm/ast: Fix DRAM init on AST2200 (bsc#1152446)
  * drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446)
    Backporting changes: * move changes to drm_fb_helper.c * context changes
  * drm/client: Send hotplug event after registering a client (bsc#1152446)
    Backporting changes: * send hotplug event from drm_client_add() * remove
    drm_dbg_kms()
  * drm/virtio: Fix GEM handle creation UAF (git-fixes).
  * drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-
    fixes).
  * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
  * ext4: correct inline offset when handling xattrs in inode body
    (bsc#1214950).
  * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
  * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
  * fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048)
  * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)
  * fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)
  * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)
  * fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048)
  * firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()
    (git-fixes).
  * firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).
  * firmware: raspberrypi: Keep count of all consumers (git-fixes).
  * fs: avoid softlockups in s_inodes iterators (bsc#1215165).
  * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).
  * hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
  * idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).
  * Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
  * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
  * Input: xpad - add constants for GIP interface numbers (git-fixes).
  * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
  * jbd2: check 'jh->b_transaction' before removing it from checkpoint
    (bsc#1214953).
  * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
  * jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
  * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
    (bsc#1214948).
  * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
  * jbd2: remove t_checkpoint_io_list (bsc#1214946).
  * jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).
  * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
  * jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).
  * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    (git-fixes bsc#1215897).
  * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).
  * media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
  * media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).
  * media: cec: copy sequence field for the reply (git-fixes).
  * media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).
  * media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).
  * media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-
    fixes).
  * media: mceusb: return without resubmitting URB in case of -EPROTO error
    (git-fixes).
  * media: s5p_cec: decrement usage count if disabled (git-fixes).
  * media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
  * mkspec: Allow unsupported KMPs (bsc#1214386)
  * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
  * net: check if protocol extracted by virtio_net_hdr_set_proto is correct
    (git-fixes).
  * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
  * net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).
  * net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev
    is null (git-fixes).
  * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
  * net: virtio_vsock: Enhance connection semantics (git-fixes).
  * net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
  * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
  * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
  * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
  * powerpc/64s/exception: machine check use correct cfar for late handler
    (bsc#1065729).
  * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
    (bsc#1065729).
  * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
  * quota: fix warning in dqgrab() (bsc#1214962).
  * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
  * remoteproc: Add missing '\n' in log messages (git-fixes).
  * remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).
  * s390: add z16 elf platform (LTC#203790 bsc#1215954).
  * s390/dasd: fix hanging device after request requeue (LTC#203632
    bsc#1215121).
  * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes
    bsc#1215152).
  * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-
    fixes).
  * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
    (git-fixes).
  * scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
    (git-fixes bsc#1215149).
  * tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
  * tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes
    bsc#1215634).
  * udf: Fix extension of the last extent in the file (bsc#1214964).
  * udf: Fix file corruption when appending just after end of preallocated
    extent (bsc#1214965).
  * udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
  * udf: Fix uninitialized array access for some pathnames (bsc#1214967).
  * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
  * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
  * usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
  * usb: typec: altmodes/displayport: Fix pin assignment calculation (git-
    fixes).
  * vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).
  * vhost: Do not call access_ok() when using IOTLB (git-fixes).
  * vhost: fix range used in translate_desc() (git-fixes).
  * vhost: Fix vhost_vq_reset() (git-fixes).
  * vhost: introduce helpers to get the size of metadata area (git-fixes).
  * vhost: missing __user tags (git-fixes).
  * vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).
  * vhost: vsock: kick send_pkt worker once device is started (git-fixes).
  * vhost/net: Clear the pending messages when the backend is removed (git-
    fixes).
  * vhost/test: stop device before reset (git-fixes).
  * vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
  * virtio_balloon: prevent pfn array overflow (git-fixes).
  * virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
  * virtio_mmio: Restore guest page size on resume (git-fixes).
  * virtio_net: add checking sq is full inside xdp xmit (git-fixes).
  * virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
  * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
  * virtio_net: Remove BUG() to avoid machine dead (git-fixes).
  * virtio_net: reorder some funcs (git-fixes).
  * virtio_net: separate the logic of checking whether sq is full (git-fixes).
  * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
  * virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-
    fixes).
  * virtio_pci: Support surprise removal of virtio pci device (git-fixes).
  * virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).
  * virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
  * virtio-gpu: fix possible memory allocation failure (git-fixes).
  * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
  * virtio-net: fix race between ndo_open() and virtio_device_ready() (git-
    fixes).
  * virtio-net: fix race between set queues and probe (git-fixes).
  * virtio-net: fix the race between refill work and close (git-fixes).
  * virtio-net: set queues after driver_ok (git-fixes).
  * virtio-rng: make device ready before making request (git-fixes).
  * virtio: acknowledge all features before access (git-fixes).
  * vringh: Fix loop descriptors check in the indirect cases (git-fixes).
  * VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).
  * vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).
  * vsock/virtio: enable VQs early on probe (git-fixes).
  * vsock/virtio: free queued packets when closing socket (git-fixes).
  * vsock/virtio: update credit only if socket is not closed (git-fixes).
  * word-at-a-time: use the same return type for has_zero regardless of
    endianness (bsc#1065729).
  * x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
    (git-fixes).
  * x86/srso: Do not probe microcode in a guest (git-fixes).
  * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
  * x86/srso: Fix srso_show_state() side effect (git-fixes).
  * x86/srso: Set CPUID feature bits independently of bug or mitigation status
    (git-fixes).
  * xen: remove a confusing comment on auto-translated guest I/O (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4032=1

