Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2023:0406-1
Rating: important
References: #1203183 #1203693 #1203740 #1204171 #1204614
#1204760 #1205149 #1206073 #1206113 #1206114
#1206314 #1206389 #1206393 #1206395 #1206398
#1206399 #1206515 #1206664 #1206677 #1206784
#1207036 #1207125 #1207134 #1207186 #1207188
#1207189 #1207190 #1207237 #1207769 #1207823
PED-1706
Cross-References: CVE-2022-3105 CVE-2022-3107 CVE-2022-3108
CVE-2022-3112 CVE-2022-3115 CVE-2022-3435
CVE-2022-3564 CVE-2022-3643 CVE-2022-42328
CVE-2022-42329 CVE-2022-4662 CVE-2022-47520
CVE-2022-47929 CVE-2023-0266 CVE-2023-23454
CVE-2023-23455
CVSS scores:
CVE-2022-3105 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3105 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3107 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3107 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3108 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3108 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3112 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3112 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3115 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3115 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3435 (NVD) : 4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-3435 (SUSE): 5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2022-3564 (NVD) : 7.1
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3564 (SUSE): 8
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3643 (NVD) : 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2022-3643 (SUSE): 6.3
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-42328 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42328 (SUSE): 5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42329 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42329 (SUSE): 5.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4662 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-4662 (SUSE): 4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-47520 (NVD) : 7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-47520 (SUSE): 8.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
CVE-2022-47929 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-47929 (SUSE): 4.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2023-0266 (NVD) : 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-0266 (SUSE): 7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23454 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-23454 (SUSE): 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-23455 (NVD) : 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-23455 (SUSE): 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Performance Computing
15-SP2-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
______________________________________________________________________________

An update that solves 16 vulnerabilities, contains one
feature and has 14 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive
various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
net/sched/sch_atm.c because of type confusion (non-negative numbers can
sometimes indicate a TC_ACT_SHOT condition rather than valid
classification results) (bsc#1207125).
- CVE-2023-23454: Fixed denial or service in cbq_classify in
net/sched/sch_cbq.c (bnc#1207036).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that
could have been used in a use-after-free that could have resulted in a
priviledge escalation to gain ring0 access from the system user
(bsc#1207134).
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic
control subsystem (bnc#1207237).
- CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust
Security Network (RSN) information element from a Netlink packet in the
WILC1000 wireless driver (bsc#1206515).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem
that could lead a local user to crash the system (bnc#1206664).
- CVE-2022-42328, CVE-2022-42329: Fixed deadlock inside the netback driver
that could have been triggered from a VM guest (bnc#1206114).
- CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest
(bnc#1206113).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth
component (bnc#1206073).
- CVE-2022-3435: Fixed a out-of-bounds read in function fib_nh_match of
the file net/ipv4/fib_semantics.c. It is possible to initiate the attack
remotely (bnc#1204171).
- CVE-2022-3115: Fixed a null pointer dereference inside malidp_crtc_reset
in drivers/gpu/drm/arm/malidp_crtc.c that lacked a check of the return
value of kzalloc() (bnc#1206393).
- CVE-2022-3112: Fixed a null pointer dereference in amvdec_set_canvases
in drivers/staging/media/meson/vdec/vdec_helpers.c that lacked a check
of the return value of kzalloc() (bnc#1206399).
- CVE-2022-3108: Fixed missing check of return value of kmemdup()
(bnc#1206389).
- CVE-2022-3107: Fixed missing check of return value of kvmalloc_array()
(bnc#1206395).
- CVE-2022-3105: Fixed missing check of kmalloc_array() in uapi_finalize
in drivers/infiniband/core/uverbs_uapi.c (bnc#1206398).

The following non-security bugs were fixed:

- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
- HID: check empty report_list in hid_validate_values() (git-fixes,
bsc#1206784).
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- constraints: increase disk space for all architectures (bsc#1203693).
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
(bsc#1204614).
- rpm: suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149).
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Server for SAP 15-SP2:

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-406=1

- SUSE Linux Enterprise Server 15-SP2-LTSS:

zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-406=1

- SUSE Linux Enterprise Module for Live Patching 15-SP2:

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-406=1

Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.

- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-406=1

- SUSE Linux Enterprise High Availability 15-SP2:

zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-406=1

- SUSE Enterprise Storage 7:

zypper in -t patch SUSE-Storage-7-2023-406=1

Package List:

- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):

kernel-default-5.3.18-150200.24.142.1
kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
kernel-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debugsource-5.3.18-150200.24.142.1
kernel-default-devel-5.3.18-150200.24.142.1
kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
kernel-obs-build-5.3.18-150200.24.142.1
kernel-obs-build-debugsource-5.3.18-150200.24.142.1
kernel-syms-5.3.18-150200.24.142.1
reiserfs-kmp-default-5.3.18-150200.24.142.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1

- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):

kernel-devel-5.3.18-150200.24.142.1
kernel-docs-5.3.18-150200.24.142.1
kernel-macros-5.3.18-150200.24.142.1
kernel-source-5.3.18-150200.24.142.1

- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):

kernel-preempt-5.3.18-150200.24.142.1
kernel-preempt-debuginfo-5.3.18-150200.24.142.1
kernel-preempt-debugsource-5.3.18-150200.24.142.1
kernel-preempt-devel-5.3.18-150200.24.142.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1

- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):

kernel-default-5.3.18-150200.24.142.1
kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
kernel-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debugsource-5.3.18-150200.24.142.1
kernel-default-devel-5.3.18-150200.24.142.1
kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
kernel-obs-build-5.3.18-150200.24.142.1
kernel-obs-build-debugsource-5.3.18-150200.24.142.1
kernel-syms-5.3.18-150200.24.142.1
reiserfs-kmp-default-5.3.18-150200.24.142.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1

- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):

kernel-preempt-5.3.18-150200.24.142.1
kernel-preempt-debuginfo-5.3.18-150200.24.142.1
kernel-preempt-debugsource-5.3.18-150200.24.142.1
kernel-preempt-devel-5.3.18-150200.24.142.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1

- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):

kernel-devel-5.3.18-150200.24.142.1
kernel-docs-5.3.18-150200.24.142.1
kernel-macros-5.3.18-150200.24.142.1
kernel-source-5.3.18-150200.24.142.1

- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):

kernel-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debugsource-5.3.18-150200.24.142.1
kernel-default-livepatch-5.3.18-150200.24.142.1
kernel-default-livepatch-devel-5.3.18-150200.24.142.1
kernel-livepatch-5_3_18-150200_24_142-default-1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_33-debugsource-1-150200.5.3.1

- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x):

kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-1-150200.5.3.1

- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64
x86_64):

kernel-default-5.3.18-150200.24.142.1
kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
kernel-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debugsource-5.3.18-150200.24.142.1
kernel-default-devel-5.3.18-150200.24.142.1
kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
kernel-obs-build-5.3.18-150200.24.142.1
kernel-obs-build-debugsource-5.3.18-150200.24.142.1
kernel-preempt-5.3.18-150200.24.142.1
kernel-preempt-debuginfo-5.3.18-150200.24.142.1
kernel-preempt-debugsource-5.3.18-150200.24.142.1
kernel-preempt-devel-5.3.18-150200.24.142.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
kernel-syms-5.3.18-150200.24.142.1

- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):

kernel-devel-5.3.18-150200.24.142.1
kernel-docs-5.3.18-150200.24.142.1
kernel-macros-5.3.18-150200.24.142.1
kernel-source-5.3.18-150200.24.142.1

- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):

cluster-md-kmp-default-5.3.18-150200.24.142.1
cluster-md-kmp-default-debuginfo-5.3.18-150200.24.142.1
dlm-kmp-default-5.3.18-150200.24.142.1
dlm-kmp-default-debuginfo-5.3.18-150200.24.142.1
gfs2-kmp-default-5.3.18-150200.24.142.1
gfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debugsource-5.3.18-150200.24.142.1
ocfs2-kmp-default-5.3.18-150200.24.142.1
ocfs2-kmp-default-debuginfo-5.3.18-150200.24.142.1

- SUSE Enterprise Storage 7 (aarch64 x86_64):

kernel-default-5.3.18-150200.24.142.1
kernel-default-base-5.3.18-150200.24.142.1.150200.9.67.1
kernel-default-debuginfo-5.3.18-150200.24.142.1
kernel-default-debugsource-5.3.18-150200.24.142.1
kernel-default-devel-5.3.18-150200.24.142.1
kernel-default-devel-debuginfo-5.3.18-150200.24.142.1
kernel-obs-build-5.3.18-150200.24.142.1
kernel-obs-build-debugsource-5.3.18-150200.24.142.1
kernel-preempt-5.3.18-150200.24.142.1
kernel-preempt-debuginfo-5.3.18-150200.24.142.1
kernel-preempt-debugsource-5.3.18-150200.24.142.1
kernel-preempt-devel-5.3.18-150200.24.142.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.142.1
kernel-syms-5.3.18-150200.24.142.1
reiserfs-kmp-default-5.3.18-150200.24.142.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.142.1

- SUSE Enterprise Storage 7 (noarch):

kernel-devel-5.3.18-150200.24.142.1
kernel-docs-5.3.18-150200.24.142.1
kernel-macros-5.3.18-150200.24.142.1
kernel-source-5.3.18-150200.24.142.1

References:

https://www.suse.com/security/cve/CVE-2022-3105.html
https://www.suse.com/security/cve/CVE-2022-3107.html
https://www.suse.com/security/cve/CVE-2022-3108.html
https://www.suse.com/security/cve/CVE-2022-3112.html
https://www.suse.com/security/cve/CVE-2022-3115.html
https://www.suse.com/security/cve/CVE-2022-3435.html
https://www.suse.com/security/cve/CVE-2022-3564.html
https://www.suse.com/security/cve/CVE-2022-3643.html
https://www.suse.com/security/cve/CVE-2022-42328.html
https://www.suse.com/security/cve/CVE-2022-42329.html
https://www.suse.com/security/cve/CVE-2022-4662.html
https://www.suse.com/security/cve/CVE-2022-47520.html
https://www.suse.com/security/cve/CVE-2022-47929.html
https://www.suse.com/security/cve/CVE-2023-0266.html
https://www.suse.com/security/cve/CVE-2023-23454.html
https://www.suse.com/security/cve/CVE-2023-23455.html
https://bugzilla.suse.com/1203183
https://bugzilla.suse.com/1203693
https://bugzilla.suse.com/1203740
https://bugzilla.suse.com/1204171
https://bugzilla.suse.com/1204614
https://bugzilla.suse.com/1204760
https://bugzilla.suse.com/1205149
https://bugzilla.suse.com/1206073
https://bugzilla.suse.com/1206113
https://bugzilla.suse.com/1206114
https://bugzilla.suse.com/1206314
https://bugzilla.suse.com/1206389
https://bugzilla.suse.com/1206393
https://bugzilla.suse.com/1206395
https://bugzilla.suse.com/1206398
https://bugzilla.suse.com/1206399
https://bugzilla.suse.com/1206515
https://bugzilla.suse.com/1206664
https://bugzilla.suse.com/1206677
https://bugzilla.suse.com/1206784
https://bugzilla.suse.com/1207036
https://bugzilla.suse.com/1207125
https://bugzilla.suse.com/1207134
https://bugzilla.suse.com/1207186
https://bugzilla.suse.com/1207188
https://bugzilla.suse.com/1207189
https://bugzilla.suse.com/1207190
https://bugzilla.suse.com/1207237
https://bugzilla.suse.com/1207769
https://bugzilla.suse.com/1207823