Main Vulnerability Database SB2023041041

SB2023041041 - SUSE update for the Linux Kernel

Published: April 10, 2023

Security Bulletin ID SB2023041041

Severity

Low

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-5753)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.

2) Double Free (CVE-ID: CVE-2022-4744)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

3) NULL pointer dereference (CVE-ID: CVE-2023-0394)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2023-1281)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.

5) Improper Initialization (CVE-ID: CVE-2023-1513)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

6) Race condition (CVE-ID: CVE-2023-1582)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.

7) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.

8) Use-after-free (CVE-ID: CVE-2023-1652)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

9) NULL pointer dereference (CVE-ID: CVE-2023-28327)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

10) Double Free (CVE-ID: CVE-2023-28464)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

11) Race condition (CVE-ID: CVE-2023-28466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20231802-1/

Vulnerable Software

Public Cloud Module: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP4
SUSE Linux Enterprise Server 15: SP4
SUSE Linux Enterprise High Performance Computing 15: SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
openSUSE Leap: 15.4
kernel-source-azure: before 5.14.21-150400.14.43.1
kernel-devel-azure: before 5.14.21-150400.14.43.1
kernel-azure: before 5.14.21-150400.14.43.1
cluster-md-kmp-azure: before 5.14.21-150400.14.43.1
kernel-azure-optional: before 5.14.21-150400.14.43.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.43.1
gfs2-kmp-azure: before 5.14.21-150400.14.43.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.43.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.43.1
kernel-syms-azure: before 5.14.21-150400.14.43.1
kernel-azure-debuginfo: before 5.14.21-150400.14.43.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.43.1
kernel-azure-extra: before 5.14.21-150400.14.43.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.43.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.43.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.43.1
reiserfs-kmp-azure: before 5.14.21-150400.14.43.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.43.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.43.1
kernel-azure-devel: before 5.14.21-150400.14.43.1
kernel-azure-debugsource: before 5.14.21-150400.14.43.1
dlm-kmp-azure: before 5.14.21-150400.14.43.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.43.1
kselftests-kmp-azure: before 5.14.21-150400.14.43.1
ocfs2-kmp-azure: before 5.14.21-150400.14.43.1