  * SUSE Linux Enterprise High Performance Computing 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4032=1

  * SUSE Linux Enterprise Server 12 SP5  
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4032=1

## Package List:

  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
    * kernel-azure-4.12.14-16.152.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
    * kernel-azure-base-4.12.14-16.152.1
    * kernel-azure-debuginfo-4.12.14-16.152.1
    * kernel-azure-devel-4.12.14-16.152.1
    * kernel-azure-debugsource-4.12.14-16.152.1
    * kernel-syms-azure-4.12.14-16.152.1
    * kernel-azure-base-debuginfo-4.12.14-16.152.1
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
    * kernel-source-azure-4.12.14-16.152.1
    * kernel-devel-azure-4.12.14-16.152.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
    * kernel-azure-4.12.14-16.152.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
    * kernel-azure-base-4.12.14-16.152.1
    * kernel-azure-debuginfo-4.12.14-16.152.1
    * kernel-azure-devel-4.12.14-16.152.1
    * kernel-azure-debugsource-4.12.14-16.152.1
    * kernel-syms-azure-4.12.14-16.152.1
    * kernel-azure-base-debuginfo-4.12.14-16.152.1
  * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
    * kernel-source-azure-4.12.14-16.152.1
    * kernel-devel-azure-4.12.14-16.152.1
  * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
    * kernel-azure-4.12.14-16.152.1
  * SUSE Linux Enterprise Server 12 SP5 (x86_64)
    * kernel-azure-base-4.12.14-16.152.1
    * kernel-azure-debuginfo-4.12.14-16.152.1
    * kernel-azure-devel-4.12.14-16.152.1
    * kernel-azure-debugsource-4.12.14-16.152.1
    * kernel-syms-azure-4.12.14-16.152.1
    * kernel-azure-base-debuginfo-4.12.14-16.152.1
  * SUSE Linux Enterprise Server 12 SP5 (noarch)
    * kernel-source-azure-4.12.14-16.152.1
    * kernel-devel-azure-4.12.14-16.152.1

