

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:3392-1  
Rating: important  
References:

  * #1206418
  * #1207088
  * #1210584
  * #1211738
  * #1211867
  * #1212301
  * #1212741
  * #1212835
  * #1213059
  * #1213167
  * #1213286
  * #1213287
  * #1213546
  * #1213585
  * #1213586
  * #1213588
  * #1213970
  * #1214019

  
Cross-References:

  * CVE-2022-40982
  * CVE-2023-0459
  * CVE-2023-20569
  * CVE-2023-20593
  * CVE-2023-2985
  * CVE-2023-34319
  * CVE-2023-35001
  * CVE-2023-3567
  * CVE-2023-3609
  * CVE-2023-3611
  * CVE-2023-3776
  * CVE-2023-4133
  * CVE-2023-4194

  
CVSS scores:

  * CVE-2022-40982 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2022-40982 ( NVD ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-0459 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-0459 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20569 ( SUSE ):  5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  * CVE-2023-20569 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20593 ( SUSE ):  6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-20593 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-2985 ( SUSE ):  6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-2985 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-34319 ( SUSE ):  6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  * CVE-2023-35001 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-35001 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3567 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3567 ( NVD ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3609 ( SUSE ):  7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3609 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3611 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3611 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3776 ( SUSE ):  6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-3776 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-4133 ( SUSE ):  5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4133 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-4194 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-4194 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

  
Affected Products:

  * openSUSE Leap 15.4
  * openSUSE Leap 15.5
  * SUSE CaaS Platform 4.0
  * SUSE Linux Enterprise High Availability Extension 15 SP1
  * SUSE Linux Enterprise High Performance Computing 15 SP1
  * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  * SUSE Linux Enterprise Live Patching 15-SP1
  * SUSE Linux Enterprise Server 15 SP1
  * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP1
  * SUSE Manager Proxy 4.0
  * SUSE Manager Retail Branch Server 4.0
  * SUSE Manager Server 4.0

  
  
An update that solves 13 vulnerabilities and has five fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  * CVE-2022-40982: Fixed transient execution attack called "Gather Data
    Sampling" (bsc#1206418).
  * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
    (bsc#1211738).
  * CVE-2023-20569: Fixed side channel attack âInceptionâ or âRAS Poisoningâ
    (bsc#1213287).
  * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
    attacker to potentially access sensitive information (bsc#1213286).
  * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
    fs/hfsplus/super.c that could allow a local user to cause a denial of
    service (bsc#1211867).
  * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in
    xen/netback (XSA-432) (bsc#1213546).
  * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
    that could allow a local attacker to escalate their privilege (bsc#1213059).
  * CVE-2023-3567: Fixed a use-after-free in vcs_read in
    drivers/tty/vt/vc_screen.c (bsc#1213167).
  * CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
    (bsc#1213586).
  * CVE-2023-3611: Fixed an out-of-bounds write in net/sched
    sch_qfq(bsc#1213585).
  * CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
    free (bsc#1213588).
  * CVE-2023-4133: Fixed use after free bugs caused by circular dependency
    problem in cxgb4 (bsc#1213970).
  * CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019).

The following non-security bugs were fixed:

  * arm: spear: do not use timer namespace for timer_shutdown() function
    (bsc#1213970).
  * clocksource/drivers/arm_arch_timer: do not use timer namespace for
    timer_shutdown() function (bsc#1213970).
  * clocksource/drivers/sp804: do not use timer namespace for timer_shutdown()
    function (bsc#1213970).
  * cpufeatures: allow adding more cpuid words
  * get module prefix from kmod (bsc#1212835).
  * kernel-binary.spec.in: remove superfluous %% in supplements fixes:
    02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
    to in-tree kmps")
  * kernel-docs: add buildrequires on python3-base when using python3 the
    python3 binary is provided by python3-base.
  * kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
  * keys: change keyring_serialise_link_sem to a mutex (bsc#1207088).
  * keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
  * keys: hoist locking out of __key_link_begin() (bsc#1207088).
  * net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
  * net: mana: add support for vlan tagging (bsc#1212301).
  * readme.branch: add myself as co-maintainer
  * remove more packaging cruft for sle < 12 sp3
  * rpm/check-for-config-changes: ignore also pahole_has_* we now also have
    options like config_pahole_has_lang_exclude.
  * rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
    they depend on config_toolchain_has__.
  * timers: add shutdown mechanism to the internal functions (bsc#1213970).
  * timers: provide timer_shutdown_sync (bsc#1213970).
  * timers: rename del_timer() to timer_delete() (bsc#1213970).
  * timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
  * timers: replace bug_on()s (bsc#1213970).
  * timers: silently ignore timers with a null function (bsc#1213970).
  * timers: split [try_to_]del_timer_sync to prepare for shutdown mode
    (bsc#1213970).
  * timers: update kernel-doc for various functions (bsc#1213970).
  * timers: use del_timer_sync() even on up (bsc#1213970).
  * ubi: ensure that vid header offset + vid header size <= alloc, size
    (bsc#1210584).
  * ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
    (bsc#1210584).
  * usrmerge: Adjust module path in the kernel sources (bsc#1212835).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-3392=1

