-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.1626
                   Security update for the Linux Kernel
                               17 March 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-26545 CVE-2023-23559 CVE-2023-1118
                   CVE-2023-0597 CVE-2022-38096 CVE-2022-4129

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2023/suse-su-20230762-1

Comment: CVSS (Max):  7.0 CVE-2023-26545 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for the Linux Kernel

Announcement ID:  SUSE-SU-2023:0762-1
     Rating:      important
                    o #1065729
                    o #1198438
                    o #1203331
                    o #1205711
                    o #1206103
                    o #1207051
   References:      o #1207845
                    o #1208179
                    o #1208542
                    o #1208700
                    o #1208837
                    o #1209008
                    o #1209188

                    o CVE-2022-38096
                    o CVE-2022-4129
                    o CVE-2023-0597
Cross-References:   o CVE-2023-1118
                    o CVE-2023-23559
                    o CVE-2023-26545

                    o CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-4129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-4129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:H/I:N/A:N
                    o CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:H/I:N/A:N
  CVSS scores:      o CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                      S:U/C:H/I:H/A:H
                    o CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:H/I:H/A:H
                    o CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
                      /S:U/C:H/I:H/A:L
                    o CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:H/I:H/A:H
                    o CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
                      /S:U/C:H/I:H/A:H
                    o CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:H/I:H/A:H

    Affected        o SUSE Linux Enterprise High Performance Computing 12 SP5
    Products:       o SUSE Linux Enterprise Server 12 SP5
                    o SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves six vulnerabilities and has seven fixes can now be
installed.

Description:

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  o CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#
    1203331).
  o CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling
    Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a
    race condition and NULL pointer dereference. (bsc#1205711)
  o CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm
    (bsc#1207845).
  o CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in
    media/rc (bsc#1208837).
  o CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer
    overflow (bsc#1207051).
  o CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation
    failure (bsc#1208700).

The following non-security bugs were fixed:

  o bonding: fix 802.3ad state sent to partner when unbinding slave
    (git-fixes).
  o do not sign the vanilla kernel (bsc#1209008).
  o icmp: do not fail on fragment reassembly time exceeded (git-fixes).
  o ipmi: fix initialization when workqueue allocation fails (git-fixes).
  o ipmi: msghandler: Make symbol 'remove_work_wq' static (git-fixes).
  o kabi fix for - SUNRPC: Fix priority queue fairness (git-fixes).
  o kabi fix for: NFS: Pass error information to the pgio error cleanup routine
    (git-fixes).
  o kabi/severities: add l2tp local symbols
  o kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
    When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which
    sets the variable for a simple command. However, the script is no longer a
    simple command. Export the variable instead.
  o media: coda: Add check for dcoda_iram_alloc (git-fixes).
  o media: coda: Add check for kmalloc (git-fixes).
  o media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
  o net: aquantia: fix RSS table and key sizes (git-fixes).
  o netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
  o netfilter: xt_connlimit: do not store address in the conn nodes
    (git-fixes).
  o nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
    (git-fixes).
  o nfs: Pass error information to the pgio error cleanup routine (git-fixes).
  o nfsd: fix handling of readdir in v4root vs. mount upcall timeout
    (git-fixes).
  o nfsd: fix race to check ls_layouts (git-fixes).
  o nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
    (git-fixes).
  o ocfs2: Fix data corruption after failed write (bsc#1208542).
  o pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
  o powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
  o powerpc/fscr: Enable interrupts earlier before calling get_user() (bsc#
    1065729).
  o powerpc/powernv: Fix build error in opal-imc.c when NUMA=n (bsc#1065729).
  o powerpc/powernv: IMC fix out of bounds memory access at shutdown (bsc#
    1065729).
  o scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#
    1206103).
  o sunrpc: Fix priority queue fairness (git-fixes).
  o sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).
  o vlan: Fix out of order vlan headers with reorder header off (git-fixes).
  o vlan: Fix vlan insertion for packets without ethernet header (git-fixes).
  o vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
  o vxlan: changelink: Fix handling of default remotes (git-fixes).
  o xfrm: Copy policy family in clone_policy (git-fixes).

