File _patchinfo of Package patchinfo.29318
<patchinfo incident="29318"> <issue id="1172073" tracker="bnc">kernel-devel and kernel-source need Obsolete for previous package rebuilds of the same version</issue> <issue id="1184208" tracker="bnc">VUL-0: CVE-2021-29650: kernel-source-rt,kernel-source-azure,kernel-source: netfilter subsystem allows attackers to cause a denial of service</issue> <issue id="1191731" tracker="bnc">kernel-default-base from SLE-15-SP4-JeOS-Alpha-202110-1 conflicts with kernel-default-base from the "moving target" repository</issue> <issue id="1199046" tracker="bnc">zypper dup wants to install kernel-preempt-5.3.18-150300</issue> <issue id="1204405" tracker="bnc">VUL-0: CVE-2022-3566: kernel: race condition in tcp_getsockopt()/tcp_setsockopt() of the component TCP handler</issue> <issue id="1205756" tracker="bnc">VUL-0: CVE-2022-45884: kernel-source-azure,kernel-source-rt,kernel-source: UaF in drivers/media/dvb-core/dvbdev.c</issue> <issue id="1205758" tracker="bnc">VUL-0: CVE-2022-45885: kernel-source-rt,kernel-source,kernel-source-azure: UaF in drivers/media/dvb-core/dvb_frontend.c</issue> <issue id="1205760" tracker="bnc">VUL-0: CVE-2022-45886: kernel-source-rt,kernel-source,kernel-source-azure: UaF in drivers/media/dvb-core/dvb_net.c</issue> <issue id="1205762" tracker="bnc">VUL-0: CVE-2022-45887: kernel-source-rt,kernel-source,kernel-source-azure: Memory leak in drivers/media/usb/ttusb-dec/ttusb_dec.c</issue> <issue id="1205803" tracker="bnc">VUL-0: CVE-2022-45919: kernel: use-after-free when there is a disconnect after an open in drivers/media/dvb-core/dvb_ca_en50221.c</issue> <issue id="1206024" tracker="bnc">VUL-0: CVE-2022-4269: kernel-source,kernel-source-rt,kernel-source-azure: kernel: net: CPU soft lockup in TC mirred egress-to-ingress action</issue> <issue id="1208474" tracker="bnc">VUL-0: CVE-2023-23586: kernel-source,kernel-source-rt,kernel-source-azure: use-after-free in io_uring</issue> <issue id="1208604" tracker="bnc">VUL-0: CVE-2023-1079: kernel: Use After Free in asus_remove()</issue> <issue id="1209287" tracker="bnc">VUL-0: CVE-2023-1380: kernel: A USB-accessible slab-out-of-bounds read in Linux kernel driver</issue> <issue id="1209779" tracker="bnc">VUL-0: CVE-2023-1637: kernel: save/restore speculative MSRs during S3 suspend/resume</issue> <issue id="1210498" tracker="bnc">VUL-0: CVE-2023-2124: kernel-source: OOB access in the XFS subsystem</issue> <issue id="1210715" tracker="bnc">VUL-0: CVE-2023-2194: kernel-source,kernel-source-azure,kernel-source-rt: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()</issue> <issue id="1210783" tracker="bnc">VUL-0: CVE-2023-31084: kernel: blocking operation when a task is in !TASK_RUNNING when dvb_frontend_get_event, wait_event_interruptible is called</issue> <issue id="1210791" tracker="bnc">KMP build fails with ld: cannot find arch/s390/lib/expoline/expoline.o</issue> <issue id="1210940" tracker="bnc">VUL-0: CVE-2023-31436: kernel: out-of-bounds write because lmax can exceed QFQ_MIN_LMAX in qfq_change_class in net/sched/sch_qfq.c</issue> <issue id="1211037" tracker="bnc">VUL-0: CVE-2023-2483: kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()</issue> <issue id="1211043" tracker="bnc">VUL-0: CVE-2023-32233: kernel: LPE due to use-after-free in Netfilter nf_tables</issue> <issue id="1211089" tracker="bnc">ALP Workbench: kmod-testsuite fails to build on s390x</issue> <issue id="1211105" tracker="bnc">VUL-0: CVE-2023-2513: kernel-source-azure,kernel-source,kernel-source-rt: ext4: use-after-free in ext4_xattr_set_entry()</issue> <issue id="1211186" tracker="bnc">VUL-0: CVE-2023-32269: kernel-source-rt,kernel-source-azure,kernel-source: UaF in AF_NETROM</issue> <issue id="1211187" tracker="bnc">VUL-0: CVE-2023-32233: kernel live patch: LPE due to use-after-free in Netfilter nf_tables</issue> <issue id="1211260" tracker="bnc">VUL-0: CVE-2023-31436: kernel live patch: out-of-bounds write because lmax can exceed QFQ_MIN_LMAX in qfq_change_class in net/sched/sch_qfq.c</issue> <issue id="1211590" tracker="bnc">VUL-0: CVE-2023-33288: kernel-source-rt,kernel-source,kernel-source-azure: Use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c</issue> <issue id="1211592" tracker="bnc">VUL-0: CVE-2023-2860: kernel-source-azure,kernel-source,kernel-source-rt: Linux Kernel IPv6 Segment Routing Out-Of-Bounds Read Information Disclosure Vulnerability</issue> <issue id="1211596" tracker="bnc">VUL-0: CVE-2020-36694: kernel-source-azure,kernel-source-rt,kernel-source: Use-after-free in the packet processing context</issue> <issue id="1211622" tracker="bnc">L3: Mellanox NETDEV watchdog timeout causes cluster outage. Requesting RCA.</issue> <issue id="1211796" tracker="bnc">kernel modules not usrmerged</issue> <issue id="2023-1637" tracker="cve" /> <issue id="2022-3566" tracker="cve" /> <issue id="2021-29650" tracker="cve" /> <issue id="2020-36694" tracker="cve" /> <issue id="2023-1079" tracker="cve" /> <issue id="2023-33288" tracker="cve" /> <issue id="2022-45886" tracker="cve" /> <issue id="2022-45885" tracker="cve" /> <issue id="2022-45887" tracker="cve" /> <issue id="2022-45919" tracker="cve" /> <issue id="2022-45884" tracker="cve" /> <issue id="2023-31084" tracker="cve" /> <issue id="2023-31436" tracker="cve" /> <issue id="2023-2194" tracker="cve" /> <issue id="2023-32269" tracker="cve" /> <issue id="2023-32233" tracker="cve" /> <issue id="2022-4269" tracker="cve" /> <issue id="2023-1380" tracker="cve" /> <issue id="2023-2513" tracker="cve" /> <issue id="2023-2483" tracker="cve" /> <issue id="2023-23586" tracker="cve" /> <issue id="2023-2124" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jdelvare</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - Fix usrmerge error (boo#1211796) - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - scsi: storvsc: Parameterize number hardware queues (bsc#1211622). - usrmerge: Compatibility with earlier rpm (boo#1211796) </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>




