Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.3900 Security update for the Linux Kernel 12 July 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel Publisher: SUSE Operating System: SUSE Resolution: Patch/Upgrade CVE Names: CVE-2023-35824 CVE-2023-32269 CVE-2023-31436 CVE-2023-30772 CVE-2023-28772 CVE-2023-28464 CVE-2023-28328 CVE-2023-23455 CVE-2023-23454 CVE-2023-3161 CVE-2023-3159 CVE-2023-3141 CVE-2023-3090 CVE-2023-2513 CVE-2023-2194 CVE-2023-2162 CVE-2023-2124 CVE-2023-1998 CVE-2023-1990 CVE-2023-1989 CVE-2023-1670 CVE-2023-1611 CVE-2023-1513 CVE-2023-1390 CVE-2023-1380 CVE-2023-1249 CVE-2023-1118 CVE-2023-1095 CVE-2023-1077 CVE-2023-0590 CVE-2022-45919 CVE-2022-45887 CVE-2022-45886 CVE-2022-45885 CVE-2022-45884 CVE-2022-3566 CVE-2018-20784 CVE-2017-5753 Original Bulletin: https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1 Comment: CVSS (Max): 7.8 CVE-2023-3159 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2805-1 Rating: important o #1126703 o #1204405 o #1205756 o #1205758 o #1205760 o #1205762 o #1205803 o #1206878 o #1207036 o #1207125 o #1207168 o #1207795 o #1208600 o #1208777 o #1208837 o #1209008 o #1209039 o #1209052 o #1209256 o #1209287 o #1209289 References: o #1209291 o #1209532 o #1209549 o #1209687 o #1209871 o #1210329 o #1210336 o #1210337 o #1210498 o #1210506 o #1210647 o #1210715 o #1210940 o #1211105 o #1211186 o #1211449 o #1212128 o #1212129 o #1212154 o #1212501 o #1212842 o CVE-2017-5753 o CVE-2018-20784 o CVE-2022-3566 o CVE-2022-45884 o CVE-2022-45885 o CVE-2022-45886 o CVE-2022-45887 o CVE-2022-45919 o CVE-2023-0590 o CVE-2023-1077 o CVE-2023-1095 o CVE-2023-1118 o CVE-2023-1249 o CVE-2023-1380 o CVE-2023-1390 o CVE-2023-1513 o CVE-2023-1611 o CVE-2023-1670 o CVE-2023-1989 Cross-References: o CVE-2023-1990 o CVE-2023-1998 o CVE-2023-2124 o CVE-2023-2162 o CVE-2023-2194 o CVE-2023-23454 o CVE-2023-23455 o CVE-2023-2513 o CVE-2023-28328 o CVE-2023-28464 o CVE-2023-28772 o CVE-2023-30772 o CVE-2023-3090 o CVE-2023-3141 o CVE-2023-31436 o CVE-2023-3159 o CVE-2023-3161 o CVE-2023-32269 o CVE-2023-35824 o CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/ S:C/C:H/I:N/A:N o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2018-20784 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2018-20784 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2018-20784 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:N/I:N/A:H o CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:L/A:H o CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:N/A:N o CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:N/A:H o CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:L o CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:L/I:N/A:N o CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:N/A:H o CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/ S:U/C:N/I:N/A:H o CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ CVSS scores: S:U/C:H/I:H/A:H o CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:C/C:H/I:N/A:N o CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:N/A:N o CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:H/A:L o CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-28772 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N /S:U/C:H/I:H/A:H o CVE-2023-28772 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N /S:U/C:H/I:H/A:H o CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:L/A:H o CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:N/A:H o CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:H/I:H/A:H o CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H o CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N /S:U/C:N/I:N/A:H o CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/ S:U/C:H/I:H/A:H o CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N /S:U/C:N/I:N/A:H o CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/ S:U/C:H/I:H/A:H Affected o SUSE Linux Enterprise High Performance Computing 12 SP2 Products: o SUSE Linux Enterprise Server 12 SP2 o SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves 38 vulnerabilities and has four fixes can now be installed. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: o CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). o CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). o CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). o CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). o CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). o CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). o CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). o CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). o CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). o CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). o CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). o CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). o CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). o CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc# 1209289). o CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). o CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc# 1209687). o CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). o CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). o CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). o CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). o CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc# 1210498). o CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). o CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). o CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc# 1207036). o CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/ sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). o CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). o CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers /media/usb/dev-usb/az6027.c (bsc#1209291). o CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). o CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/ seq_buf.c (bsc#1209549). o CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). o CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). o CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/ memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). o CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). o CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). o CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). o CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). o CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/ pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: o Do not sign the vanilla kernel (bsc#1209008). o Drop dvb-core fix patch due to regression (bsc#1205758). o Revert CVE-2018-20784 due to regression (bsc#1126703). o binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). o bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). o bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336). o btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). o do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455). o ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). o ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513). o fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). o firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). o fix a mistake in the CVE-2023-0590 / bsc#1207795 backport o i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc# 1210715 CVE-2023-2194). o ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc #1207168). o ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). o kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753). o kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). o media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). o media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). o media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). o media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). o media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). o media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc# 1209291 CVE-2023-28328). o media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). o media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). o media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc #1205756). o media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118 bsc#1208837). o media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). o memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). o net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc# 1210940 CVE-2023-31436). o netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). o netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269). o nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). o power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329). o prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). o sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077). o scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162). o seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772). o tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566). o tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390). o wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc# 1209287 CVE-2023-1380). o x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). o xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). o xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670). Special Instructions and Notes: o Please reboot the system after installing this update. Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2805=1 Package List: o SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) kernel-default-4.4.121-92.205.1 o SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) kernel-syms-4.4.121-92.205.1 kernel-default-base-debuginfo-4.4.121-92.205.1 kernel-default-debuginfo-4.4.121-92.205.1 kernel-default-devel-4.4.121-92.205.1 kernel-default-base-4.4.121-92.205.1 kernel-default-debugsource-4.4.121-92.205.1 o SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) kernel-devel-4.4.121-92.205.1 kernel-macros-4.4.121-92.205.1 kernel-source-4.4.121-92.205.1 References: o https://www.suse.com/security/cve/CVE-2017-5753.html o https://www.suse.com/security/cve/CVE-2018-20784.html o https://www.suse.com/security/cve/CVE-2022-3566.html o https://www.suse.com/security/cve/CVE-2022-45884.html o https://www.suse.com/security/cve/CVE-2022-45885.html o https://www.suse.com/security/cve/CVE-2022-45886.html o https://www.suse.com/security/cve/CVE-2022-45887.html o https://www.suse.com/security/cve/CVE-2022-45919.html o https://www.suse.com/security/cve/CVE-2023-0590.html o https://www.suse.com/security/cve/CVE-2023-1077.html o https://www.suse.com/security/cve/CVE-2023-1095.html o https://www.suse.com/security/cve/CVE-2023-1118.html o https://www.suse.com/security/cve/CVE-2023-1249.html o https://www.suse.com/security/cve/CVE-2023-1380.html o https://www.suse.com/security/cve/CVE-2023-1390.html o https://www.suse.com/security/cve/CVE-2023-1513.html o https://www.suse.com/security/cve/CVE-2023-1611.html o https://www.suse.com/security/cve/CVE-2023-1670.html o https://www.suse.com/security/cve/CVE-2023-1989.html o https://www.suse.com/security/cve/CVE-2023-1990.html o https://www.suse.com/security/cve/CVE-2023-1998.html o https://www.suse.com/security/cve/CVE-2023-2124.html o https://www.suse.com/security/cve/CVE-2023-2162.html o https://www.suse.com/security/cve/CVE-2023-2194.html o https://www.suse.com/security/cve/CVE-2023-23454.html o https://www.suse.com/security/cve/CVE-2023-23455.html o https://www.suse.com/security/cve/CVE-2023-2513.html o https://www.suse.com/security/cve/CVE-2023-28328.html o https://www.suse.com/security/cve/CVE-2023-28464.html o https://www.suse.com/security/cve/CVE-2023-28772.html o https://www.suse.com/security/cve/CVE-2023-30772.html o https://www.suse.com/security/cve/CVE-2023-3090.html o https://www.suse.com/security/cve/CVE-2023-3141.html o https://www.suse.com/security/cve/CVE-2023-31436.html o https://www.suse.com/security/cve/CVE-2023-3159.html o https://www.suse.com/security/cve/CVE-2023-3161.html o https://www.suse.com/security/cve/CVE-2023-32269.html o https://www.suse.com/security/cve/CVE-2023-35824.html o https://bugzilla.suse.com/show_bug.cgiid=1126703 o https://bugzilla.suse.com/show_bug.cgiid=1204405 o https://bugzilla.suse.com/show_bug.cgiid=1205756 o https://bugzilla.suse.com/show_bug.cgiid=1205758 o https://bugzilla.suse.com/show_bug.cgiid=1205760 o https://bugzilla.suse.com/show_bug.cgiid=1205762 o https://bugzilla.suse.com/show_bug.cgiid=1205803 o https://bugzilla.suse.com/show_bug.cgiid=1206878 o https://bugzilla.suse.com/show_bug.cgiid=1207036 o https://bugzilla.suse.com/show_bug.cgiid=1207125 o https://bugzilla.suse.com/show_bug.cgiid=1207168 o https://bugzilla.suse.com/show_bug.cgiid=1207795 o https://bugzilla.suse.com/show_bug.cgiid=1208600 o https://bugzilla.suse.com/show_bug.cgiid=1208777 o https://bugzilla.suse.com/show_bug.cgiid=1208837 o https://bugzilla.suse.com/show_bug.cgiid=1209008 o https://bugzilla.suse.com/show_bug.cgiid=1209039 o https://bugzilla.suse.com/show_bug.cgiid=1209052 o https://bugzilla.suse.com/show_bug.cgiid=1209256 o https://bugzilla.suse.com/show_bug.cgiid=1209287 o https://bugzilla.suse.com/show_bug.cgiid=1209289 o https://bugzilla.suse.com/show_bug.cgiid=1209291 o https://bugzilla.suse.com/show_bug.cgiid=1209532 o https://bugzilla.suse.com/show_bug.cgiid=1209549 o https://bugzilla.suse.com/show_bug.cgiid=1209687 o https://bugzilla.suse.com/show_bug.cgiid=1209871 o https://bugzilla.suse.com/show_bug.cgiid=1210329 o https://bugzilla.suse.com/show_bug.cgiid=1210336 o https://bugzilla.suse.com/show_bug.cgiid=1210337 o https://bugzilla.suse.com/show_bug.cgiid=1210498 o https://bugzilla.suse.com/show_bug.cgiid=1210506 o https://bugzilla.suse.com/show_bug.cgiid=1210647 o https://bugzilla.suse.com/show_bug.cgiid=1210715 o https://bugzilla.suse.com/show_bug.cgiid=1210940 o https://bugzilla.suse.com/show_bug.cgiid=1211105 o https://bugzilla.suse.com/show_bug.cgiid=1211186 o https://bugzilla.suse.com/show_bug.cgiid=1211449 o https://bugzilla.suse.com/show_bug.cgiid=1212128 o https://bugzilla.suse.com/show_bug.cgiid=1212129 o https://bugzilla.suse.com/show_bug.cgiid=1212154 o https://bugzilla.suse.com/show_bug.cgiid=1212501 o https://bugzilla.suse.com/show_bug.cgiid=1212842 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZK4TL8kNZI30y1K9AQgllA//UpxFSlGvZDWJtfmyHe/Xg6adaDxA7zr1 mhKYyF8OXOer/LmPemCyRkqltXDL1SnT6JIA28abiQZo4L6FxacHhOE3C1eXlY0i 7HByp4c/u4d+So++9Of5paNX4lZAqnJqKjN3KKlJ3xWM5PSgWHknvoR5M3BEBSi2 nzFYmeZyOBukUlo5Hnt8Fay7BIQ3QPUAexlF/n08uafjbf2TRijMDvUG+HlM8UM7 6g83qAiuiArUSU55u0LepHn7yfrXX91Rjk+thOdbpqm9tCG/pL0Qc1I0B6yjLlZ2 awm6hFLli3xbYYVkz52GDBU5LDT3ZvNKdw8i1bYS1gRjI9njfF2/PeUiMt/48jxg prUuoC5MA1hNcTUnMUysNgR1NbZx4pxRfmnXraBg+IKhdnUR/JVQL8n2kSk0Nf5O fxMahjA9KdJt8nmgQCNEl34qif8qVtcwhPPTgmbEElR4sl2OE8memjhcixOjyTZb GRaPdYd4FPawq5jm6xOpjyN+ef4vKH7FP7LklA9YktaAO1gu5g86Mxgmw3neovn5 tRcv0V3zAZmjqmc48KotKg7cjEh+poIrZDnpxqyEFUbyX9zuW76k8ysnJ9ai0Xp1 PTa0dS6GCTSk4Bm/pMj0NVPMkKweaDxc+0F06nt4pVoOkIOtHIgxAuccLrxpP3ui PTdElM6SBIc= =0nMf -----END PGP SIGNATURE-----