Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3333-1 Final 1 1 2023-08-16T10:45:46Z current 2023-08-16T10:45:46Z 2023-08-16T10:45:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2018-3639: Fixed Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1087082). - CVE-2017-18344: Fixed an OOB access led by an invalid check in timer_create. (bsc#1102851). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). The following non-security bugs were fixed: - fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). - firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). - kABI: restore _copy_from_user on x86_64 and copy_to_user on x86 (bsc#1211738 CVE-2023-0459). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). - memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776 bsc#1213588). - pkt_sched: fix error return code in fw_change_attrs() (bsc#1213588). - pkt_sched: fix error return code in fw_change_attrs() (bsc#1213588). - posix-timer: Properly check sigevent->sigev_notify (CVE-2017-18344, bsc#1102851, bsc#1208715). - relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268). - uaccess: Add speculation barrier to copy_from_user() (bsc#1211738 CVE-2023-0459). - vc_screen: don't clobber return value in vcs_read (bsc#1213167 CVE-2023-3567). - vc_screen: modify vcs_size() handling in vcs_read() (bsc#1213167 CVE-2023-3567). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (bsc#1213167 CVE-2023-3567). - x86: Unify copy_from_user() size checking (bsc#1211738 CVE-2023-0459). - x86/copy_user: Unify the code by removing the 64-bit asm _copy_*_user() variants (bsc#1211738 CVE-2023-0459). - x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593). - x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3333,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-3333 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ Link for SUSE-SU-2023:3333-1 https://lists.suse.com/pipermail/sle-security-updates/2023-August/015911.html E-Mail link for SUSE-SU-2023:3333-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1102851 SUSE Bug 1102851 https://bugzilla.suse.com/1205803 SUSE Bug 1205803 https://bugzilla.suse.com/1206418 SUSE Bug 1206418 https://bugzilla.suse.com/1211738 SUSE Bug 1211738 https://bugzilla.suse.com/1212128 SUSE Bug 1212128 https://bugzilla.suse.com/1212129 SUSE Bug 1212129 https://bugzilla.suse.com/1212154 SUSE Bug 1212154 https://bugzilla.suse.com/1212501 SUSE Bug 1212501 https://bugzilla.suse.com/1212502 SUSE Bug 1212502 https://bugzilla.suse.com/1213167 SUSE Bug 1213167 https://bugzilla.suse.com/1213286 SUSE Bug 1213286 https://bugzilla.suse.com/1213588 SUSE Bug 1213588 https://www.suse.com/security/cve/CVE-2017-18344/ SUSE CVE CVE-2017-18344 page https://www.suse.com/security/cve/CVE-2018-3639/ SUSE CVE CVE-2018-3639 page https://www.suse.com/security/cve/CVE-2022-40982/ SUSE CVE CVE-2022-40982 page https://www.suse.com/security/cve/CVE-2022-45919/ SUSE CVE CVE-2022-45919 page https://www.suse.com/security/cve/CVE-2023-0459/ SUSE CVE CVE-2023-0459 page https://www.suse.com/security/cve/CVE-2023-20593/ SUSE CVE CVE-2023-20593 page https://www.suse.com/security/cve/CVE-2023-3141/ SUSE CVE CVE-2023-3141 page https://www.suse.com/security/cve/CVE-2023-3159/ SUSE CVE CVE-2023-3159 page https://www.suse.com/security/cve/CVE-2023-3161/ SUSE CVE CVE-2023-3161 page https://www.suse.com/security/cve/CVE-2023-3268/ SUSE CVE CVE-2023-3268 page https://www.suse.com/security/cve/CVE-2023-3567/ SUSE CVE CVE-2023-3567 page https://www.suse.com/security/cve/CVE-2023-35824/ SUSE CVE CVE-2023-35824 page https://www.suse.com/security/cve/CVE-2023-3776/ SUSE CVE CVE-2023-3776 page SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-debug-3.0.101-108.144.1 kernel-debug-base-3.0.101-108.144.1 kernel-debug-devel-3.0.101-108.144.1 kernel-debug-extra-3.0.101-108.144.1 kernel-debug-hmac-3.0.101-108.144.1 kernel-default-3.0.101-108.144.1 kernel-default-base-3.0.101-108.144.1 kernel-default-devel-3.0.101-108.144.1 kernel-default-extra-3.0.101-108.144.1 kernel-default-hmac-3.0.101-108.144.1 kernel-docs-3.0.101-108.144.1 kernel-ec2-3.0.101-108.144.1 kernel-ec2-base-3.0.101-108.144.1 kernel-ec2-devel-3.0.101-108.144.1 kernel-ec2-extra-3.0.101-108.144.1 kernel-ec2-hmac-3.0.101-108.144.1 kernel-pae-3.0.101-108.144.1 kernel-pae-base-3.0.101-108.144.1 kernel-pae-devel-3.0.101-108.144.1 kernel-pae-extra-3.0.101-108.144.1 kernel-pae-hmac-3.0.101-108.144.1 kernel-source-3.0.101-108.144.1 kernel-source-vanilla-3.0.101-108.144.1 kernel-syms-3.0.101-108.144.1 kernel-trace-3.0.101-108.144.1 kernel-trace-base-3.0.101-108.144.1 kernel-trace-devel-3.0.101-108.144.1 kernel-trace-extra-3.0.101-108.144.1 kernel-trace-hmac-3.0.101-108.144.1 kernel-vanilla-3.0.101-108.144.1 kernel-vanilla-base-3.0.101-108.144.1 