File _patchinfo of Package patchinfo.29708
<patchinfo incident="29708"> <issue id="1126703" tracker="bnc">VUL-0: CVE-2018-20784: kernel-source: kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecifi</issue> <issue id="1204405" tracker="bnc">VUL-0: CVE-2022-3566: kernel: race condition in tcp_getsockopt()/tcp_setsockopt() of the component TCP handler</issue> <issue id="1205756" tracker="bnc">VUL-0: CVE-2022-45884: kernel-source-azure,kernel-source-rt,kernel-source: UaF in drivers/media/dvb-core/dvbdev.c</issue> <issue id="1205758" tracker="bnc">VUL-0: CVE-2022-45885: kernel-source-rt,kernel-source,kernel-source-azure: UaF in drivers/media/dvb-core/dvb_frontend.c</issue> <issue id="1205760" tracker="bnc">VUL-0: CVE-2022-45886: kernel-source-rt,kernel-source,kernel-source-azure: UaF in drivers/media/dvb-core/dvb_net.c</issue> <issue id="1205762" tracker="bnc">VUL-0: CVE-2022-45887: kernel-source-rt,kernel-source,kernel-source-azure: Memory leak in drivers/media/usb/ttusb-dec/ttusb_dec.c</issue> <issue id="1205803" tracker="bnc">VUL-0: CVE-2022-45919: kernel: use-after-free when there is a disconnect after an open in drivers/media/dvb-core/dvb_ca_en50221.c</issue> <issue id="1206878" tracker="bnc">[PATCH] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h</issue> <issue id="1207036" tracker="bnc">VUL-0: CVE-2023-23454: kernel: type-confusion in the CBQ network scheduler</issue> <issue id="1207125" tracker="bnc">VUL-0: CVE-2023-23455: kernel: type-confusion in the ATM network scheduler</issue> <issue id="1207168" tracker="bnc">VUL-0: CVE-2023-0394: kernel: null pointer dereference in skb_transport_offset</issue> <issue id="1207795" tracker="bnc">VUL-0: CVE-2023-0590: kernel: use-after-free due to race condition in qdisc_graft()</issue> <issue id="1208600" tracker="bnc">VUL-0: CVE-2023-1077: kernel: type confusion in pick_next_rt_entity</issue> <issue id="1208777" tracker="bnc">VUL-0: CVE-2023-1095: kernel: netfilter - NULL pointer dereference in nf_tables due to zeroed list head</issue> <issue id="1208837" tracker="bnc">VUL-0: CVE-2023-1118: kernel-source,kernel-source-azure,kernel-source-rt: UAF drivers/media/rc directory</issue> <issue id="1209008" tracker="bnc">VUL-0: kernel-vanilla: signed by SUSE key not locked down</issue> <issue id="1209039" tracker="bnc">VUL-0: CVE-2023-1249: kernel: missing mmap_lock in fill_files_note that could possibly lead to a use after free in the coredump code</issue> <issue id="1209052" tracker="bnc">VUL-0: CVE-2023-28464: kernel-source: double free in hci_conn_cleanup()</issue> <issue id="1209256" tracker="bnc">prlimit: do_prlimit needs to have a speculation check</issue> <issue id="1209287" tracker="bnc">VUL-0: CVE-2023-1380: kernel: A USB-accessible slab-out-of-bounds read in Linux kernel driver</issue> <issue id="1209289" tracker="bnc">VUL-0: CVE-2023-1390: kernel: remote DoS in TIPC kernel module</issue> <issue id="1209291" tracker="bnc">VUL-0: CVE-2023-28328: kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c</issue> <issue id="1209532" tracker="bnc">VUL-0: CVE-2023-1513: kernel: kvm: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems</issue> <issue id="1209549" tracker="bnc">VUL-0: CVE-2023-28772: kernel-source,kernel-source-rt,kernel-souce-azure: Upstream reports buffer overflow in seq_buf_putmem_hex()</issue> <issue id="1209687" tracker="bnc">VUL-0: CVE-2023-1611: kernel: race between quota disable and quota assign ioctls in fs/btrfs/ioctl.c</issue> <issue id="1209871" tracker="bnc">VUL-0: CVE-2023-1670: kernel-source-rt,kernel-source-azure,kernel-source: Use after free bug in xirc2ps_detach</issue> <issue id="1210329" tracker="bnc">VUL-0: CVE-2023-30772: kernel: use after free bug in da9150_charger_remove due to race condition</issue> <issue id="1210336" tracker="bnc">VUL-0: CVE-2023-1989: kernel: Use after free bug in btsdio_remove due to race condition</issue> <issue id="1210337" tracker="bnc">VUL-0: CVE-2023-1990: kernel: Use after free bug in ndlc_remove due to race condition</issue> <issue id="1210498" tracker="bnc">VUL-0: CVE-2023-2124: kernel-source: OOB access in the XFS subsystem</issue> <issue id="1210506" tracker="bnc">VUL-0: CVE-2023-1998: kernel: x86/speculation: Allow enabling STIBP with legacy IBRS</issue> <issue id="1210647" tracker="bnc">VUL-0: CVE-2023-2162: kernel-source-rt,kernel-source,kernel-source-azure: UAF during login when accessing the shost ipaddress</issue> <issue id="1210715" tracker="bnc">VUL-0: CVE-2023-2194: kernel-source,kernel-source-azure,kernel-source-rt: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()</issue> <issue