SB2023110335 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2023-2163)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

2) Use-after-free (CVE-ID: CVE-2023-3111)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c in btrfs in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

3) Deadlock (CVE-ID: CVE-2023-34324)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).

4) Resource management error (CVE-ID: CVE-2023-3777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.

5) Out-of-bounds read (CVE-ID: CVE-2023-39189)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.

6) Out-of-bounds read (CVE-ID: CVE-2023-39192)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.

7) Out-of-bounds read (CVE-ID: CVE-2023-39193)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.

8) Out-of-bounds read (CVE-ID: CVE-2023-39194)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.

9) NULL pointer dereference (CVE-ID: CVE-2023-42754)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/