kernel-vanilla-devel-3.0.101-108.144.1 kernel-vanilla-hmac-3.0.101-108.144.1 kernel-xen-3.0.101-108.144.1 kernel-xen-base-3.0.101-108.144.1 kernel-xen-devel-3.0.101-108.144.1 kernel-xen-extra-3.0.101-108.144.1 kernel-xen-hmac-3.0.101-108.144.1 kernel-default-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-base-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-devel-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-base-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-devel-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-source-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-syms-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-base-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-devel-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-base-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-devel-3.0.101-108.144.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). CVE-2017-18344 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 important 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2017-18344.html CVE-2017-18344 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1102851 SUSE Bug 1102851 https://bugzilla.suse.com/1103203 SUSE Bug 1103203 https://bugzilla.suse.com/1103580 SUSE Bug 1103580 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVE-2018-3639 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2018-3639.html CVE-2018-3639 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1085235 SUSE Bug 1085235 https://bugzilla.suse.com/1085308 SUSE Bug 1085308 https://bugzilla.suse.com/1087078 SUSE Bug 1087078 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092631 SUSE Bug 1092631 https://bugzilla.suse.com/1092885 SUSE Bug 1092885 https://bugzilla.suse.com/1094912 SUSE Bug 1094912 https://bugzilla.suse.com/1098813 SUSE Bug 1098813 https://bugzilla.suse.com/1100394 SUSE Bug 1100394 https://bugzilla.suse.com/1102640 SUSE Bug 1102640 https://bugzilla.suse.com/1105412 SUSE Bug 1105412 https://bugzilla.suse.com/1111963 SUSE Bug 1111963 https://bugzilla.suse.com/1172781 SUSE Bug 1172781 https://bugzilla.suse.com/1172782 SUSE Bug 1172782 https://bugzilla.suse.com/1172783 SUSE Bug 1172783 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-40982 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2022-40982.html CVE-2022-40982 https://bugzilla.suse.com/1206418 SUSE Bug 1206418 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. CVE-2022-45919 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2022-45919.html CVE-2022-45919 https://bugzilla.suse.com/1205803 SUSE Bug 1205803 https://bugzilla.suse.com/1208912 SUSE Bug 1208912 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 CVE-2023-0459 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-0459.html CVE-2023-0459 https://bugzilla.suse.com/1211738 SUSE Bug 1211738 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-20593.html CVE-2023-20593 https://bugzilla.suse.com/1213286 SUSE Bug 1213286 https://bugzilla.suse.com/1213616 SUSE Bug 1213616 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. CVE-2023-3141 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-3141.html CVE-2023-3141 https://bugzilla.suse.com/1212129 SUSE Bug 1212129 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. CVE-2023-3159 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-3159.html CVE-2023-3159 https://bugzilla.suse.com/1212128 SUSE Bug 1212128 https://bugzilla.suse.com/1212347 SUSE Bug 1212347 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. CVE-2023-3161 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-3161.html CVE-2023-3161 https://bugzilla.suse.com/1212154 SUSE Bug 1212154 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. CVE-2023-3268 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-3268.html CVE-2023-3268 https://bugzilla.suse.com/1212502 SUSE Bug 1212502 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. CVE-2023-3567 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-3567.html CVE-2023-3567 https://bugzilla.suse.com/1213167 SUSE Bug 1213167 https://bugzilla.suse.com/1213244 SUSE Bug 1213244 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. CVE-2023-35824 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-35824.html CVE-2023-35824 https://bugzilla.suse.com/1212501 SUSE Bug 1212501 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. CVE-2023-3776 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.144.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.144.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233333-1/ https://www.suse.com/security/cve/CVE-2023-3776.html CVE-2023-3776 https://bugzilla.suse.com/1213588 SUSE Bug 1213588 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1223091 SUSE Bug 1223091 https://bugzilla.suse.com/1223973 SUSE Bug 1223973