## References:

  * https://www.suse.com/security/cve/CVE-2020-36766.html
  * https://www.suse.com/security/cve/CVE-2023-1192.html
  * https://www.suse.com/security/cve/CVE-2023-1206.html
  * https://www.suse.com/security/cve/CVE-2023-1859.html
  * https://www.suse.com/security/cve/CVE-2023-39192.html
  * https://www.suse.com/security/cve/CVE-2023-39193.html
  * https://www.suse.com/security/cve/CVE-2023-39194.html
  * https://www.suse.com/security/cve/CVE-2023-42754.html
  * https://www.suse.com/security/cve/CVE-2023-4622.html
  * https://www.suse.com/security/cve/CVE-2023-4623.html
  * https://www.suse.com/security/cve/CVE-2023-4881.html
  * https://www.suse.com/security/cve/CVE-2023-4921.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1109837
  * https://bugzilla.suse.com/show_bug.cgi?id=1152446
  * https://bugzilla.suse.com/show_bug.cgi?id=1154048
  * https://bugzilla.suse.com/show_bug.cgi?id=1213016
  * https://bugzilla.suse.com/show_bug.cgi?id=1214157
  * https://bugzilla.suse.com/show_bug.cgi?id=1214380
  * https://bugzilla.suse.com/show_bug.cgi?id=1214586
  * https://bugzilla.suse.com/show_bug.cgi?id=1214940
  * https://bugzilla.suse.com/show_bug.cgi?id=1214943
  * https://bugzilla.suse.com/show_bug.cgi?id=1214945
  * https://bugzilla.suse.com/show_bug.cgi?id=1214946
  * https://bugzilla.suse.com/show_bug.cgi?id=1214948
  * https://bugzilla.suse.com/show_bug.cgi?id=1214949
  * https://bugzilla.suse.com/show_bug.cgi?id=1214950
  * https://bugzilla.suse.com/show_bug.cgi?id=1214952
  * https://bugzilla.suse.com/show_bug.cgi?id=1214953
  * https://bugzilla.suse.com/show_bug.cgi?id=1215122
  * https://bugzilla.suse.com/show_bug.cgi?id=1215136
  * https://bugzilla.suse.com/show_bug.cgi?id=1215164
  * https://bugzilla.suse.com/show_bug.cgi?id=1215165
  * https://bugzilla.suse.com/show_bug.cgi?id=1215607
  * https://bugzilla.suse.com/show_bug.cgi?id=1215877
  * https://bugzilla.suse.com/show_bug.cgi?id=1215897
  * https://bugzilla.suse.com/show_bug.cgi?id=1215898

SUSE: 2023:4032-1 important: the Linux Kernel

October 10, 2023

* #1109837 * #1152446 * #1154048 * #1213016 * #1214157

Summary

## The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) * CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) * CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) * CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). * CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: * 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes). * arm64: insn: Fix ldadd instruction encoding (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586). * blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick (bsc#1214586). * blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586). * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. * direct-io: allow direct writes to empty inodes (bsc#1215164). * Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes). * drm/ast: Fix DRAM init on AST2200 (bsc#1152446) * drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes * drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms() * drm/virtio: Fix GEM handle creation UAF (git-fixes). * drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git- fixes). * ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048) * fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048) * fbdev: imxfb: warn about invalid left/right margin (bsc#1154048) * fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048) * fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048) * firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). * firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes). * firmware: raspberrypi: Keep count of all consumers (git-fixes). * fs: avoid softlockups in s_inodes iterators (bsc#1215165). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607). * hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). * idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837). * Input: psmouse - fix OOB access in Elantech protocol (git-fixes). * Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). * Input: xpad - add constants for GIP interface numbers (git-fixes). * Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * jbd2: simplify journal_clean_one_cp_list() (bsc#1215207). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898). * media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). * media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes). * media: cec: copy sequence field for the reply (git-fixes). * media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes). * media: cec: make cec_get_edid_spa_location() an inline function (git-fixes). * media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git- fixes). * media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). * media: s5p_cec: decrement usage count if disabled (git-fixes). * media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). * mkspec: Allow unsupported KMPs (bsc#1214386) * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes). * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes). * net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * net: virtio_vsock: Enhance connection semantics (git-fixes). * net/mlx5: Fix size field in bufferx_reg struct (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729). * powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). * powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * remoteproc: Add missing '\n' in log messages (git-fixes). * remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes). * s390: add z16 elf platform (LTC#203790 bsc#1215954). * s390/dasd: fix hanging device after request requeue (LTC#203632 bsc#1215121). * s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). * usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). * usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). * usb: typec: altmodes/displayport: Fix pin assignment calculation (git- fixes). * vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes). * vhost: Do not call access_ok() when using IOTLB (git-fixes). * vhost: fix range used in translate_desc() (git-fixes). * vhost: Fix vhost_vq_reset() (git-fixes). * vhost: introduce helpers to get the size of metadata area (git-fixes). * vhost: missing __user tags (git-fixes). * vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes). * vhost: vsock: kick send_pkt worker once device is started (git-fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * vhost/test: stop device before reset (git-fixes). * vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). * virtio_balloon: prevent pfn array overflow (git-fixes). * virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). * virtio_mmio: Restore guest page size on resume (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: Remove BUG() to avoid machine dead (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git- fixes). * virtio_pci: Support surprise removal of virtio pci device (git-fixes). * virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes). * virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). * virtio-gpu: fix possible memory allocation failure (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio-net: fix race between ndo_open() and virtio_device_ready() (git- fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: fix the race between refill work and close (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vringh: Fix loop descriptors check in the indirect cases (git-fixes). * VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes). * vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes). * vsock/virtio: enable VQs early on probe (git-fixes). * vsock/virtio: free queued packets when closing socket (git-fixes). * vsock/virtio: update credit only if socket is not closed (git-fixes). * word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). * x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes).

