SB2023012651 - SUSE update for the Linux Kernel
Published: January 26, 2023 Updated: March 30, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2019-19083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "clock_source_create()" functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow a local user to cause a denial of service (memory consumption).
This vulnerability affects the following functions:
- dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
- dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
- dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
- dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c
- dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
- dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
- dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c
2) NULL pointer dereference (CVE-ID: CVE-2022-3105)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the uapi_finalize() function in drivers/infiniband/core/uverbs_uapi.c. A local user can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2022-3106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ef100_update_stats() function in drivers/net/ethernet/sfc/ef100_nic.c. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2022-3107)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the netvsc_get_ethtool_stats() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
5) Unchecked Return Value (CVE-ID: CVE-2022-3108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the kfd_parse_subtype_iolink() function in drivers/gpu/drm/amd/amdkfd/kfd_crat.c. A local user can crash the kernel.
6) NULL pointer dereference (CVE-ID: CVE-2022-3111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the free_charger_irq() function in drivers/power/supply/wm8350_power.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2022-3112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the amvdec_set_canvases() function in drivers/staging/media/meson/vdec/vdec_helpers.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2022-3115)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_crtc_reset() function in drivers/gpu/drm/arm/malidp_crtc.c. A local user can perform a denial of service (DoS) attack.
9) Out-of-bounds read (CVE-ID: CVE-2022-3435)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.
10) Use-after-free (CVE-ID: CVE-2022-3564)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.
11) Input validation error (CVE-ID: CVE-2022-3643)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of network packets. An attacker with access to the guest OS can trigger the related physical NIC on the host to reset, abort, or crash by sending certain kinds of packets.
12) Resource management error (CVE-ID: CVE-2022-42328)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
13) Resource management error (CVE-ID: CVE-2022-42329)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
14) Improper access control (CVE-ID: CVE-2022-4662)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the Linux kernel USB core subsystem in the way user attaches usb device. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2022-47520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver. A local user can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet and perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2022-47929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2023-0266)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
18) Type Confusion (CVE-ID: CVE-2023-23454)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the cbq_classify() function in net/sched/sch_cbq.c in the Linux kernel. A local user can trigger a type confusion error and crash the kernel.
19) Type Confusion (CVE-ID: CVE-2023-23455)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the atm_tc_enqueue() function in net/sched/sch_atm.c in the Linux kernel. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.