Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.3902
Security update for the Linux Kernel
12 July 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-35824 CVE-2023-3358 CVE-2023-3268
CVE-2023-3161 CVE-2023-3159 CVE-2023-3141
CVE-2023-3111 CVE-2023-3090 CVE-2023-2002
CVE-2023-1637 CVE-2023-1249 CVE-2023-1079
CVE-2023-1077
Original Bulletin:
https://www.suse.com/support/update/announcement/2023/suse-su-20232804-1
Comment: CVSS (Max): 7.8 CVE-2023-3159 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:2804-1
Rating: important
o #1065729
o #1160435
o #1172073
o #1174852
o #1190317
o #1191731
o #1199046
o #1205758
o #1208600
o #1208604
o #1209039
o #1209779
o #1210533
o #1210791
o #1211089
o #1211519
o #1211796
o #1212051
o #1212128
o #1212129
References: o #1212154
o #1212158
o #1212164
o #1212165
o #1212167
o #1212170
o #1212173
o #1212175
o #1212185
o #1212236
o #1212240
o #1212244
o #1212266
o #1212443
o #1212501
o #1212502
o #1212606
o #1212701
o #1212842
o #1212938
o CVE-2023-1077
o CVE-2023-1079
o CVE-2023-1249
o CVE-2023-1637
o CVE-2023-2002
o CVE-2023-3090
Cross-References: o CVE-2023-3111
o CVE-2023-3141
o CVE-2023-3159
o CVE-2023-3161
o CVE-2023-3268
o CVE-2023-3358
o CVE-2023-35824
o CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:L/A:H
o CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/
S:U/C:L/I:L/A:L
o CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:N
o CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/
S:U/C:L/I:L/A:H
o CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
S:U/C:H/I:H/A:H
CVSS scores: o CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:L/A:H
o CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:H
o CVE-2023-3159 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-3159 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
S:U/C:H/I:H/A:H
o CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:L
o CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:H/I:N/A:H
o CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-35824 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-35824 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
S:U/C:H/I:H/A:H
Affected o SUSE Linux Enterprise High Performance Computing 12 SP5
Products: o SUSE Linux Enterprise Real Time 12 SP5
o SUSE Linux Enterprise Server 12 SP5
An update that solves 13 vulnerabilities, contains one feature and has 27 fixes
can now be installed.
Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network
driver (bsc#1212842).
o CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate
in fs/btrfs/relocation.c (bsc#1212051).
o CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated
Sensor Hub (ISH) driver (bsc#1212606).
o CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that
allowed a local user to crash the system (bsc#1209039).
o CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in
relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
o CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized
execution of management commands, compromising the confidentiality,
integrity, and availability of Bluetooth communication (bsc#1210533).
o CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/
pci/dm1105/dm1105.c (bsc#1212501).
o CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
o CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/
memstick/host/r592.c, that allowed local attackers to crash the system at
device disconnect (bsc#1212129).
o CVE-2023-3159: Fixed use-after-free issue in driver/firewire in
outbound_phy_packet_callback (bsc#1212128).
o CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could
cause memory corruption (bsc#1208600).
o CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access
to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
o CVE-2023-1079: Fixed a use-after-free problem that could have been
triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious
USB device (bsc#1208604).
The following non-security bugs were fixed:
o Decrease the number of SMB3 smbdirect client SGEs (bsc#1190317).
o Drop dvb-core fix patch due to bug (bsc#1205758).
o Fix formatting of client smbdirect RDMA logging (bsc#1190317).
o Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
o Fix usrmerge error (boo#1211796)
o Handle variable number of SGEs in client smbdirect send (bsc#1190317).
o Reduce client smbdirect max receive segment size (bsc#1190317).
o Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
o affs: initialize fsdata in affs_truncate() (git-fixes).
o bnx2x: Check if transceiver implements DDM before access (git-fixes).
o bnxt_en: Fix mqprio and XDP ring checking logic (git-fixes).
