Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3784-1 Final 1 1 2023-09-26T11:34:53Z current 2023-09-26T11:34:53Z 2023-09-26T11:34:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed: - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3784,SUSE-2023-3787,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3784,SUSE-SLE-Module-Live-Patching-15-SP5-2023-3787 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233784-1/ Link for SUSE-SU-2023:3784-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016323.html E-Mail link for SUSE-SU-2023:3784-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1210619 SUSE Bug 1210619 https://bugzilla.suse.com/1213064 SUSE Bug 1213064 https://bugzilla.suse.com/1213587 SUSE Bug 1213587 https://bugzilla.suse.com/1214123 SUSE Bug 1214123 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://www.suse.com/security/cve/CVE-2023-1829/ SUSE CVE CVE-2023-1829 page https://www.suse.com/security/cve/CVE-2023-31248/ SUSE CVE CVE-2023-31248 page https://www.suse.com/security/cve/CVE-2023-3609/ SUSE CVE CVE-2023-3609 page https://www.suse.com/security/cve/CVE-2023-3776/ SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-4273/ SUSE CVE CVE-2023-4273 page SUSE Linux Enterprise Live Patching 15 SP4 SUSE Linux Enterprise Live Patching 15 SP5 kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. CVE-2023-1829 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233784-1/ https://www.suse.com/security/cve/CVE-2023-1829.html CVE-2023-1829 https://bugzilla.suse.com/1210335 SUSE Bug 1210335 https://bugzilla.suse.com/1210619 SUSE Bug 1210619 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1220886 SUSE Bug 1220886 https://bugzilla.suse.com/1228311 SUSE Bug 1228311 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace CVE-2023-31248 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233784-1/ https://www.suse.com/security/cve/CVE-2023-31248.html CVE-2023-31248 https://bugzilla.suse.com/1213061 SUSE Bug 1213061 https://bugzilla.suse.com/1213064 SUSE Bug 1213064 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. CVE-2023-3609 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233784-1/ https://www.suse.com/security/cve/CVE-2023-3609.html CVE-2023-3609 https://bugzilla.suse.com/1213586 SUSE Bug 1213586 https://bugzilla.suse.com/1213587 SUSE Bug 1213587 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. CVE-2023-3776 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233784-1/ https://www.suse.com/security/cve/CVE-2023-3776.html CVE-2023-3776 https://bugzilla.suse.com/1213588 SUSE Bug 1213588 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1223091 SUSE Bug 1223091 https://bugzilla.suse.com/1223973 SUSE Bug 1223973 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. CVE-2023-4273 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-3-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233784-1/ https://www.suse.com/security/cve/CVE-2023-4273.html CVE-2023-4273 https://bugzilla.suse.com/1214120 SUSE Bug 1214120 https://bugzilla.suse.com/1214123 SUSE Bug 1214123