SB2023071431 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 16 secuirty vulnerabilities.

1) Type Confusion (CVE-ID: CVE-2023-1077)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

2) Use-after-free (CVE-ID: CVE-2023-1249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the core dump subsystem in Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

3) Use-after-free (CVE-ID: CVE-2023-1829)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

4) Security features bypass (CVE-ID: CVE-2023-21102)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.

5) Out-of-bounds write (CVE-ID: CVE-2023-3090)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

6) Use-after-free (CVE-ID: CVE-2023-3111)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c in btrfs in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

7) Use-after-free (CVE-ID: CVE-2023-3141)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.

8) Incorrect calculation (CVE-ID: CVE-2023-3161)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation in the Framebuffer Console (fbcon) in the Linux kernel. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2023-3212)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2023-3357)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel AMD Sensor Fusion Hub driver. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2023-3358)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Integrated Sensor Hub (ISH) driver. A local user and perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2023-3389)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux Kernel io_uring subsystem. A local user can exploit a race condition and execute arbitrary code with elevated privileges.

13) Out-of-bounds write (CVE-ID: CVE-2023-35788)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

14) Race condition (CVE-ID: CVE-2023-35823)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

15) Race condition (CVE-ID: CVE-2023-35828)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

16) Use-after-free (CVE-ID: CVE-2023-35829)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rkvdec_remove() function in drivers/staging/media/rkvdec/rkvdec.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2023/suse-su-20232820-1/