o bnxt_en: Fix typo in PCI id to device description string mapping
(git-fixes).
o bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
o bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
o bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
(git-fixes).
o bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
(git-fixes).
o bnxt_en: reclaim max resources if sriov enable fails (git-fixes).
o bonding: show full hw address in sysfs for slave entries (git-fixes).
o cdc-ncm: avoid overflow in sanity checking (git-fixes).
o ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#
1212938).
o cifs: Add helper function to check smb1+ server (bsc#1190317).
o cifs: Convert struct fealist away from 1-element array (bsc#1190317).
o cifs: Fix connections leak when tlink setup failed (bsc#1190317).
o cifs: Fix lost destroy smbd connection when MR allocate failed (bsc#
1190317).
o cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#
1190317).
o cifs: Fix oops due to uncleared server->smbd_conn in reconnect (bsc#
1190317).
o cifs: Fix pages array leak when writedata alloc failed in
cifs_writedata_alloc() (bsc#1190317).
o cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter()
(bsc#1190317).
o cifs: Fix smb2_set_path_size() (bsc#1190317).
o cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#
1190317).
o cifs: Fix uninitialized memory read for smb311 posix symlink create (bsc#
1190317).
o cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1190317).
o cifs: Fix uninitialized memory reads for oparms.mode (bsc#1190317).
o cifs: Fix use-after-free in rdata->read_into_pages() (bsc#1190317).
o cifs: Fix warning and UAF when destroy the MR list (bsc#1190317).
o cifs: Fix wrong return value checking when GETFLAGS (bsc#1190317).
o cifs: Fix xid leak in cifs_copy_file_range() (bsc#1190317).
o cifs: Fix xid leak in cifs_create() (bsc#1190317).
o cifs: Fix xid leak in cifs_flock() (bsc#1190317).
o cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#
1190317).
o cifs: Move the in_send statistic to __smb_send_rqst() (bsc#1190317).
o cifs: Remove duplicated include in cifsglob.h (bsc#1190317).
o cifs: Replace zero-length arrays with flexible-array members (bsc#1190317).
o cifs: Spelling s/EACCESS/EACCES/ (bsc#1190317).
o cifs: Use help macro to get the header preamble size (bsc#1190317).
o cifs: Use help macro to get the mid header size (bsc#1190317).
o cifs: Use kstrtobool() instead of strtobool() (bsc#1190317).
o cifs: add check for returning value of SMB2_close_init (bsc#1190317).
o cifs: add check for returning value of SMB2_set_info_init (bsc#1190317).
o cifs: add missing spinlock around tcon refcount (bsc#1190317).
o cifs: always initialize struct msghdr smb_msg completely (bsc#1190317).
o cifs: avoid re-lookups in dfs_cache_find() (bsc#1190317).
o cifs: avoid use of global locks for high contention data (bsc#1190317).
o cifs: destage dirty pages before re-reading them for cache=none (bsc#
1190317).
o cifs: do not include page data when checking signature (bsc#1190317).
o cifs: do not send down the destination address to sendmsg for a SOCK_STREAM
(bsc#1190317).
o cifs: do not take exclusive lock for updating target hints (bsc#1190317).
o cifs: do not try to use rdma offload on encrypted connections (bsc#
1190317).
o cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1190317).
o cifs: fix confusing debug message (bsc#1190317).
o cifs: fix double free on failed kerberos auth (bsc#1190317).
o cifs: fix double-fault crash during ntlmssp (bsc#1190317).
o cifs: fix indentation in make menuconfig options (bsc#1190317).
o cifs: fix memory leaks in session setup (bsc#1190317).
o cifs: fix missing display of three mount options (bsc#1190317).
o cifs: fix mount on old smb servers (bsc#1190317).
o cifs: fix oops during encryption (bsc#1190317).
o cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1190317).
o cifs: fix potential deadlock in cache_refresh_path() (bsc#1190317).
o cifs: fix potential memory leaks in session setup (bsc#1190317).
