Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3612-1 Final 1 1 2023-09-15T10:04:20Z current 2023-09-15T10:04:20Z 2023-09-15T10:04:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues. The following security issues were fixed: - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211187). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210630). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3612,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3612 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ Link for SUSE-SU-2023:3612-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016163.html E-Mail link for SUSE-SU-2023:3612-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208839 SUSE Bug 1208839 https://bugzilla.suse.com/1210630 SUSE Bug 1210630 https://bugzilla.suse.com/1211187 SUSE Bug 1211187 https://bugzilla.suse.com/1212849 SUSE Bug 1212849 https://bugzilla.suse.com/1213063 SUSE Bug 1213063 https://bugzilla.suse.com/1213244 SUSE Bug 1213244 https://www.suse.com/security/cve/CVE-2023-1077/ SUSE CVE CVE-2023-1077 page https://www.suse.com/security/cve/CVE-2023-2176/ SUSE CVE CVE-2023-2176 page https://www.suse.com/security/cve/CVE-2023-3090/ SUSE CVE CVE-2023-3090 page https://www.suse.com/security/cve/CVE-2023-32233/ SUSE CVE CVE-2023-32233 page https://www.suse.com/security/cve/CVE-2023-35001/ SUSE CVE CVE-2023-35001 page https://www.suse.com/security/cve/CVE-2023-3567/ SUSE CVE CVE-2023-3567 page SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 kernel-livepatch-5_3_18-150200_24_126-preempt-14-150200.2.2 kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 as a component of SUSE Linux Enterprise Live Patching 15 SP2 In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. CVE-2023-1077 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 important 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ https://www.suse.com/security/cve/CVE-2023-1077.html CVE-2023-1077 https://bugzilla.suse.com/1208600 SUSE Bug 1208600 https://bugzilla.suse.com/1208839 SUSE Bug 1208839 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. CVE-2023-2176 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 important 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ https://www.suse.com/security/cve/CVE-2023-2176.html CVE-2023-2176 https://bugzilla.suse.com/1210629 SUSE Bug 1210629 https://bugzilla.suse.com/1210630 SUSE Bug 1210630 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. CVE-2023-3090 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 important 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ https://www.suse.com/security/cve/CVE-2023-3090.html CVE-2023-3090 https://bugzilla.suse.com/1212842 SUSE Bug 1212842 https://bugzilla.suse.com/1212849 SUSE Bug 1212849 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1219701 SUSE Bug 1219701 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. CVE-2023-32233 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 important 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ https://www.suse.com/security/cve/CVE-2023-32233.html CVE-2023-32233 https://bugzilla.suse.com/1211043 SUSE Bug 1211043 https://bugzilla.suse.com/1211187 SUSE Bug 1211187 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace CVE-2023-35001 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 important 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ https://www.suse.com/security/cve/CVE-2023-35001.html CVE-2023-35001 https://bugzilla.suse.com/1213059 SUSE Bug 1213059 https://bugzilla.suse.com/1213063 SUSE Bug 1213063 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. CVE-2023-3567 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-14-150200.2.2 important 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233612-1/ https://www.suse.com/security/cve/CVE-2023-3567.html CVE-2023-3567 https://bugzilla.suse.com/1213167 SUSE Bug 1213167 https://bugzilla.suse.com/1213244 SUSE Bug 1213244 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531