Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP1) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3596-1 Final 1 1 2023-09-13T12:06:25Z current 2023-09-13T12:06:25Z 2023-09-13T12:06:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP1) This update for the Linux Kernel 4.12.14-150100_197_131 fixes several issues. The following security issues were fixed: - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3596,SUSE-SLE-Module-Live-Patching-15-SP1-2023-3596 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233596-1/ Link for SUSE-SU-2023:3596-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016142.html E-Mail link for SUSE-SU-2023:3596-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208839 SUSE Bug 1208839 https://bugzilla.suse.com/1210630 SUSE Bug 1210630 https://bugzilla.suse.com/1212849 SUSE Bug 1212849 https://bugzilla.suse.com/1213063 SUSE Bug 1213063 https://bugzilla.suse.com/1213244 SUSE Bug 1213244 https://www.suse.com/security/cve/CVE-2023-1077/ SUSE CVE CVE-2023-1077 page https://www.suse.com/security/cve/CVE-2023-2176/ SUSE CVE CVE-2023-2176 page https://www.suse.com/security/cve/CVE-2023-3090/ SUSE CVE CVE-2023-3090 page https://www.suse.com/security/cve/CVE-2023-35001/ SUSE CVE CVE-2023-35001 page https://www.suse.com/security/cve/CVE-2023-3567/ SUSE CVE CVE-2023-3567 page SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 as a component of SUSE Linux Enterprise Live Patching 15 SP1 In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. CVE-2023-1077 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233596-1/ https://www.suse.com/security/cve/CVE-2023-1077.html CVE-2023-1077 https://bugzilla.suse.com/1208600 SUSE Bug 1208600 https://bugzilla.suse.com/1208839 SUSE Bug 1208839 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. CVE-2023-2176 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233596-1/ https://www.suse.com/security/cve/CVE-2023-2176.html CVE-2023-2176 https://bugzilla.suse.com/1210629 SUSE Bug 1210629 https://bugzilla.suse.com/1210630 SUSE Bug 1210630 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. CVE-2023-3090 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233596-1/ https://www.suse.com/security/cve/CVE-2023-3090.html CVE-2023-3090 https://bugzilla.suse.com/1212842 SUSE Bug 1212842 https://bugzilla.suse.com/1212849 SUSE Bug 1212849 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1219701 SUSE Bug 1219701 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace CVE-2023-35001 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233596-1/ https://www.suse.com/security/cve/CVE-2023-35001.html CVE-2023-35001 https://bugzilla.suse.com/1213059 SUSE Bug 1213059 https://bugzilla.suse.com/1213063 SUSE Bug 1213063 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. CVE-2023-3567 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_131-default-8-150100.2.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233596-1/ https://www.suse.com/security/cve/CVE-2023-3567.html CVE-2023-3567 https://bugzilla.suse.com/1213167 SUSE Bug 1213167 https://bugzilla.suse.com/1213244 SUSE Bug 1213244 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531