o cifs: fix race in assemble_neg_contexts() (bsc#1190317).
o cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#
1190317).
o cifs: fix small mempool leak in SMB2_negotiate() (bsc#1190317).
o cifs: fix use-after-free caused by invalid pointer hostname (bsc#1190317).
o cifs: fix various whitespace errors in headers (bsc#1190317).
o cifs: get rid of dns resolve worker (bsc#1190317).
o cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1190317).
o cifs: handle cache lookup errors different than -ENOENT (bsc#1190317).
o cifs: ignore ipc reconnect failures during dfs failover (bsc#1190317).
o cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1190317).
o cifs: lease key is uninitialized in smb1 paths (bsc#1190317).
o cifs: lease key is uninitialized in two additional functions when smb1 (bsc
#1190317).
o cifs: match even the scope id for ipv6 addresses (bsc#1190317).
o cifs: minor cleanup of some headers (bsc#1190317).
o cifs: misc: fix spelling typo in comment (bsc#1190317).
o cifs: prevent copying past input buffer boundaries (bsc#1190317).
o cifs: prevent data race in cifs_reconnect_tcon() (bsc#1190317).
o cifs: prevent data race in smb2_reconnect() (bsc#1190317).
o cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1190317).
o cifs: print last update time for interface list (bsc#1190317).
o cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1190317).
o cifs: remove ->writepage (bsc#1190317).
o cifs: remove duplicate code in __refresh_tcon() (bsc#1190317).
o cifs: remove initialization value (bsc#1190317).
o cifs: remove redundant assignment to the variable match (bsc#1190317).
o cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#
1190317).
o cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1190317).
o cifs: return correct error in ->calc_signature() (bsc#1190317).
o cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1190317).
o cifs: revalidate mapping when doing direct writes (bsc#1190317).
o cifs: sanitize paths in cifs_update_super_prepath (bsc#1190317).
o cifs: secmech: use shash_desc directly, remove sdesc (bsc#1190317).
o cifs: set correct ipc status after initial tree connect (bsc#1190317).
o cifs: set correct tcon status after initial tree connect (bsc#1190317).
o cifs: set resolved ip in sockaddr (bsc#1190317).
o cifs: skip alloc when request has no pages (bsc#1190317).
o cifs: skip extra NULL byte in filenames (bsc#1190317).
o cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#
1190317).
o cifs: split out smb3_use_rdma_offload() helper (bsc#1190317).
o cifs: stop using generic_writepages (bsc#1190317).
o cifs: update Kconfig description (bsc#1190317).
o cifs: update internal module number (bsc#1190317).
o cifs: update internal module number (bsc#1190317).
o cifs: use ALIGN() and round_up() macros (bsc#1190317).
o cifs: use stub posix acl handlers (bsc#1190317).
o cifs_atomic_open(): fix double-put on late allocation failure (bsc#
1190317).
o coda: add error handling for fget (git-fixes).
o coda: fix build using bare-metal toolchain (git-fixes).
o coda: pass the host file in vma->vm_file on mmap (git-fixes).
o cxgb4: fix a memory leak bug (git-fixes).
o dim: initialize all struct fields (bsc#1174852).
o e1000e: Correct NVM checksum verification flow (git-fixes).
o e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
o e1000e: Fix TX dispatch condition (git-fixes).
o e1000e: Fix possible overflow in LTR decoding (git-fixes).
o fs/adfs: super: fix use-after-free bug (git-fixes).
o fs/affs: release old buffer head on error path (git-fixes).
o fs/hfs/extent.c: fix array out of bounds read of array extent (git-fixes).
o fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in
dlm_print_one_mle() (git-fixes).
o fs/ufs: avoid potential u32 multiplication overflow (git-fixes).
o fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
o fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_info_scan_inode_alloc() (git-fixes).
o fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_write_end_nolock() (git-fixes).
o fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
o google/gve:fix repeated words in comments (bsc#1211519).
o gve: Adding a new AdminQ command to verify driver (bsc#1211519).
