SUSE-SU-2023:2156-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation bsc1210498. -...

The vulnerability of the io_install_fixed_file() function in the io_uring subsystem of Linux kernels allows a malicious actor to escalate their privileges or cause service failures.

The vulnerability of the ioinstallfixedfile function in the iouring subsystem of Linux kernels relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges or cause service interruptions...

kernel: data races around sk->sk_prot

A data race problem was found in sk-skprot in the network subsystem in ipv6 in the Linux kernel. This issue occurs while some functions access critical data, leading to a denial of service...

kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt

A vulnerability was found in the tcp subsystem in the Linux Kernel, due to a data race around icsk-icskafops. This issue could allow an attacker to leak internal kernel information...

kernel: possible race condition in drivers/tty/tty_buffers.c

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

kernel: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set

A vulnerability was found in the Linux kernel's Bluetooth subsystem in the hcicmdsyncqueue function. There was a missing check for whether the HCIUNREGISTER flag had been set, meaning that commands were still sent even as the Bluetooth device was being unregistered. This issue could lead to a...

kernel: ASoC: soc-pcm: Add NULL check in BE reparenting

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcmbereparent API, to handle kernel NULL pointer dereference error. The issue occurred in fuzzing test...

kernel: race condition in xfrm_probe_algs can lead to OOB read/write

A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...

kernel: ASoC: qcom: Add checks for devm_kcalloc

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Add checks for devmkcalloc As the devmkcalloc may return NULL, the return value needs to be checked to avoid NULL poineter dereference...

kernel: md: fix a crash in mempool_free

In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempoolfree There's a crash in mempoolfree when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: superwritten calls atomicdecandtest&mddev-pendingwrites and...

kernel: ASoC: Intel: avs: Fix potential RX buffer overflow

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential RX buffer overflow If an event caused firmware to return invalid RX size for LARGECONFIGGET, memcpyfromio could end up copying too many bytes. Fix by utilizing mint...

kernel: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe

In the Linux kernel, the following vulnerability has been resolved: ASoC: croseccodec: Fix refcount leak in croseccodecplatformprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

kernel: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in graphgettype We should call ofnodeput for the reference before its replacement as it returned by ofgetparent which has increased the refcount. Besides, we should also call ofnodep...

kernel: ASoC: SOF: debug: Fix potential buffer overflow by snprintf()

A potential classic buffer overflow exists in the linux kernel, such that when snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow...

kernel: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FWREADY message it is not yet clear if...

kernel: ASoC: Intel: avs: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow although it's...

kernel: cpufreq: governor: Use kobject release() method to free dbs_data

A vulnerability was found in the Linux kernel's cpufreq subsystem. The dbsdata struct, which embeds a kobject, improperly attempts to free the struct using kfree rather than through the proper release method. This issue can lead to a use-after-free scenario, resulting in system instability, memor...

kernel: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come straight from reset, we might receive an IRQ before we are ready to handle it. 2.334737 Unable to handle kernel read from unreadable memory at...

kernel: scsi: mpt3sas: Fix use-after-free warning

A user after-free vulnerability was found in the Linux kernel in the refcountt variable when performing the controller reset. This issue could lead to denial of service of the system...

kernel: NULL pointer dereference in rawv6_push_pending_frames

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...