References

* #1109837

* #1152446

* #1154048

* #1213016

* #1214157

* #1214380

* #1214586

* #1214940

* #1214943

* #1214945

* #1214946

* #1214948

* #1214949

* #1214950

* #1214952

* #1214953

* #1215122

* #1215136

* #1215164

* #1215165

* #1215607

* #1215877

* #1215897

* #1215898

Cross-

* CVE-2020-36766

* CVE-2023-1192

* CVE-2023-1206

* CVE-2023-1859

* CVE-2023-39192

* CVE-2023-39193

* CVE-2023-39194

* CVE-2023-42754

* CVE-2023-4622

* CVE-2023-4623

* CVE-2023-4881

* CVE-2023-4921

CVSS scores:

* CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

* CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

* CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

* CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

* CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

* CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

* CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

* CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 12 vulnerabilities and has 12 security fixes can now be

installed.

* https://www.suse.com/security/cve/CVE-2020-36766.html

* https://www.suse.com/security/cve/CVE-2023-1192.html

* https://www.suse.com/security/cve/CVE-2023-1206.html

* https://www.suse.com/security/cve/CVE-2023-1859.html

* https://www.suse.com/security/cve/CVE-2023-39192.html

* https://www.suse.com/security/cve/CVE-2023-39193.html

* https://www.suse.com/security/cve/CVE-2023-39194.html

* https://www.suse.com/security/cve/CVE-2023-42754.html

* https://www.suse.com/security/cve/CVE-2023-4622.html

* https://www.suse.com/security/cve/CVE-2023-4623.html

* https://www.suse.com/security/cve/CVE-2023-4881.html

* https://www.suse.com/security/cve/CVE-2023-4921.html

* https://bugzilla.suse.com/show_bug.cgi?id=1109837

* https://bugzilla.suse.com/show_bug.cgi?id=1152446

* https://bugzilla.suse.com/show_bug.cgi?id=1154048

* https://bugzilla.suse.com/show_bug.cgi?id=1213016

* https://bugzilla.suse.com/show_bug.cgi?id=1214157

* https://bugzilla.suse.com/show_bug.cgi?id=1214380

* https://bugzilla.suse.com/show_bug.cgi?id=1214586

* https://bugzilla.suse.com/show_bug.cgi?id=1214940

* https://bugzilla.suse.com/show_bug.cgi?id=1214943

* https://bugzilla.suse.com/show_bug.cgi?id=1214945

* https://bugzilla.suse.com/show_bug.cgi?id=1214946

* https://bugzilla.suse.com/show_bug.cgi?id=1214948

* https://bugzilla.suse.com/show_bug.cgi?id=1214949

* https://bugzilla.suse.com/show_bug.cgi?id=1214950

* https://bugzilla.suse.com/show_bug.cgi?id=1214952

* https://bugzilla.suse.com/show_bug.cgi?id=1214953

* https://bugzilla.suse.com/show_bug.cgi?id=1215122

* https://bugzilla.suse.com/show_bug.cgi?id=1215136

* https://bugzilla.suse.com/show_bug.cgi?id=1215164

* https://bugzilla.suse.com/show_bug.cgi?id=1215165

* https://bugzilla.suse.com/show_bug.cgi?id=1215607

* https://bugzilla.suse.com/show_bug.cgi?id=1215877

* https://bugzilla.suse.com/show_bug.cgi?id=1215897

* https://bugzilla.suse.com/show_bug.cgi?id=1215898

Severity

Announcement ID: SUSE-SU-2023:4032-1

Rating: important

SUSE: 2023:4032-1 important: the Linux Kernel

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By