o gve: Cache link_speed value from device (bsc#1211519).
o gve: Fix GFP flags when allocing pages (bsc#1211519).
o gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
o gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
o gve: Handle alternate miss completions (bsc#1211519).
o gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
o gve: Remove the code of clearing PBA bit (bsc#1211519).
o gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#
1211519).
o gve: enhance no queue page list detection (bsc#1211519).
o hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
(git-fixes).
o hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
o hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
o hfs: add lock nesting notation to hfs_find_init (git-fixes).
o hfs: add missing clean-up in hfs_fill_super (git-fixes).
o hfs: fix BUG on bnode parent update (git-fixes).
o hfs: fix OOB Read in __hfs_brec_find (git-fixes).
o hfs: fix high memory mapping in hfs_bnode_read (git-fixes).
o hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
o hfs: fix return value of hfs_get_block() (git-fixes).
o hfs: prevent btree data loss on ENOSPC (git-fixes).
o hfs: update timestamp on truncate() (git-fixes).
o hfsplus: fix BUG on bnode parent update (git-fixes).
o hfsplus: fix bug causing custom uid and gid being unable to be assigned
with mount (git-fixes).
o hfsplus: fix crash and filesystem corruption when deleting files
(git-fixes).
o hfsplus: fix return value of hfsplus_get_block() (git-fixes).
o hfsplus: prevent btree data loss on ENOSPC (git-fixes).
o hfsplus: update timestamps on truncate() (git-fixes).
o igb: Add lock to avoid data race (git-fixes).
o igb: Allocate MSI-X vector when testing (git-fixes).
o igb: Enable SR-IOV after reinit (git-fixes).
o igb: Initialize mailbox message for VF reset (git-fixes).
o igb: Make DMA faster when CPU is active on the PCIe link (git-fixes).
o igb: fix bit_shift to be in [1..8] range (git-fixes).
o igb: fix netpoll exit with traffic (git-fixes).
o igb: fix nvm.ops.read() error handling (git-fixes).
o igb: skip phy status check where unavailable (git-fixes).
o igbvf: Regard vf reset nack as success (git-fixes).
o igbvf: fix double free in igbvf_probe (git-fixes).
o igc: Fix BUG: scheduling while atomic (git-fixes).
o igc: Fix infinite loop in release_swfw_sync (git-fixes).
o igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
o igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
o intel/igbvf: free irq on the error path in igbvf_request_msix()
(git-fixes).
o ipv4: fix uninit-value in ip_route_output_key_hash_rcu() (git-fixes).
o ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
(git-fixes).
o ixgbe: Allow flow hash to be set via ethtool (git-fixes).
o ixgbe: Check DDM existence in transceiver before access (git-fixes).
o ixgbe: Enable setting RSS table to default values (git-fixes).
o ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
(git-fixes).
o ixgbe: ensure IPsec VF<->PF compatibility (git-fixes).
o ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes).
o ixgbe: fix pci device refcount leak (git-fixes).
o ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
o ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
o ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (git-fixes).
o kernel-binary: Add back kernel-default-base guarded by option Add configsh
option for splitting off kernel-default-base, and for not signing the
kernel on non-efi
o kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
o kernel-source: Remove unused macro variant_symbols
o kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full
length release, no provides
o kprobes: Do not call BUG_ON() if there is a kprobe in use on free list
(git-fixes).
o kprobes: Do not use local variable when creating debugfs file (git-fixes).
o kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes).
o kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
o kprobes: Fix error check when reusing optimized probes (git-fixes).
o kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
(git-fixes).
o kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
(git-fixes).
o kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
(git-fixes).
o kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
(git-fixes).
o kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
o kprobes: Prohibit probes in gate area (git-fixes).
o kprobes: Prohibit probing on BUG() and WARN() address (git-fixes).
o kprobes: Remove pointless BUG_ON() from reuse_unused_kprobe() (git-fixes).
o kprobes: Set unoptimized flag after unoptimizing code (git-fixes).
o kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y
(git-fixes).
o kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
o kprobes: fix kill kprobe which has been marked as gone (git-fixes).
o kretprobe: Avoid re-registration of the same kretprobe earlier (git-fixes).
o l2tp: hold reference on tunnels in netlink dumps (git-fixes).
o l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file
(git-fixes).
o l2tp: hold reference on tunnels printed in pppol2tp proc file (git-fixes).
o mlx5: count all link events (git-fixes).
o net/ethernet/qlogic/qed: force the string buffer NULL-terminated
(git-fixes).
o net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
o net/mlx4_core: Fix return codes of unsupported operations (git-fixes).
o net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
o net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
(git-fixes).
o net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
(git-fixes).
o net/mlx4_en: Resolve bad operstate value (git-fixes).
o net/usb/drivers: Remove useless hrtimer_active check (git-fixes).
o net: altera_tse: fix connect_local_phy error path (git-fixes).
o net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
(git-fixes).
o net: axienet: Fix race condition causing TX hang (git-fixes).
o net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
o net: cdc_ncm: remove set but not used variable 'ctx' (git-fixes).
o net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
(git-fixes).
o net: dev: Use unsigned integer as an argument to left-shift (git-fixes).
o net: dsa: bcm_sf2: Turn on PHY to allow successful registration
(git-fixes).
o net: fec: fix rare tx timeout (git-fixes).
o net: fix warning in af_unix (git-fixes).
o net: hisilicon: Fix "Trying to free already-free IRQ" (git-fixes).
o net: hisilicon: remove unexpected free_netdev (git-fixes).
o net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (git-fixes).
o net: ibm: fix possible object reference leak (git-fixes).
o net: ks8851: Dequeue RX packets explicitly (git-fixes).
o net: macb: Clean 64b dma addresses if they are not detected (git-fixes).
o net: marvell: mvneta: fix DMA debug warning (git-fixes).
o net: myri10ge: fix memory leaks (git-fixes).
o net: netxen: fix a missing check and an uninitialized use (git-fixes).
o net: set static variable an initial value in atl2_probe() (git-fixes).
o net: stmmac: do not log oversized frames (git-fixes).
o net: stmmac: fix dropping of multi-descriptor RX frames (git-fixes).
o net: thunderx: make CFG_DONE message to run through generic send-ack
sequence (git-fixes).
o net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
o netfilter: x_tables: add and use xt_check_proc_name (git-fixes).
o netlabel: If PF_INET6, check sk_buff ip header version (git-fixes).
o ocfs2/dlm: do not handle migrate lockres if already in shutdown
(git-fixes).
o ocfs2: call journal flush to mark journal as empty after journal recovery
when mount (git-fixes).
o ocfs2: clear dinode links count in case of error (git-fixes).
o ocfs2: clear journal dirty flag after shutdown journal (git-fixes).
o ocfs2: clear zero in unaligned direct IO (git-fixes).
o ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (git-fixes).
o ocfs2: do not clear bh uptodate for block read (git-fixes).
o ocfs2: do not put and assigning null to bh allocated outside (git-fixes).
o ocfs2: fix BUG when iput after ocfs2_mknod fails (git-fixes).
o ocfs2: fix a NULL pointer dereference when call
ocfs2_update_inode_fsync_trans() (git-fixes).
o ocfs2: fix a panic problem caused by o2cb_ctl (git-fixes).
o ocfs2: fix clusters leak in ocfs2_defrag_extent() (git-fixes).
o ocfs2: fix deadlock caused by ocfs2_defrag_extent() (git-fixes).
o ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
o ocfs2: fix memory leak in ocfs2_stack_glue_init() (git-fixes).
o ocfs2: fix non-auto defrag path not working issue (git-fixes).
o ocfs2: fix panic due to unrecovered local alloc (git-fixes).
o ocfs2: fix potential use after free (git-fixes).
o ocfs2: remove set but not used variable 'last_hash' (git-fixes).