  * openSUSE Leap 15.5  
    zypper in -t patch openSUSE-SLE-15.5-2023-3392=1

  * SUSE Linux Enterprise Live Patching 15-SP1  
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3392=1

  * SUSE Linux Enterprise High Availability Extension 15 SP1  
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3392=1

  * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1  
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3392=1

  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1  
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3392=1

  * SUSE Linux Enterprise Server for SAP Applications 15 SP1  
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3392=1

  * SUSE CaaS Platform 4.0  
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.

## Package List:

  * openSUSE Leap 15.4 (nosrc)
    * kernel-kvmsmall-4.12.14-150100.197.154.1
    * kernel-default-4.12.14-150100.197.154.1
    * kernel-debug-4.12.14-150100.197.154.1
    * kernel-zfcpdump-4.12.14-150100.197.154.1
  * openSUSE Leap 15.4 (ppc64le x86_64)
    * kernel-debug-base-debuginfo-4.12.14-150100.197.154.1
    * kernel-debug-base-4.12.14-150100.197.154.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * kernel-vanilla-devel-4.12.14-150100.197.154.1
    * kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1
    * kernel-vanilla-debugsource-4.12.14-150100.197.154.1
    * kernel-default-base-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-base-4.12.14-150100.197.154.1
  * openSUSE Leap 15.4 (x86_64)
    * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.154.1
    * kernel-kvmsmall-base-4.12.14-150100.197.154.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-vanilla-4.12.14-150100.197.154.1
  * openSUSE Leap 15.4 (s390x)
    * kernel-default-man-4.12.14-150100.197.154.1
    * kernel-zfcpdump-man-4.12.14-150100.197.154.1
  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
    * kernel-vanilla-4.12.14-150100.197.154.1
  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    * kernel-vanilla-devel-4.12.14-150100.197.154.1
    * kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1
    * kernel-vanilla-debugsource-4.12.14-150100.197.154.1
    * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1
    * kernel-vanilla-base-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
    * kernel-default-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
    * kernel-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debugsource-4.12.14-150100.197.154.1
    * kernel-default-livepatch-4.12.14-150100.197.154.1
    * kernel-default-livepatch-devel-4.12.14-150100.197.154.1
    * kernel-livepatch-4_12_14-150100_197_154-default-1-150100.3.3.1
  * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le
    s390x x86_64)
    * gfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debugsource-4.12.14-150100.197.154.1
    * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * dlm-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * gfs2-kmp-default-4.12.14-150100.197.154.1
    * cluster-md-kmp-default-4.12.14-150100.197.154.1
    * ocfs2-kmp-default-4.12.14-150100.197.154.1
    * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * dlm-kmp-default-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
    * kernel-default-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
    nosrc x86_64)
    * kernel-default-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
    x86_64)
    * kernel-obs-build-debugsource-4.12.14-150100.197.154.1
    * kernel-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debugsource-4.12.14-150100.197.154.1
    * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-devel-4.12.14-150100.197.154.1
    * kernel-default-base-debuginfo-4.12.14-150100.197.154.1
    * kernel-syms-4.12.14-150100.197.154.1
    * kernel-default-base-4.12.14-150100.197.154.1
    * kernel-obs-build-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
    * kernel-source-4.12.14-150100.197.154.1
    * kernel-macros-4.12.14-150100.197.154.1
    * kernel-devel-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch
    nosrc)
    * kernel-docs-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
    x86_64 nosrc)
    * kernel-default-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
    x86_64)
    * kernel-obs-build-debugsource-4.12.14-150100.197.154.1
    * reiserfs-kmp-default-4.12.14-150100.197.154.1
    * kernel-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debugsource-4.12.14-150100.197.154.1
    * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-devel-4.12.14-150100.197.154.1
    * kernel-default-base-debuginfo-4.12.14-150100.197.154.1
    * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-syms-4.12.14-150100.197.154.1
    * kernel-default-base-4.12.14-150100.197.154.1
    * kernel-obs-build-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
    * kernel-source-4.12.14-150100.197.154.1
    * kernel-macros-4.12.14-150100.197.154.1
    * kernel-devel-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
    * kernel-docs-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
    * kernel-default-man-4.12.14-150100.197.154.1
    * kernel-zfcpdump-debugsource-4.12.14-150100.197.154.1
    * kernel-zfcpdump-debuginfo-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
    * kernel-zfcpdump-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le
    x86_64)
    * kernel-default-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
    * kernel-obs-build-debugsource-4.12.14-150100.197.154.1
    * reiserfs-kmp-default-4.12.14-150100.197.154.1
    * kernel-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debugsource-4.12.14-150100.197.154.1
    * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-devel-4.12.14-150100.197.154.1
    * kernel-default-base-debuginfo-4.12.14-150100.197.154.1
    * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-syms-4.12.14-150100.197.154.1
    * kernel-default-base-4.12.14-150100.197.154.1
    * kernel-obs-build-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
    * kernel-source-4.12.14-150100.197.154.1
    * kernel-macros-4.12.14-150100.197.154.1
    * kernel-devel-4.12.14-150100.197.154.1
  * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
    * kernel-docs-4.12.14-150100.197.154.1
  * SUSE CaaS Platform 4.0 (nosrc x86_64)
    * kernel-default-4.12.14-150100.197.154.1
  * SUSE CaaS Platform 4.0 (x86_64)
    * kernel-obs-build-debugsource-4.12.14-150100.197.154.1
    * reiserfs-kmp-default-4.12.14-150100.197.154.1
    * kernel-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-debugsource-4.12.14-150100.197.154.1
    * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
    * kernel-default-devel-4.12.14-150100.197.154.1
    * kernel-default-base-debuginfo-4.12.14-150100.197.154.1
    * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1
    * kernel-syms-4.12.14-150100.197.154.1
    * kernel-default-base-4.12.14-150100.197.154.1
    * kernel-obs-build-4.12.14-150100.197.154.1
  * SUSE CaaS Platform 4.0 (noarch)
    * kernel-source-4.12.14-150100.197.154.1
    * kernel-macros-4.12.14-150100.197.154.1
    * kernel-devel-4.12.14-150100.197.154.1
  * SUSE CaaS Platform 4.0 (noarch nosrc)
    * kernel-docs-4.12.14-150100.197.154.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-40982.html
  * https://www.suse.com/security/cve/CVE-2023-0459.html
  * https://www.suse.com/security/cve/CVE-2023-20569.html
  * https://www.suse.com/security/cve/CVE-2023-20593.html
  * https://www.suse.com/security/cve/CVE-2023-2985.html
  * https://www.suse.com/security/cve/CVE-2023-34319.html
  * https://www.suse.com/security/cve/CVE-2023-35001.html
  * https://www.suse.com/security/cve/CVE-2023-3567.html
  * https://www.suse.com/security/cve/CVE-2023-3609.html
  * https://www.suse.com/security/cve/CVE-2023-3611.html
  * https://www.suse.com/security/cve/CVE-2023-3776.html
  * https://www.suse.com/security/cve/CVE-2023-4133.html
  * https://www.suse.com/security/cve/CVE-2023-4194.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1206418
  * https://bugzilla.suse.com/show_bug.cgi?id=1207088
  * https://bugzilla.suse.com/show_bug.cgi?id=1210584
  * https://bugzilla.suse.com/show_bug.cgi?id=1211738
  * https://bugzilla.suse.com/show_bug.cgi?id=1211867
  * https://bugzilla.suse.com/show_bug.cgi?id=1212301
  * https://bugzilla.suse.com/show_bug.cgi?id=1212741
  * https://bugzilla.suse.com/show_bug.cgi?id=1212835
  * https://bugzilla.suse.com/show_bug.cgi?id=1213059
  * https://bugzilla.suse.com/show_bug.cgi?id=1213167
  * https://bugzilla.suse.com/show_bug.cgi?id=1213286
  * https://bugzilla.suse.com/show_bug.cgi?id=1213287
  * https://bugzilla.suse.com/show_bug.cgi?id=1213546
  * https://bugzilla.suse.com/show_bug.cgi?id=1213585
  * https://bugzilla.suse.com/show_bug.cgi?id=1213586
  * https://bugzilla.suse.com/show_bug.cgi?id=1213588
  * https://bugzilla.suse.com/show_bug.cgi?id=1213970
  * https://bugzilla.suse.com/show_bug.cgi?id=1214019

openSUSE: 2023:3392-1: important: the Linux Kernel Security Advisory Update

August 23, 2023

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes

Description

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). * CVE-2023-20569: Fixed side channel attack âInceptionâ or âRAS Poisoningâ (bsc#1213287). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local atta...