Special Instructions and Notes:

  o Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP Applications 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1
  o SUSE Linux Enterprise High Performance Computing 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1
  o SUSE Linux Enterprise Server 12 SP5
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-762=1

Package List:

  o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64)
       kernel-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
       kernel-azure-base-debuginfo-4.12.14-16.127.1
       kernel-azure-debugsource-4.12.14-16.127.1
       kernel-azure-devel-4.12.14-16.127.1
       kernel-azure-debuginfo-4.12.14-16.127.1
       kernel-azure-base-4.12.14-16.127.1
       kernel-syms-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
       kernel-devel-azure-4.12.14-16.127.1
       kernel-source-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64)
       kernel-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
       kernel-azure-base-debuginfo-4.12.14-16.127.1
       kernel-azure-debugsource-4.12.14-16.127.1
       kernel-azure-devel-4.12.14-16.127.1
       kernel-azure-debuginfo-4.12.14-16.127.1
       kernel-azure-base-4.12.14-16.127.1
       kernel-syms-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
       kernel-devel-azure-4.12.14-16.127.1
       kernel-source-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64)
       kernel-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise Server 12 SP5 (x86_64)
       kernel-azure-base-debuginfo-4.12.14-16.127.1
       kernel-azure-debugsource-4.12.14-16.127.1
       kernel-azure-devel-4.12.14-16.127.1
       kernel-azure-debuginfo-4.12.14-16.127.1
       kernel-azure-base-4.12.14-16.127.1
       kernel-syms-azure-4.12.14-16.127.1
  o SUSE Linux Enterprise Server 12 SP5 (noarch)
       kernel-devel-azure-4.12.14-16.127.1
       kernel-source-azure-4.12.14-16.127.1

References:

  o https://www.suse.com/security/cve/CVE-2022-38096.html
  o https://www.suse.com/security/cve/CVE-2022-4129.html
  o https://www.suse.com/security/cve/CVE-2023-0597.html
  o https://www.suse.com/security/cve/CVE-2023-1118.html
  o https://www.suse.com/security/cve/CVE-2023-23559.html
  o https://www.suse.com/security/cve/CVE-2023-26545.html
  o https://bugzilla.suse.com/show_bug.cgiid=1065729
  o https://bugzilla.suse.com/show_bug.cgiid=1198438
  o https://bugzilla.suse.com/show_bug.cgiid=1203331
  o https://bugzilla.suse.com/show_bug.cgiid=1205711
  o https://bugzilla.suse.com/show_bug.cgiid=1206103
  o https://bugzilla.suse.com/show_bug.cgiid=1207051
  o https://bugzilla.suse.com/show_bug.cgiid=1207845
  o https://bugzilla.suse.com/show_bug.cgiid=1208179
  o https://bugzilla.suse.com/show_bug.cgiid=1208542
  o https://bugzilla.suse.com/show_bug.cgiid=1208700
  o https://bugzilla.suse.com/show_bug.cgiid=1208837
  o https://bugzilla.suse.com/show_bug.cgiid=1209008
  o https://bugzilla.suse.com/show_bug.cgiid=1209188

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZBPxKckNZI30y1K9AQg5BQ/8CYQuz2R8GVikfl7GiJjAdMB/pCFTG2h5
hbHO2OGMPOQswtcQO6K6hQGeblziYiNd5DnBIwQe7/rCdgq8HUfkH7cCktKGxa1Q
RbPTok8WKRaPLDif+KKpOsmpGrrSXxGKSORCITEnZsImRA9k+usBg4h/H3kfIpLb
C1hqJn2EJTt+tAQgs0Y/1r5V39UIn73FzQBMJzMS0ykK859ROopNaixLpik11ZfF
nGRpnvZICLlA5WAr4ACdxWVz3/Y8AyIbvIEcV2cIjXUwbRABot5ZV4cNKGGVzebW
xg0p8pe+zBGIiovEQx/Tmew45+1labExrbbUAlMebGKIiVDWp7zDY5MZFRswsza0
LQMMiULuhrbW5E4e1I4q0WOotNPhS0gXmVbn0L49CRNHzeXRqdIqCUqfe260aAs4
L7zsUAR4rz4ad7PsSWEaqTQeSUqiKDLeoq6Gtr/VCgyW5ho48rMZROJni/C4GeaZ
H+Qk+AfGyxjYZowW4XYG3A33MIAjIcR0NMqcbts3Wj4QLd2KphrY+JMoV2SF0hVU
vdeFg1McunycB8WJ/O8jVvN7nL44jZOUCdv086AFRZzCrRDnz2zS3pokrWe1mY6g
mPxKypu54etlExQmjqjmpkadKKREuNgBSrLXJ/Kq/gTLyFvnZzG6rgdW00ATa7zg
itJA/d0ItYo=
=xBp/
-----END PGP SIGNATURE-----