o ocfs2: take inode cluster lock before moving reflinked inode from orphan
dir (git-fixes).
o ocfs2: wait for recovering done after direct unlock request (git-fixes).
o openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS (git-fixes).
o pci/msi: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
o pci/msi: Destroy sysfs before freeing entries (git-fixes).
o pci/msi: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes).
o pci/msi: Mask MSI-X vectors only on success (git-fixes).
o pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
o pci: aardvark: Clear all MSIs at setup (git-fixes).
o pci: aardvark: Do not clear status bits of masked interrupts (git-fixes).
o pci: aardvark: Do not unmask unused interrupts (git-fixes).
o pci: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
o pci: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
o pci: aardvark: Replace custom macros by standard linux/pci_regs.h macros
(git-fixes).
o pci: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
o pci: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes).
o powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
o powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#
1212701).
o put quirk_disable_autosuspend into a hole (git-fixes).
o qed: Add cleanup in qed_slowpath_start() (git-fixes).
o qed: RDMA - Fix the hw_ver returned in device attributes (git-fixes).
o reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
o reiserfs: Add security prefix to xattr name in reiserfs_security_write()
(git-fixes).
o reiserfs: Fix memory leak in reiserfs_parse_options() (git-fixes).
o reiserfs: add check for invalid 1st journal block (git-fixes).
o reiserfs: add check for root_inode in reiserfs_fill_super (git-fixes).
o reiserfs: change j_timestamp type to time64_t (git-fixes).
o reiserfs: check directory items on read from disk (git-fixes).
o reiserfs: only call unlock_new_inode() if I_NEW (git-fixes).
o reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
(git-fixes).
o reiserfs: propagate errors from fill_with_dentries() properly (git-fixes).
o revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
(git-fixes).
o rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857)
For smooth migration with the former kernel-preempt user, kernel-default
provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
o rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
o rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP
Provides (bsc#1199046)
o rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#
1160435)
o s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1212185).
o s390/dasd: Use correct lock while counting channel queue length (LTC#202775
bsc#1212443).
o s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#
1212165).
o s390/dasd: fix no record found for raw_track_access (git-fixes bsc#
1212266).
o s390/kasan: avoid vdso instrumentation (git-fixes bsc#1212244).
o s390/kprobes: fix current_kprobe never cleared after kprobes reenter
(git-fixes bsc#1212167).
o s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
(git-fixes bsc#1212170).
o s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1212173).
o s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1212175).
o s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#
1212164).
o s390/smsgiucv: disable SMSG on module unload (git-fixes bsc#1212236).
o samples/kretprobes: Fix return value if register_kretprobe() failed
(git-fixes).
o sched/core: Use smp_mb() in wake_woken_function() (git-fixes)
o sched/fair: Fix util_avg of new tasks for asymmetric systems (git-fixes)
o scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
o scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
o scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
o scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
(git-fixes).
o scsi: ipr: Work around fortify-string warning (git-fixes).
o scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev()
(git-fixes).
o scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (git-fixes).
o scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
o scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
o scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
o scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
(git-fixes).
o scsi: mpt3sas: Fix a memory leak (git-fixes).
o scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
o scsi: ses: Do not attach if enclosure has no components (git-fixes).
o scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
o scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
o scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
(git-fixes).
o scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
o scsi: zfcp: assert that the ERP lock is held when tracing a recovery
trigger (git-fixes bsc#1212240).
o sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
(git-fixes).
o smb3: fix oops in calculating shash_setkey (bsc#1190317).
o smb3: fix problem remounting a share after shutdown (bsc#1190317).
o smb3: fix temporary data corruption in collapse range (bsc#1190317).
o smb3: fix temporary data corruption in insert range (bsc#1190317).
o smb3: improve SMB3 change notification support (bsc#1190317).
o smb3: must initialize two ACL struct fields to zero (bsc#1190317).
o smb3: rename encryption/decryption TFMs (bsc#1190317).
o squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
o sysv: use BUILD_BUG_ON instead of runtime check (git-fixes).
o uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
headers (git-fixes).
o update internal module version number for cifs.ko (bsc#1190317).
o usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
o usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
o usb: hub: Fix the broken detection of USB3 device in SMSC hub (git-fixes).
o usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
o usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
o usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
o usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
controller.
o usb: xhci: rework grace period logic (git-fixes).
o usrmerge: Compatibility with earlier rpm (boo#1211796)
o vrf: mark skb for multicast or link-local as enslaved to VRF (git-fixes).
o x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
(git-fixes).
o x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe
range (git-fixes).
o xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
(git-fixes).
o xfs: fix rm_offset flag handling in rmap keys (git-fixes).
o xhci: Add grace period after xHC start to prevent premature runtime suspend
(git-fixes).
Special Instructions and Notes:
o Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Real Time 12 SP5
zypper in -t patch SUSE-SLE-RT-12-SP5-2023-2804=1
Package List:
o SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
dlm-kmp-rt-debuginfo-4.12.14-10.130.1
kernel-rt-devel-4.12.14-10.130.1
gfs2-kmp-rt-debuginfo-4.12.14-10.130.1
gfs2-kmp-rt-4.12.14-10.130.1
dlm-kmp-rt-4.12.14-10.130.1
kernel-syms-rt-4.12.14-10.130.1
kernel-rt-base-4.12.14-10.130.1
kernel-rt_debug-debugsource-4.12.14-10.130.1
kernel-rt_debug-devel-4.12.14-10.130.1
kernel-rt-debuginfo-4.12.14-10.130.1
cluster-md-kmp-rt-4.12.14-10.130.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.130.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.130.1
kernel-rt-base-debuginfo-4.12.14-10.130.1
kernel-rt-devel-debuginfo-4.12.14-10.130.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.130.1
kernel-rt_debug-debuginfo-4.12.14-10.130.1
ocfs2-kmp-rt-4.12.14-10.130.1
kernel-rt-debugsource-4.12.14-10.130.1
o SUSE Linux Enterprise Real Time 12 SP5 (noarch)
kernel-source-rt-4.12.14-10.130.1
kernel-devel-rt-4.12.14-10.130.1
o SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
kernel-rt-4.12.14-10.130.1
kernel-rt_debug-4.12.14-10.130.1
References:
o https://www.suse.com/security/cve/CVE-2023-1077.html
o https://www.suse.com/security/cve/CVE-2023-1079.html
o https://www.suse.com/security/cve/CVE-2023-1249.html
o https://www.suse.com/security/cve/CVE-2023-1637.html
o https://www.suse.com/security/cve/CVE-2023-2002.html
o https://www.suse.com/security/cve/CVE-2023-3090.html
o https://www.suse.com/security/cve/CVE-2023-3111.html
o https://www.suse.com/security/cve/CVE-2023-3141.html
o https://www.suse.com/security/cve/CVE-2023-3159.html
o https://www.suse.com/security/cve/CVE-2023-3161.html
