# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:4359-1  
Rating: important  
References:

  * bsc#1206010
  * bsc#1208788
  * bsc#1210778
  * bsc#1213705
  * bsc#1213950
  * bsc#1213977
  * bsc#1215743
  * bsc#1215745
  * bsc#1216046
  * bsc#1216051
  * bsc#1216107
  * bsc#1216140
  * bsc#1216340
  * bsc#1216513
  * bsc#1216514

  
Cross-References:

  * CVE-2023-31085
  * CVE-2023-34324
  * CVE-2023-39189
  * CVE-2023-45862

  
CVSS scores:

  * CVE-2023-31085 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-31085 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-34324 ( SUSE ):  5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-39189 ( SUSE ):  4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  * CVE-2023-39189 ( NVD ):  5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
  * CVE-2023-45862 ( SUSE ):  6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2023-45862 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Real Time 12 SP5
  * SUSE Linux Enterprise Server 12 SP5

  
  
An update that solves four vulnerabilities and has 11 security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
    that could cause a local DoS. (bsc#1210778)
  * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
    object could potentially extend beyond the end of an allocation causing.
    (bsc#1216051)
  * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
    (bsc#1215745).
  * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
    local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
    leading to a crash or information disclosure. (bsc#1216046)

The following non-security bugs were fixed:

  * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
  * audit: fix potential double free on error path from fsnotify_add_inode_mark
    (git-fixes).
  * crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
    (git-fixes).
  * iommu/amd: Fix IOMMU interrupt generation in X2APIC mode (bsc#1206010).
  * iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
  * iommu/amd: Set iommu->int_enabled consistently when interrupts are set up
    (bsc#1206010).
  * kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
    (bsc#1206010).
  * KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
  * memcg: drop kmem.limit_in_bytes (bsc#1208788)
  * mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
    bsc#1213705).
  * net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
    fixes).
  * net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
    fixes).
  * ratelimit: Fix data-races in ___ratelimit() (git-fixes).
  * ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
  * s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
  * s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
  * s390/vdso: add missing FORCE to build targets (git-fixes bsc#1216140).
  * s390/zcrypt: change reply buffer size offering (LTC#203322 bsc#1213950).
  * s390/zcrypt: fix reply buffer calculations for CCA replies (LTC#203322
    bsc#1213950).
  * scsi: zfcp: Defer fc_rport blocking until after ADISC response (LTC#203327
    bsc#1213977 git-fixes).
  * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1216514).
  * tools/thermal: Fix possible path truncations (git-fixes).
  * tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-
    fixes).
  * tracing: Fix memleak due to race between current_tracer and trace (git-
    fixes).
  * tracing: Fix race issue between cpu buffer write and swap (git-fixes).
  * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
  * usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
  * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-
    fixes).
  * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
  * vhost-scsi: unbreak any layout for response (git-fixes).
  * virtio_balloon: fix deadlock on OOM (git-fixes).
  * virtio_balloon: fix increment of vb->num_pfns in fill_balloon() (git-fixes).
  * virtio_net: Fix error unwinding of XDP initialization (git-fixes).
  * virtio: Protect vqs list access (git-fixes).
  * vsock/virtio: add transport parameter to the
    virtio_transport_reset_no_sock() (git-fixes).
  * xen-netback: use default TX queue size for vifs (git-fixes).
  * xen/x86: obtain full video frame buffer address for Dom0 also under EFI
    (bsc#1215743).
  * xen/x86: obtain upper 32 bits of video frame buffer address for Dom0
    (bsc#1215743).

## Special Instructions and Notes:

  * Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Real Time 12 SP5  
    zypper in -t patch SUSE-SLE-RT-12-SP5-2023-4359=1

## Package List:

  * SUSE Linux Enterprise Real Time 12 SP5 (x86_64)
    * kernel-rt-base-4.12.14-10.149.1
    * kernel-rt_debug-debugsource-4.12.14-10.149.1
    * dlm-kmp-rt-4.12.14-10.149.1
    * kernel-rt_debug-debuginfo-4.12.14-10.149.1
    * gfs2-kmp-rt-debuginfo-4.12.14-10.149.1
    * kernel-rt-debuginfo-4.12.14-10.149.1
    * ocfs2-kmp-rt-4.12.14-10.149.1
    * cluster-md-kmp-rt-4.12.14-10.149.1
    * kernel-rt-debugsource-4.12.14-10.149.1
    * kernel-rt-devel-debuginfo-4.12.14-10.149.1
    * kernel-rt_debug-devel-debuginfo-4.12.14-10.149.1
    * kernel-syms-rt-4.12.14-10.149.1
    * ocfs2-kmp-rt-debuginfo-4.12.14-10.149.1
    * gfs2-kmp-rt-4.12.14-10.149.1
    * kernel-rt-base-debuginfo-4.12.14-10.149.1
    * kernel-rt_debug-devel-4.12.14-10.149.1
    * kernel-rt-devel-4.12.14-10.149.1
    * cluster-md-kmp-rt-debuginfo-4.12.14-10.149.1
    * dlm-kmp-rt-debuginfo-4.12.14-10.149.1
  * SUSE Linux Enterprise Real Time 12 SP5 (noarch)
    * kernel-source-rt-4.12.14-10.149.1
    * kernel-devel-rt-4.12.14-10.149.1
  * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64)
    * kernel-rt-4.12.14-10.149.1
    * kernel-rt_debug-4.12.14-10.149.1

## References:

  * https://www.suse.com/security/cve/CVE-2023-31085.html
  * https://www.suse.com/security/cve/CVE-2023-34324.html
  * https://www.suse.com/security/cve/CVE-2023-39189.html
  * https://www.suse.com/security/cve/CVE-2023-45862.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1206010
  * https://bugzilla.suse.com/show_bug.cgi?id=1208788
  * https://bugzilla.suse.com/show_bug.cgi?id=1210778
  * https://bugzilla.suse.com/show_bug.cgi?id=1213705
  * https://bugzilla.suse.com/show_bug.cgi?id=1213950
  * https://bugzilla.suse.com/show_bug.cgi?id=1213977
  * https://bugzilla.suse.com/show_bug.cgi?id=1215743
  * https://bugzilla.suse.com/show_bug.cgi?id=1215745
  * https://bugzilla.suse.com/show_bug.cgi?id=1216046
  * https://bugzilla.suse.com/show_bug.cgi?id=1216051
  * https://bugzilla.suse.com/show_bug.cgi?id=1216107
  * https://bugzilla.suse.com/show_bug.cgi?id=1216140
  * https://bugzilla.suse.com/show_bug.cgi?id=1216340
  * https://bugzilla.suse.com/show_bug.cgi?id=1216513
  * https://bugzilla.suse.com/show_bug.cgi?id=1216514

SUSE: 2023:4359-1 important: the Linux Kernel

November 3, 2023
* bsc#1206010 * bsc#1208788 * bsc#1210778 * bsc#1213705 * bsc#1213950

Summary

## The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) * CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) The following non-security bugs were fixed: * 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). * audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). * crypto: virti...

Read the Full Advisory

References

* bsc#1206010

* bsc#1208788

* bsc#1210778

* bsc#1213705

* bsc#1213950

* bsc#1213977

* bsc#1215743

* bsc#1215745

* bsc#1216046

* bsc#1216051

* bsc#1216107

* bsc#1216140

* bsc#1216340

* bsc#1216513

* bsc#1216514

Cross-

* CVE-2023-31085

* CVE-2023-34324

* CVE-2023-39189

* CVE-2023-45862

CVSS scores:

* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Real Time 12 SP5

* SUSE Linux...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2023:4359-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved