SUSE alert SUSE-SU-2023:3329-1 (kernel)

From:
             
 
sle-security-updates@lists.suse.com
To:
             
 
sle-security-updates@lists.suse.com
Subject:
             
 
SUSE-SU-2023:3329-1: important: Security update for the Linux Kernel
Date:
             
 
Wed, 16 Aug 2023 08:31:21 -0000
Message-ID:
             
 
<169217468194.24047.3764435701663708462@smelt2.suse.de>


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:3329-1  
Rating: important  
References:

  * #1188885
  * #1202670
  * #1206418
  * #1207526
  * #1207528
  * #1211738
  * #1212266
  * #1213167
  * #1213287
  * #1213350
  * #1213585
  * #1213586
  * #1213588
  * #1213705
  * #1213747
  * #1213766
  * #1213819
  * #1213823
  * #1213825
  * #1213827

  
Cross-References:

  * CVE-2022-40982
  * CVE-2023-0459
  * CVE-2023-20569
  * CVE-2023-3567
  * CVE-2023-3609
  * CVE-2023-3611
  * CVE-2023-3776

  
CVSS scores:

  * CVE-2022-40982 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2022-40982 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-0459 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-0459 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20569 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-3567 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3567 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3609 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3609 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3611 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3611 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3776 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3776 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Real Time 12 SP5
  * SUSE Linux Enterprise Server 12 SP5

  
  
An update that solves seven vulnerabilities and has 13 fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2022-40982: Fixed transient execution attack called "Gather Data
    Sampling" (bsc#1206418).
  * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
    (bsc#1211738).
  * CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
    (bsc#1213287).
  * CVE-2023-3567: Fixed a use-after-free in vcs_read in
    drivers/tty/vt/vc_screen.c (bsc#1213167).
  * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
    (bsc#1213586).
  * CVE-2023-3611: Fixed an out-of-bounds write in net/sched
    sch_qfq(bsc#1213585).
  * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
    free (bsc#1213588).

The following non-security bugs were fixed:

  * fix double fget() in vhost_net_set_backend() (git-fixes).
  * nfsv4.1: always send a reclaim_complete after establishing lease (git-
    fixes).
  * sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
  * sunrpc: remove the maximum number of retries in call_bind_status (git-
    fixes).
  * update suse/s390-dasd-fix-no-record-found-for-raw_track_access (git-fixes
    bsc#1212266 bsc#1207528).
  * update suse/scsi-zfcp-fix-missing-auto-port-scan-and-thus-missing-target-
    ports (git-fixes bsc#1202670).
  * block: fix a source code comment in include/uapi/linux/blkzoned.h (git-
    fixes).
  * kabi fix test
  * kernel-binary.spec.in: remove superfluous %% in supplements fixes:
    02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
    to in-tree kmps")
  * livepatch: check kzalloc return values (git-fixes).
  * media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
  * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
  * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
  * net: virtio_net_hdr_to_skb: count transport header in ufo (git-fixes).
  * nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
  * powerpc/64: update speculation_store_bypass in /proc/&lt;pid>/status
    (bsc#1188885 ltc#193722 git-fixes).
  * powerpc/security: fix speculation_store_bypass reporting on power10
    (bsc#1188885 ltc#193722 git-fixes).
  * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
    they depend on config_toolchain_has__.
  * s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1207526).
  * s390/cio: check the subchannel validity for dev_busid (bsc#1207526).
  * s390/cio: introduce io_subchannel_type (bsc#1207526).
  * s390/cpum_sf: adjust sampling interval to avoid hitting sample limits (git-
    fixes bsc#1213827).
  * s390/maccess: add no dat mode to kernel_write (git-fixes bsc#1213825).
  * s390/numa: move initial setup of node_to_cpumask_map (git-fixes
    bsc#1213766).
  * scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
  * scsi: qla2xxx: array index may go out of bound (bsc#1213747).
  * scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
  * scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport()
    (bsc#1213747).
  * scsi: qla2xxx: correct the index of array (bsc#1213747).
  * scsi: qla2xxx: drop useless list_head (bsc#1213747).
  * scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
  * scsi: qla2xxx: fix tmf leak through (bsc#1213747).
  * scsi: qla2xxx: fix buffer overrun (bsc#1213747).
  * scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
  * scsi: qla2xxx: fix deletion race condition (bsc#1213747).
  * scsi: qla2xxx: fix end of loop test (bsc#1213747).
  * scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
  * scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
  * scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
  * scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
  * scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
  * scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
  * scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
  * scsi: qla2xxx: silence a static checker warning (bsc#1213747).
  * scsi: qla2xxx: turn off noisy message log (bsc#1213747).
  * scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
  * scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
  * scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
  * svcrdma: prevent page release when nothing was received (git-fixes).
  * vfio-ccw: prevent quiesce function going into an infinite loop (git-fixes
    bsc#1213819).
  * vfio-ccw: release any channel program when releasing/removing vfio-ccw mdev
    (git-fixes bsc#1213823).
  * vhost/test: fix build for vhost test (git-fixes).
  * vhost/vsock: use kvmalloc/kvfree for larger packets (git-fixes).
  * vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-
    fixes).
  * vhost/vsock: fix incorrect used length reported to the guest (git-fixes).
  * vhost/vsock: fix packet delivery order to monitoring devices (git-fixes).
  * vhost/vsock: split packets to send using multiple buffers (git-fixes).
  * vhost: fix the calculation in vhost_overflow() (git-fixes).
  * vhost_net: disable zerocopy by default (git-fixes).
  * vhost_net: fix oob on sendmsg() failure (git-fixes).
  * virtio-balloon: fix managed page counts when migrating pages between zones
    (git-fixes).
  * virtio-mmio: fix missing put_device() when vm_cmdline_parent registration
    failed (git-fixes).
  * virtio-net: keep stop() to follow mirror sequence of open() (git-fixes).
  * virtio-pci: remove wrong address verification in vp_del_vqs() (git-fixes).
  * virtio: improve vq->broken access to avoid any compiler optimization (git-
    fixes).
  * virtio_net: fix error handling in virtnet_restore() (git-fixes).
  * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
  * virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
  * virtio_ring: fix querying of maximum dma mapping size for virtio device
    (git-fixes).
  * vringh: use wiov->used to check for read/write desc order (git-fixes).
  * vringh: fix __vringh_iov() when riov and wiov are different (git-fixes).
  * vsock/virtio: stop workers during the .remove() (git-fixes).
  * vsock/virtio: use rcu to avoid use-after-free on the_virtio_vsock (git-
    fixes).
  * xen/blkfront: Only check REQ_FUA for writes (git-fixes).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Real Time 12 SP5  
    zypper in -t patch SUSE-SLE-RT-12-SP5-2023-3329=1

