Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4358-1 Final 1 1 2023-11-03T12:46:24Z current 2023-11-03T12:46:24Z 2023-11-03T12:46:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4358,SUSE-SUSE-MicroOS-5.1-2023-4358,SUSE-SUSE-MicroOS-5.2-2023-4358 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ Link for SUSE-SU-2023:4358-1 https://lists.suse.com/pipermail/sle-security-updates/2023-November/016992.html E-Mail link for SUSE-SU-2023:4358-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1212051 SUSE Bug 1212051 https://bugzilla.suse.com/1214842 SUSE Bug 1214842 https://bugzilla.suse.com/1215095 SUSE Bug 1215095 https://bugzilla.suse.com/1215467 SUSE Bug 1215467 https://bugzilla.suse.com/1215518 SUSE Bug 1215518 https://bugzilla.suse.com/1215745 SUSE Bug 1215745 https://bugzilla.suse.com/1215858 SUSE Bug 1215858 https://bugzilla.suse.com/1215860 SUSE Bug 1215860 https://bugzilla.suse.com/1215861 SUSE Bug 1215861 https://bugzilla.suse.com/1216046 SUSE Bug 1216046 https://www.suse.com/security/cve/CVE-2023-2163/ SUSE CVE CVE-2023-2163 page https://www.suse.com/security/cve/CVE-2023-3111/ SUSE CVE CVE-2023-3111 page https://www.suse.com/security/cve/CVE-2023-34324/ SUSE CVE CVE-2023-34324 page https://www.suse.com/security/cve/CVE-2023-3777/ SUSE CVE CVE-2023-3777 page https://www.suse.com/security/cve/CVE-2023-39189/ SUSE CVE CVE-2023-39189 page https://www.suse.com/security/cve/CVE-2023-39192/ SUSE CVE CVE-2023-39192 page https://www.suse.com/security/cve/CVE-2023-39193/ SUSE CVE CVE-2023-39193 page https://www.suse.com/security/cve/CVE-2023-39194/ SUSE CVE CVE-2023-39194 page https://www.suse.com/security/cve/CVE-2023-42754/ SUSE CVE CVE-2023-42754 page SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 cluster-md-kmp-rt-5.3.18-150300.149.1 cluster-md-kmp-rt_debug-5.3.18-150300.149.1 dlm-kmp-rt-5.3.18-150300.149.1 dlm-kmp-rt_debug-5.3.18-150300.149.1 gfs2-kmp-rt-5.3.18-150300.149.1 gfs2-kmp-rt_debug-5.3.18-150300.149.1 kernel-devel-rt-5.3.18-150300.149.1 kernel-rt-5.3.18-150300.149.1 kernel-rt-devel-5.3.18-150300.149.1 kernel-rt-extra-5.3.18-150300.149.1 kernel-rt-livepatch-devel-5.3.18-150300.149.1 kernel-rt-optional-5.3.18-150300.149.1 kernel-rt_debug-5.3.18-150300.149.1 kernel-rt_debug-devel-5.3.18-150300.149.1 kernel-rt_debug-extra-5.3.18-150300.149.1 kernel-rt_debug-livepatch-devel-5.3.18-150300.149.1 kernel-rt_debug-optional-5.3.18-150300.149.1 kernel-source-rt-5.3.18-150300.149.1 kernel-syms-rt-5.3.18-150300.149.1 kselftests-kmp-rt-5.3.18-150300.149.1 kselftests-kmp-rt_debug-5.3.18-150300.149.1 ocfs2-kmp-rt-5.3.18-150300.149.1 ocfs2-kmp-rt_debug-5.3.18-150300.149.1 reiserfs-kmp-rt-5.3.18-150300.149.1 reiserfs-kmp-rt_debug-5.3.18-150300.149.1 kernel-rt-5.3.18-150300.149.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-rt-5.3.18-150300.149.1 as a component of SUSE Linux Enterprise Micro 5.2 Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. CVE-2023-2163 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-2163.html CVE-2023-2163 https://bugzilla.suse.com/1215518 SUSE Bug 1215518 https://bugzilla.suse.com/1215519 SUSE Bug 1215519 A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). CVE-2023-3111 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-3111.html CVE-2023-3111 https://bugzilla.suse.com/1212051 SUSE Bug 1212051 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock). CVE-2023-34324 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-34324.html CVE-2023-34324 https://bugzilla.suse.com/1215745 SUSE Bug 1215745 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. CVE-2023-3777 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-3777.html CVE-2023-3777 https://bugzilla.suse.com/1215095 SUSE Bug 1215095 https://bugzilla.suse.com/1215097 SUSE Bug 1215097 A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. CVE-2023-39189 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-39189.html CVE-2023-39189 https://bugzilla.suse.com/1216046 SUSE Bug 1216046 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. CVE-2023-39192 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-39192.html CVE-2023-39192 https://bugzilla.suse.com/1215858 SUSE Bug 1215858 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. CVE-2023-39193 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-39193.html CVE-2023-39193 https://bugzilla.suse.com/1215860 SUSE Bug 1215860 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. CVE-2023-39194 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-39194.html CVE-2023-39194 https://bugzilla.suse.com/1215861 SUSE Bug 1215861 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. CVE-2023-42754 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.149.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.149.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/ https://www.suse.com/security/cve/CVE-2023-42754.html CVE-2023-42754 https://bugzilla.suse.com/1215467 SUSE Bug 1215467 https://bugzilla.suse.com/1222212 SUSE Bug 1222212