Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0463-1 Final 1 1 2024-02-14T08:17:58Z current 2024-02-14T08:17:58Z 2024-02-14T08:17:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-463,SUSE-SUSE-MicroOS-5.1-2024-463,SUSE-SUSE-MicroOS-5.2-2024-463 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ Link for SUSE-SU-2024:0463-1 https://lists.suse.com/pipermail/sle-security-updates/2024-February/017916.html E-Mail link for SUSE-SU-2024:0463-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1108281 SUSE Bug 1108281 https://bugzilla.suse.com/1193285 SUSE Bug 1193285 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1217987 SUSE Bug 1217987 https://bugzilla.suse.com/1217988 SUSE Bug 1217988 https://bugzilla.suse.com/1217989 SUSE Bug 1217989 https://bugzilla.suse.com/1218713 SUSE Bug 1218713 https://bugzilla.suse.com/1218730 SUSE Bug 1218730 https://bugzilla.suse.com/1218752 SUSE Bug 1218752 https://bugzilla.suse.com/1218757 SUSE Bug 1218757 https://bugzilla.suse.com/1218768 SUSE Bug 1218768 https://bugzilla.suse.com/1218804 SUSE Bug 1218804 https://bugzilla.suse.com/1218832 SUSE Bug 1218832 https://bugzilla.suse.com/1218836 SUSE Bug 1218836 https://bugzilla.suse.com/1219053 SUSE Bug 1219053 https://bugzilla.suse.com/1219120 SUSE Bug 1219120 https://bugzilla.suse.com/1219412 SUSE Bug 1219412 https://bugzilla.suse.com/1219434 SUSE Bug 1219434 https://www.suse.com/security/cve/CVE-2021-33631/ SUSE CVE CVE-2021-33631 page https://www.suse.com/security/cve/CVE-2023-46838/ SUSE CVE CVE-2023-46838 page https://www.suse.com/security/cve/CVE-2023-47233/ SUSE CVE CVE-2023-47233 page https://www.suse.com/security/cve/CVE-2023-51043/ SUSE CVE CVE-2023-51043 page https://www.suse.com/security/cve/CVE-2023-51780/ SUSE CVE CVE-2023-51780 page https://www.suse.com/security/cve/CVE-2023-51782/ SUSE CVE CVE-2023-51782 page https://www.suse.com/security/cve/CVE-2023-6040/ SUSE CVE CVE-2023-6040 page https://www.suse.com/security/cve/CVE-2023-6356/ SUSE CVE CVE-2023-6356 page https://www.suse.com/security/cve/CVE-2023-6535/ SUSE CVE CVE-2023-6535 page https://www.suse.com/security/cve/CVE-2023-6536/ SUSE CVE CVE-2023-6536 page https://www.suse.com/security/cve/CVE-2023-6915/ SUSE CVE CVE-2023-6915 page https://www.suse.com/security/cve/CVE-2024-0565/ SUSE CVE CVE-2024-0565 page https://www.suse.com/security/cve/CVE-2024-0775/ SUSE CVE CVE-2024-0775 page https://www.suse.com/security/cve/CVE-2024-1086/ SUSE CVE CVE-2024-1086 page SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 cluster-md-kmp-rt-5.3.18-150300.158.1 cluster-md-kmp-rt_debug-5.3.18-150300.158.1 dlm-kmp-rt-5.3.18-150300.158.1 dlm-kmp-rt_debug-5.3.18-150300.158.1 gfs2-kmp-rt-5.3.18-150300.158.1 gfs2-kmp-rt_debug-5.3.18-150300.158.1 kernel-devel-rt-5.3.18-150300.158.1 kernel-rt-5.3.18-150300.158.1 kernel-rt-devel-5.3.18-150300.158.1 kernel-rt-extra-5.3.18-150300.158.1 kernel-rt-livepatch-devel-5.3.18-150300.158.1 kernel-rt-optional-5.3.18-150300.158.1 kernel-rt_debug-5.3.18-150300.158.1 kernel-rt_debug-devel-5.3.18-150300.158.1 kernel-rt_debug-extra-5.3.18-150300.158.1 kernel-rt_debug-livepatch-devel-5.3.18-150300.158.1 kernel-rt_debug-optional-5.3.18-150300.158.1 kernel-source-rt-5.3.18-150300.158.1 kernel-syms-rt-5.3.18-150300.158.1 kselftests-kmp-rt-5.3.18-150300.158.1 kselftests-kmp-rt_debug-5.3.18-150300.158.1 ocfs2-kmp-rt-5.3.18-150300.158.1 ocfs2-kmp-rt_debug-5.3.18-150300.158.1 reiserfs-kmp-rt-5.3.18-150300.158.1 reiserfs-kmp-rt_debug-5.3.18-150300.158.1 kernel-rt-5.3.18-150300.158.