Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2810-1 Final 1 1 2023-07-12T09:34:43Z current 2023-07-12T09:34:43Z 2023-07-12T09:34:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - Drop dvb-core fix patch due to bug (bsc#1205758). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - k-m-s: Drop Linux 2.6 support - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). - sunrpc: Ensure the transport backchannel association (bsc#1211203). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-2810,SUSE-SLE-Module-RT-15-SP3-2023-2810,SUSE-SUSE-MicroOS-5.1-2023-2810,SUSE-SUSE-MicroOS-5.2-2023-2810 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ Link for SUSE-SU-2023:2810-1 https://lists.suse.com/pipermail/sle-updates/2023-July/030273.html E-Mail link for SUSE-SU-2023:2810-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1160435 SUSE Bug 1160435 https://bugzilla.suse.com/1172073 SUSE Bug 1172073 https://bugzilla.suse.com/1187829 SUSE Bug 1187829 https://bugzilla.suse.com/1191731 SUSE Bug 1191731 https://bugzilla.suse.com/1199046 SUSE Bug 1199046 https://bugzilla.suse.com/1199636 SUSE Bug 1199636 https://bugzilla.suse.com/1200217 SUSE Bug 1200217 https://bugzilla.suse.com/1202353 SUSE Bug 1202353 https://bugzilla.suse.com/1205758 SUSE Bug 1205758 https://bugzilla.suse.com/1207088 SUSE Bug 1207088 https://bugzilla.suse.com/1208600 SUSE Bug 1208600 https://bugzilla.suse.com/1209039 SUSE Bug 1209039 https://bugzilla.suse.com/1209342 SUSE Bug 1209342 https://bugzilla.suse.com/1209739 SUSE Bug 1209739 https://bugzilla.suse.com/1210301 SUSE Bug 1210301 https://bugzilla.suse.com/1210469 SUSE Bug 1210469 https://bugzilla.suse.com/1210533 SUSE Bug 1210533 https://bugzilla.suse.com/1210791 SUSE Bug 1210791 https://bugzilla.suse.com/1211089 SUSE Bug 1211089 https://bugzilla.suse.com/1211203 SUSE Bug 1211203 https://bugzilla.suse.com/1211519 SUSE Bug 1211519 https://bugzilla.suse.com/1211592 SUSE Bug 1211592 https://bugzilla.suse.com/1211622 SUSE Bug 1211622 https://bugzilla.suse.com/1211796 SUSE Bug 1211796 https://bugzilla.suse.com/1212128 SUSE Bug 1212128 https://bugzilla.suse.com/1212129 SUSE Bug 1212129 https://bugzilla.suse.com/1212154 SUSE Bug 1212154 https://bugzilla.suse.com/1212158 SUSE Bug 1212158 https://bugzilla.suse.com/1212494 SUSE Bug 1212494 https://bugzilla.suse.com/1212501 SUSE Bug 1212501 https://bugzilla.suse.com/1212502 SUSE Bug 1212502 https://bugzilla.suse.com/1212504 SUSE Bug 1212504 https://bugzilla.suse.com/1212513 SUSE Bug 1212513 https://bugzilla.suse.com/1212606 SUSE Bug 1212606 https://bugzilla.suse.com/1212842 SUSE Bug 1212842 https://www.suse.com/security/cve/CVE-2023-1077/ SUSE CVE CVE-2023-1077 page https://www.suse.com/security/cve/CVE-2023-1249/ SUSE CVE CVE-2023-1249 page https://www.suse.com/security/cve/CVE-2023-2002/ SUSE CVE CVE-2023-2002 page https://www.suse.com/security/cve/CVE-2023-3090/ SUSE CVE CVE-2023-3090 page https://www.suse.com/security/cve/CVE-2023-3141/ SUSE CVE CVE-2023-3141 page https://www.suse.com/security/cve/CVE-2023-3159/ SUSE CVE CVE-2023-3159 page https://www.suse.com/security/cve/CVE-2023-3161/ SUSE CVE CVE-2023-3161 page https://www.suse.com/security/cve/CVE-2023-3268/ SUSE CVE CVE-2023-3268 page https://www.suse.com/security/cve/CVE-2023-3358/ SUSE CVE CVE-2023-3358 page https://www.suse.com/security/cve/CVE-2023-35788/ SUSE CVE CVE-2023-35788 page https://www.suse.com/security/cve/CVE-2023-35823/ SUSE CVE CVE-2023-35823 page https://www.suse.com/security/cve/CVE-2023-35824/ SUSE CVE CVE-2023-35824 page https://www.suse.com/security/cve/CVE-2023-35828/ SUSE CVE CVE-2023-35828 page SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Real Time Module 15 SP3 cluster-md-kmp-rt-5.3.18-150300.135.1 cluster-md-kmp-rt_debug-5.3.18-150300.135.1 dlm-kmp-rt-5.3.18-150300.135.1 dlm-kmp-rt_debug-5.3.18-150300.135.1 gfs2-kmp-rt-5.3.18-150300.135.1 gfs2-kmp-rt_debug-5.3.18-150300.135.1 kernel-devel-rt-5.3.18-150300.135.1 kernel-rt-5.3.18-150300.135.1 kernel-rt-devel-5.3.18-150300.135.1 kernel-rt-extra-5.3.18-150300.135.1 kernel-rt-livepatch-devel-5.3.18-150300.135.1 kernel-rt-optional-5.3.18-150300.135.1 kernel-rt_debug-5.3.18-150300.135.1 kernel-rt_debug-devel-5.3.18-150300.135.1 kernel-rt_debug-extra-5.3.18-150300.135.1 kernel-rt_debug-livepatch-devel-5.3.18-150300.135.1 kernel-rt_debug-optional-5.3.18-150300.135.1 kernel-source-rt-5.3.18-150300.135.1 kernel-syms-rt-5.3.18-150300.135.1 kselftests-kmp-rt-5.3.18-150300.135.1 kselftests-kmp-rt_debug-5.3.18-150300.135.1 ocfs2-kmp-rt-5.3.18-150300.135.1 ocfs2-kmp-rt_debug-5.3.18-150300.135.1 reiserfs-kmp-rt-5.3.18-150300.135.1 reiserfs-kmp-rt_debug-5.3.18-150300.135.1 kernel-rt-5.3.18-150300.135.