o https://www.suse.com/security/cve/CVE-2023-3268.html
o https://www.suse.com/security/cve/CVE-2023-3358.html
o https://www.suse.com/security/cve/CVE-2023-35824.html
o https://bugzilla.suse.com/show_bug.cgiid=1065729
o https://bugzilla.suse.com/show_bug.cgiid=1160435
o https://bugzilla.suse.com/show_bug.cgiid=1172073
o https://bugzilla.suse.com/show_bug.cgiid=1174852
o https://bugzilla.suse.com/show_bug.cgiid=1190317
o https://bugzilla.suse.com/show_bug.cgiid=1191731
o https://bugzilla.suse.com/show_bug.cgiid=1199046
o https://bugzilla.suse.com/show_bug.cgiid=1205758
o https://bugzilla.suse.com/show_bug.cgiid=1208600
o https://bugzilla.suse.com/show_bug.cgiid=1208604
o https://bugzilla.suse.com/show_bug.cgiid=1209039
o https://bugzilla.suse.com/show_bug.cgiid=1209779
o https://bugzilla.suse.com/show_bug.cgiid=1210533
o https://bugzilla.suse.com/show_bug.cgiid=1210791
o https://bugzilla.suse.com/show_bug.cgiid=1211089
o https://bugzilla.suse.com/show_bug.cgiid=1211519
o https://bugzilla.suse.com/show_bug.cgiid=1211796
o https://bugzilla.suse.com/show_bug.cgiid=1212051
o https://bugzilla.suse.com/show_bug.cgiid=1212128
o https://bugzilla.suse.com/show_bug.cgiid=1212129
o https://bugzilla.suse.com/show_bug.cgiid=1212154
o https://bugzilla.suse.com/show_bug.cgiid=1212158
o https://bugzilla.suse.com/show_bug.cgiid=1212164
o https://bugzilla.suse.com/show_bug.cgiid=1212165
o https://bugzilla.suse.com/show_bug.cgiid=1212167
o https://bugzilla.suse.com/show_bug.cgiid=1212170
o https://bugzilla.suse.com/show_bug.cgiid=1212173
o https://bugzilla.suse.com/show_bug.cgiid=1212175
o https://bugzilla.suse.com/show_bug.cgiid=1212185
o https://bugzilla.suse.com/show_bug.cgiid=1212236
o https://bugzilla.suse.com/show_bug.cgiid=1212240
o https://bugzilla.suse.com/show_bug.cgiid=1212244
o https://bugzilla.suse.com/show_bug.cgiid=1212266
o https://bugzilla.suse.com/show_bug.cgiid=1212443
o https://bugzilla.suse.com/show_bug.cgiid=1212501
o https://bugzilla.suse.com/show_bug.cgiid=1212502
o https://bugzilla.suse.com/show_bug.cgiid=1212606
o https://bugzilla.suse.com/show_bug.cgiid=1212701
o https://bugzilla.suse.com/show_bug.cgiid=1212842
o https://bugzilla.suse.com/show_bug.cgiid=1212938
o https://jira.suse.com/browse/SLE-18857
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZK4TS8kNZI30y1K9AQh7jRAAnLGphyr/0WPuAI0U39k+tcaw3daJzD9Q
g5YIc6EUvNy21+VrOMYaABRNwbDZ0BTMcAycHH6wvoCm5xQuxw+QYOQX/YbCrN2b
jbP4/DMl+54PpeI1gVv7eyAJz8ZYJy+JnnIHbYCNTOhsDkkw/i5AZGZbXk4aMRgA
bN6HWy9B2uY2IIbrAVoEKeUPoZnANfOG1fknQe/17KdXqu6Z9ssVVT5oa6D4wk+7
UDLEURkcMW7z9e/iwaBLkUhiSuQRjJlgl/OVDjsC+kNyIWJliHxemK6DOCPo1VM9
FkxbbYqlqtKq+keUgO5BsWFGVK4Kp2W0pnX6zANPul/RkcoebNrRnacjYoLTabQY
iO3i1pXEJudC9V2U9eKsQVE3A7v+NDiZcTAZtCXOPS1fEdb1Kb5xEfYVX8D0iYFX
Bs16ufVWiIuQBBb83WxSD/+D9S9bmwCpQ8Jp9JFbVo1pGEjMVQZXeTosh3+lc4bm
SC95nNSUUkkbJM7w2onSdeFTYoSPyPwPuf2xXwSq0m/gybe7ygLEavLGPKwNvPrS
An9X3Jf7D/8buI3VWm3qI8iMjSPcgZRYkHsnoAPguQwOX3IRpVsqC0k6T4CjOKqn
kgXigYrccJXYhCSd0DBHPt9Hje5bKlpTOZ6XF+FHpchH2stywaJkfbzpqROm/Dt2
lNhXEyI0lHo=
=1ng+
-----END PGP SIGNATURE-----