id="1210940" tracker="bnc">VUL-0: CVE-2023-31436: kernel: out-of-bounds write because lmax can exceed QFQ_MIN_LMAX in qfq_change_class in net/sched/sch_qfq.c</issue> <issue id="1211105" tracker="bnc">VUL-0: CVE-2023-2513: kernel-source-azure,kernel-source,kernel-source-rt: ext4: use-after-free in ext4_xattr_set_entry()</issue> <issue id="1211186" tracker="bnc">VUL-0: CVE-2023-32269: kernel-source-rt,kernel-source-azure,kernel-source: UaF in AF_NETROM</issue> <issue id="1211449" tracker="bnc">VUL-1: kernel: Use after free bug in r592_remov due to race condition</issue> <issue id="1212128" tracker="bnc">VUL-0: CVE-2023-3159: kernel-source,kernel-source-azure,kernel-source-rt: kernel: use after free issue in driver/firewire in outbound_phy_packet_callback</issue> <issue id="1212129" tracker="bnc">VUL-0: CVE-2023-3141: kernel-source,kernel-source-azure,kernel-source-rt: kernel: Use after free bug in r592_remove</issue> <issue id="1212154" tracker="bnc">VUL-0: CVE-2023-3161: kernel: fbcon: shift-out-of-bounds in fbcon_set_font()</issue> <issue id="1212501" tracker="bnc">VUL-0: CVE-2023-35824: kernel-source-azure,kernel-source-rt,kernel-source: Use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c</issue> <issue id="1212842" tracker="bnc">VUL-0: CVE-2023-3090: kernel: heap out-of-bounds vulnerability in the ipvlan network driver could lead to local privilege escalation</issue> <issue id="2023-3090" tracker="cve" /> <issue id="2018-20784" tracker="cve" /> <issue id="2023-1249" tracker="cve" /> <issue id="2023-35824" tracker="cve" /> <issue id="2023-3161" tracker="cve" /> <issue id="2023-3141" tracker="cve" /> <issue id="2023-3159" tracker="cve" /> <issue id="2022-3566" tracker="cve" /> <issue id="2022-45884" tracker="cve" /> <issue id="2022-45919" tracker="cve" /> <issue id="2022-45885" tracker="cve" /> <issue id="2022-45886" tracker="cve" /> <issue id="2022-45887" tracker="cve" /> <issue id="2023-31436" tracker="cve" /> <issue id="2023-2194" tracker="cve" /> <issue id="2023-32269" tracker="cve" /> <issue id="2023-1380" tracker="cve" /> <issue id="2023-2513" tracker="cve" /> <issue id="2023-2124" tracker="cve" /> <issue id="2023-23454" tracker="cve" /> <issue id="2023-23455" tracker="cve" /> <issue id="2023-1670" tracker="cve" /> <issue id="2023-2162" tracker="cve" /> <issue id="2023-1998" tracker="cve" /> <issue id="2023-30772" tracker="cve" /> <issue id="2023-1990" tracker="cve" /> <issue id="2023-1989" tracker="cve" /> <issue id="2023-1611" tracker="cve" /> <issue id="2023-28772" tracker="cve" /> <issue id="2017-5753" tracker="cve" /> <issue id="2023-1513" tracker="cve" /> <issue id="2023-1077" tracker="cve" /> <issue id="2023-28464" tracker="cve" /> <issue id="2023-1390" tracker="cve" /> <issue id="2023-28328" tracker="cve" /> <issue id="2023-0590" tracker="cve" /> <issue id="2023-1095" tracker="cve" /> <issue id="2023-1118" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>zhonglidong</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Drop dvb-core fix patch due to regression (bsc#1205758). - Revert CVE-2018-20784 due to regression (bsc#1126703). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336). - btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). - do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513). - fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). - firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). - fix a mistake in the CVE-2023-0590 / bsc#1207795 backport - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753). - kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). - media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). - media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). - media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291 CVE-2023-28328). - media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). - media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). - media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118 bsc#1208837). - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). - memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). - netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). - netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162). - seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772). - tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566). - tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). - xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