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-rt-5.3.18-150300.158.1 as a component of SUSE Linux Enterprise Micro 5.2 Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. CVE-2021-33631 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2021-33631.html CVE-2021-33631 https://bugzilla.suse.com/1219412 SUSE Bug 1219412 Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. CVE-2023-46838 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-46838.html CVE-2023-46838 https://bugzilla.suse.com/1218836 SUSE Bug 1218836 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. CVE-2023-47233 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-47233.html CVE-2023-47233 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. CVE-2023-51043 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-51043.html CVE-2023-51043 https://bugzilla.suse.com/1219120 SUSE Bug 1219120 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. CVE-2023-51780 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-51780.html CVE-2023-51780 https://bugzilla.suse.com/1218730 SUSE Bug 1218730 https://bugzilla.suse.com/1218733 SUSE Bug 1218733 https://bugzilla.suse.com/1220191 SUSE Bug 1220191 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1224298 SUSE Bug 1224298 https://bugzilla.suse.com/1224878 SUSE Bug 1224878 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. CVE-2023-51782 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-51782.html CVE-2023-51782 https://bugzilla.suse.com/1218757 SUSE Bug 1218757 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. CVE-2023-6040 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-6040.html CVE-2023-6040 https://bugzilla.suse.com/1218752 SUSE Bug 1218752 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. CVE-2023-6356 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-6356.html CVE-2023-6356 https://bugzilla.suse.com/1217987 SUSE Bug 1217987 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6535 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-6535.html CVE-2023-6535 https://bugzilla.suse.com/1217988 SUSE Bug 1217988 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. CVE-2023-6536 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-6536.html CVE-2023-6536 https://bugzilla.suse.com/1217989 SUSE Bug 1217989 A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. CVE-2023-6915 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2023-6915.html CVE-2023-6915 https://bugzilla.suse.com/1218804 SUSE Bug 1218804 An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. CVE-2024-0565 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2024-0565.html CVE-2024-0565 https://bugzilla.suse.com/1218832 SUSE Bug 1218832 https://bugzilla.suse.com/1219078 SUSE Bug 1219078 A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. CVE-2024-0775 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2024-0775.html CVE-2024-0775 https://bugzilla.suse.com/1219053 SUSE Bug 1219053 https://bugzilla.suse.com/1219082 SUSE Bug 1219082 https://bugzilla.suse.com/1224298 SUSE Bug 1224298 https://bugzilla.suse.com/1224878 SUSE Bug 1224878 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. CVE-2024-1086 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.158.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.158.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240463-1/ https://www.suse.com/security/cve/CVE-2024-1086.html CVE-2024-1086 https://bugzilla.suse.com/1219434 SUSE Bug 1219434 https://bugzilla.suse.com/1219435 SUSE Bug 1219435 https://bugzilla.suse.com/1224298 SUSE Bug 1224298 https://bugzilla.suse.com/1224878 SUSE Bug 1224878 https://bugzilla.suse.com/1226066 SUSE Bug 1226066