Overview

File _patchinfo of Package patchinfo.30213

<patchinfo incident="30213">
  <issue id="1087082" tracker="bnc">VUL-0: CVE-2018-3639:  V4 - Speculative Store Bypass aka "Memory Disambiguation"</issue>
  <issue id="1126703" tracker="bnc">VUL-0: CVE-2018-20784: kernel-source: kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecifi</issue>
  <issue id="1206418" tracker="bnc">VUL-0: CVE-2022-40982: transient execution attack "Gather Data Sampling"</issue>
  <issue id="1209779" tracker="bnc">VUL-0: CVE-2023-1637: kernel: save/restore speculative MSRs during S3 suspend/resume</issue>
  <issue id="1210584" tracker="bnc">VUL-0: kernel: buffer overflow in mtd_ubi build.c:::io_init</issue>
  <issue id="1211738" tracker="bnc">VUL-0: CVE-2023-0459: kernel-source-azure,kernel-source-rt,kernel-source: Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check</issue>
  <issue id="1211867" tracker="bnc">VUL-0: CVE-2023-2985: kernel-source-azure,kernel-source,kernel-source-rt: hfs: use-after-free issue in hfsplus_release_folio in fs/hfsplus/super.c</issue>
  <issue id="1212502" tracker="bnc">VUL-0: CVE-2023-3268: kernel: out-of-bounds access in relay_file_read</issue>
  <issue id="1213059" tracker="bnc">VUL-0: CVE-2023-35001: kernel: nf_tables nft_byteorder_eval OOB read/write</issue>
  <issue id="1213167" tracker="bnc">VUL-0: CVE-2023-3567: kernel-source,kernel-source-rt,kernel-source-azure: use after free in vcs_read() in the vc_screen driver due to race condition</issue>
  <issue id="1213251" tracker="bnc">VUL-0: CVE-2023-3106: kernel: netlink socket crash (null pointer deref) in netlink_dump function</issue>
  <issue id="1213286" tracker="bnc">VUL-0: CVE-2023-20593: kernel,kernel-firmware: AMD CPU: "ZenBleed": VZEROUPPER does not clear upper bits under certain conditions</issue>
  <issue id="1213287" tracker="bnc">VUL-0: CVE-2023-20569: kernel-source, kernel-firmware: AMD CPU "Inception" issue</issue>
  <issue id="1213585" tracker="bnc">VUL-0: CVE-2023-3611: kernel-source-rt,kernel-source,kernel-source-azure: out-of-bounds read/write due to an unbounded overhead value in interface size table</issue>
  <issue id="1213588" tracker="bnc">VUL-0: CVE-2023-3776: kernel-source-rt,kernel-source-azure,kernel-source: use-after-free vulnerability the cls_fw component</issue>
  <issue id="1207561" tracker="bnc">VUL-0: kernel: data operand dependent timing on Intel and Arm CPUs</issue>
  <issue id="2023-20569" tracker="cve" />
  <issue id="2023-3268" tracker="cve" />
  <issue id="2023-3776" tracker="cve" />
  <issue id="2023-3611" tracker="cve" />
  <issue id="2023-1637" tracker="cve" />
  <issue id="2023-3567" tracker="cve" />
  <issue id="2023-0459" tracker="cve" />
  <issue id="2022-40982" tracker="cve" />
  <issue id="2023-35001" tracker="cve" />
  <issue id="2023-3106" tracker="cve" />
  <issue id="2023-20593" tracker="cve" />
  <issue id="2018-3639" tracker="cve" />
  <issue id="2018-20784" tracker="cve" />
  <issue id="2023-2985" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>zhonglidong</packager>
  <reboot_needed/>
  <description>
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2018-20784: Fixed a denial of service (infinite loop in update_blocked_averages) by mishandled leaf cfs_rq in kernel/sched/fair.c (bsc#1126703).
- CVE-2018-3639: Fixed Speculative Store Bypass aka "Memory Disambiguation" (bsc#1087082).
- CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3106: Fixed crash in XFRM_MSG_GETSA netlink handler (bsc#1213251).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in  cls_fw leads to use-after-free (bsc#1213588).

The following non-security bugs were fixed:

- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size &amp;lt;= alloc, size (bsc#1210584).
- x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (git-fixes) No it's not git-fixes it's used to make sle12-sp2 compile with newer toolchain to make the life of all the poor souls maintaining this ancient kernel on their modern machines, a little bit easier....
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places