Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3786-1 Final 1 1 2023-09-26T11:34:48Z current 2023-09-26T11:34:48Z 2023-09-26T11:34:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1) This update for the Linux Kernel 4.12.14-150100_197_123 fixes several issues. The following security issues were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3786,SUSE-SLE-Module-Live-Patching-15-SP1-2023-3786 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233786-1/ Link for SUSE-SU-2023:3786-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016325.html E-Mail link for SUSE-SU-2023:3786-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1210619 SUSE Bug 1210619 https://bugzilla.suse.com/1213587 SUSE Bug 1213587 https://bugzilla.suse.com/1213706 SUSE Bug 1213706 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://www.suse.com/security/cve/CVE-2023-1829/ SUSE CVE CVE-2023-1829 page https://www.suse.com/security/cve/CVE-2023-3609/ SUSE CVE CVE-2023-3609 page https://www.suse.com/security/cve/CVE-2023-3776/ SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-3812/ SUSE CVE CVE-2023-3812 page SUSE Linux Enterprise Live Patching 15 SP1 kernel-livepatch-4_12_14-150100_197_123-default-11-150100.2.2 kernel-livepatch-4_12_14-150100_197_123-default-11-150100.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP1 A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. CVE-2023-1829 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_123-default-11-150100.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233786-1/ https://www.suse.com/security/cve/CVE-2023-1829.html CVE-2023-1829 https://bugzilla.suse.com/1210335 SUSE Bug 1210335 https://bugzilla.suse.com/1210619 SUSE Bug 1210619 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1220886 SUSE Bug 1220886 https://bugzilla.suse.com/1228311 SUSE Bug 1228311 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. CVE-2023-3609 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_123-default-11-150100.2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233786-1/ https://www.suse.com/security/cve/CVE-2023-3609.html CVE-2023-3609 https://bugzilla.suse.com/1213586 SUSE Bug 1213586 https://bugzilla.suse.com/1213587 SUSE Bug 1213587 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. CVE-2023-3776 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_123-default-11-150100.2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233786-1/ https://www.suse.com/security/cve/CVE-2023-3776.html CVE-2023-3776 https://bugzilla.suse.com/1213588 SUSE Bug 1213588 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1223091 SUSE Bug 1223091 https://bugzilla.suse.com/1223973 SUSE Bug 1223973 An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-3812 SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_123-default-11-150100.2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233786-1/ https://www.suse.com/security/cve/CVE-2023-3812.html CVE-2023-3812 https://bugzilla.suse.com/1213543 SUSE Bug 1213543 https://bugzilla.suse.com/1213706 SUSE Bug 1213706 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531