Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2741-1 Final 1 1 2023-06-30T09:05:23Z current 2023-06-30T09:05:23Z 2023-06-30T09:05:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_87 fixes several issues. The following security issues were fixed: - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-2741,SUSE-SLE-Module-Live-Patching-15-SP3-2023-2741 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232741-1/ Link for SUSE-SU-2023:2741-1 https://lists.suse.com/pipermail/sle-security-updates/2023-June/015389.html E-Mail link for SUSE-SU-2023:2741-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1207189 SUSE Bug 1207189 https://bugzilla.suse.com/1209672 SUSE Bug 1209672 https://bugzilla.suse.com/1210452 SUSE Bug 1210452 https://bugzilla.suse.com/1210779 SUSE Bug 1210779 https://bugzilla.suse.com/1210989 SUSE Bug 1210989 https://www.suse.com/security/cve/CVE-2022-4744/ SUSE CVE CVE-2022-4744 page https://www.suse.com/security/cve/CVE-2023-1390/ SUSE CVE CVE-2023-1390 page https://www.suse.com/security/cve/CVE-2023-23455/ SUSE CVE CVE-2023-23455 page https://www.suse.com/security/cve/CVE-2023-28466/ SUSE CVE CVE-2023-28466 page https://www.suse.com/security/cve/CVE-2023-31436/ SUSE CVE CVE-2023-31436 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 kernel-livepatch-5_3_18-150300_59_87-preempt-13-150300.2.2 kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP3 A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-4744 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232741-1/ https://www.suse.com/security/cve/CVE-2022-4744.html CVE-2022-4744 https://bugzilla.suse.com/1209635 SUSE Bug 1209635 https://bugzilla.suse.com/1209672 SUSE Bug 1209672 https://bugzilla.suse.com/1211833 SUSE Bug 1211833 A remote denial of service vulnerability was found in the Linux kernel's TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. CVE-2023-1390 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232741-1/ https://www.suse.com/security/cve/CVE-2023-1390.html CVE-2023-1390 https://bugzilla.suse.com/1209289 SUSE Bug 1209289 https://bugzilla.suse.com/1210779 SUSE Bug 1210779 https://bugzilla.suse.com/1211495 SUSE Bug 1211495 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23455 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232741-1/ https://www.suse.com/security/cve/CVE-2023-23455.html CVE-2023-23455 https://bugzilla.suse.com/1207036 SUSE Bug 1207036 https://bugzilla.suse.com/1207125 SUSE Bug 1207125 https://bugzilla.suse.com/1207189 SUSE Bug 1207189 https://bugzilla.suse.com/1211833 SUSE Bug 1211833 do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). CVE-2023-28466 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232741-1/ https://www.suse.com/security/cve/CVE-2023-28466.html CVE-2023-28466 https://bugzilla.suse.com/1209366 SUSE Bug 1209366 https://bugzilla.suse.com/1210452 SUSE Bug 1210452 https://bugzilla.suse.com/1211833 SUSE Bug 1211833 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. CVE-2023-31436 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232741-1/ https://www.suse.com/security/cve/CVE-2023-31436.html CVE-2023-31436 https://bugzilla.suse.com/1210940 SUSE Bug 1210940 https://bugzilla.suse.com/1211260 SUSE Bug 1211260 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1223091 SUSE Bug 1223091 https://bugzilla.suse.com/1224419 SUSE Bug 1224419