## Package List:

  * SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
    * ocfs2-kmp-rt-debuginfo-4.12.14-10.138.1
    * dlm-kmp-rt-debuginfo-4.12.14-10.138.1
    * ocfs2-kmp-rt-4.12.14-10.138.1
    * kernel-rt-debuginfo-4.12.14-10.138.1
    * kernel-rt-debugsource-4.12.14-10.138.1
    * dlm-kmp-rt-4.12.14-10.138.1
    * gfs2-kmp-rt-debuginfo-4.12.14-10.138.1
    * kernel-rt-devel-debuginfo-4.12.14-10.138.1
    * kernel-rt_debug-devel-debuginfo-4.12.14-10.138.1
    * cluster-md-kmp-rt-4.12.14-10.138.1
    * kernel-rt_debug-debugsource-4.12.14-10.138.1
    * cluster-md-kmp-rt-debuginfo-4.12.14-10.138.1
    * kernel-rt-base-4.12.14-10.138.1
    * kernel-rt_debug-debuginfo-4.12.14-10.138.1
    * kernel-syms-rt-4.12.14-10.138.1
    * kernel-rt_debug-devel-4.12.14-10.138.1
    * gfs2-kmp-rt-4.12.14-10.138.1
    * kernel-rt-devel-4.12.14-10.138.1
    * kernel-rt-base-debuginfo-4.12.14-10.138.1
  * SUSE Linux Enterprise Real Time 12 SP5 (noarch)
    * kernel-source-rt-4.12.14-10.138.1
    * kernel-devel-rt-4.12.14-10.138.1
  * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
    * kernel-rt-4.12.14-10.138.1
    * kernel-rt_debug-4.12.14-10.138.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-40982.html
  * https://www.suse.com/security/cve/CVE-2023-0459.html
  * https://www.suse.com/security/cve/CVE-2023-20569.html
  * https://www.suse.com/security/cve/CVE-2023-3567.html
  * https://www.suse.com/security/cve/CVE-2023-3609.html
  * https://www.suse.com/security/cve/CVE-2023-3611.html
  * https://www.suse.com/security/cve/CVE-2023-3776.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1188885
  * https://bugzilla.suse.com/show_bug.cgi?id=1202670
  * https://bugzilla.suse.com/show_bug.cgi?id=1206418
  * https://bugzilla.suse.com/show_bug.cgi?id=1207526
  * https://bugzilla.suse.com/show_bug.cgi?id=1207528
  * https://bugzilla.suse.com/show_bug.cgi?id=1211738
  * https://bugzilla.suse.com/show_bug.cgi?id=1212266
  * https://bugzilla.suse.com/show_bug.cgi?id=1213167
  * https://bugzilla.suse.com/show_bug.cgi?id=1213287
  * https://bugzilla.suse.com/show_bug.cgi?id=1213350
  * https://bugzilla.suse.com/show_bug.cgi?id=1213585
  * https://bugzilla.suse.com/show_bug.cgi?id=1213586
  * https://bugzilla.suse.com/show_bug.cgi?id=1213588
  * https://bugzilla.suse.com/show_bug.cgi?id=1213705
  * https://bugzilla.suse.com/show_bug.cgi?id=1213747
  * https://bugzilla.suse.com/show_bug.cgi?id=1213766
  * https://bugzilla.suse.com/show_bug.cgi?id=1213819
  * https://bugzilla.suse.com/show_bug.cgi?id=1213823
  * https://bugzilla.suse.com/show_bug.cgi?id=1213825
  * https://bugzilla.suse.com/show_bug.cgi?id=1213827