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-rt-5.3.18-150300.135.1 as a component of SUSE Linux Enterprise Micro 5.2 cluster-md-kmp-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 dlm-kmp-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 gfs2-kmp-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 kernel-devel-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 kernel-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 kernel-rt-devel-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 kernel-rt_debug-devel-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 kernel-source-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 kernel-syms-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 ocfs2-kmp-rt-5.3.18-150300.135.1 as a component of SUSE Real Time Module 15 SP3 In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. CVE-2023-1077 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-1077.html CVE-2023-1077 https://bugzilla.suse.com/1208600 SUSE Bug 1208600 https://bugzilla.suse.com/1208839 SUSE Bug 1208839 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. CVE-2023-1249 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-1249.html CVE-2023-1249 https://bugzilla.suse.com/1209039 SUSE Bug 1209039 A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. CVE-2023-2002 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-2002.html CVE-2023-2002 https://bugzilla.suse.com/1210533 SUSE Bug 1210533 https://bugzilla.suse.com/1210566 SUSE Bug 1210566 A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. CVE-2023-3090 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-3090.html CVE-2023-3090 https://bugzilla.suse.com/1212842 SUSE Bug 1212842 https://bugzilla.suse.com/1212849 SUSE Bug 1212849 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1219701 SUSE Bug 1219701 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. CVE-2023-3141 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-3141.html CVE-2023-3141 https://bugzilla.suse.com/1212129 SUSE Bug 1212129 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. CVE-2023-3159 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-3159.html CVE-2023-3159 https://bugzilla.suse.com/1212128 SUSE Bug 1212128 https://bugzilla.suse.com/1212347 SUSE Bug 1212347 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. CVE-2023-3161 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-3161.html CVE-2023-3161 https://bugzilla.suse.com/1212154 SUSE Bug 1212154 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. CVE-2023-3268 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-3268.html CVE-2023-3268 https://bugzilla.suse.com/1212502 SUSE Bug 1212502 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. CVE-2023-3358 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-3358.html CVE-2023-3358 https://bugzilla.suse.com/1212606 SUSE Bug 1212606 An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. CVE-2023-35788 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-35788.html CVE-2023-35788 https://bugzilla.suse.com/1212504 SUSE Bug 1212504 https://bugzilla.suse.com/1212509 SUSE Bug 1212509 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. CVE-2023-35823 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-35823.html CVE-2023-35823 https://bugzilla.suse.com/1212494 SUSE Bug 1212494 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. CVE-2023-35824 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-35824.html CVE-2023-35824 https://bugzilla.suse.com/1212501 SUSE Bug 1212501 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. CVE-2023-35828 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.135.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.135.1 SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.135.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232810-1/ https://www.suse.com/security/cve/CVE-2023-35828.html CVE-2023-35828 https://bugzilla.suse.com/1212513 SUSE Bug 1212513