Read the Full Advisory

Patch

## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3392=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3392=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3392=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3392=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3392=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3392=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3392=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List

* openSUSE Leap 15.4 (nosrc) * kernel-kvmsmall-4.12.14-150100.197.154.1 * kernel-default-4.12.14-150100.197.154.1 * kernel-debug-4.12.14-150100.197.154.1 * kernel-zfcpdump-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-debuginfo-4.12.14-150100.197.154.1 * kernel-debug-base-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.154.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1 * kernel-vanilla-debugsource-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-base-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.154.1 * kernel-kvmsmall-base-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.154.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.154.1 * kernel-zfcpdump-man-4.12.14-150100.197.154.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.154.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.154.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1 * kernel-vanilla-debugsource-4.12.14-150100.197.154.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-vanilla-base-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-livepatch-4.12.14-150100.197.154.1 * kernel-default-livepatch-devel-4.12.14-150100.197.154.1 * kernel-livepatch-4_12_14-150100_197_154-default-1-150100.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.154.1 * gfs2-kmp-default-4.12.14-150100.197.154.1 * cluster-md-kmp-default-4.12.14-150100.197.154.1 * ocfs2-kmp-default-4.12.14-150100.197.154.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.154.1 * dlm-kmp-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * reiserfs-kmp-default-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-default-man-4.12.14-150100.197.154.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.154.1 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * reiserfs-kmp-default-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-obs-build-debugsource-4.12.14-150100.197.154.1 * reiserfs-kmp-default-4.12.14-150100.197.154.1 * kernel-default-debuginfo-4.12.14-150100.197.154.1 * kernel-default-debugsource-4.12.14-150100.197.154.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.154.1 * kernel-default-devel-4.12.14-150100.197.154.1 * kernel-default-base-debuginfo-4.12.14-150100.197.154.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1 * kernel-syms-4.12.14-150100.197.154.1 * kernel-default-base-4.12.14-150100.197.154.1 * kernel-obs-build-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-source-4.12.14-150100.197.154.1 * kernel-macros-4.12.14-150100.197.154.1 * kernel-devel-4.12.14-150100.197.154.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.154.1

References

* #1206418 * #1207088 * #1210584 * #1211738 * #1211867 * #1212301 * #1212741 * #1212835 * #1213059 * #1213167 * #1213286 * #1213287 * #1213546 * #1213585 * #1213586 * #1213588 * #1213970 * #1214019 ## References: * https://www.suse.com/security/cve/CVE-2022-40982.html * https://www.suse.com/security/cve/CVE-2023-0459.html * https://www.suse.com/security/cve/CVE-2023-20569.html * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-34319.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3567.html * https://www.suse.com/security/cve/CVE-2023-3609.html * https://www.suse.com/security/cve/CVE-2023-3611.html * https://www.suse.com/security/cve/CVE-2023-3776.html * https://www.suse.com/security/cve/CVE-2023-4133.html * https://www.suse.com/security/cve/CVE-2023-4194.html * https://bugzilla.suse.com/show_bug.cgi?id=1206418 * https://bugzilla.suse.com/show_bug.cgi?id=1207088 * https://bugzilla.suse.com/show_bug.cgi?id=1210584 * https://bugzilla.suse.com/show_bug.cgi?id=1211738 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212741 * https://bugzilla.suse.com/show_bug.cgi?id=1212835 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213167 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213287 * https://bugzilla.suse.com/show_bug.cgi?id=1213546 * https://bugzilla.suse.com/show_bug.cgi?id=1213585 * https://bugzilla.suse.com/show_bug.cgi?id=1213586 * https://bugzilla.suse.com/show_bug.cgi?id=1213588 * https://bugzilla.suse.com/show_bug.cgi?id=1213970 * https://bugzilla.suse.com/show_bug.cgi?id=1214019