Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3924-1 Final 1 1 2023-10-01T11:34:12Z current 2023-10-01T11:34:12Z 2023-10-01T11:34:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) This update for the Linux Kernel 5.14.21-150500_55_12 fixes several issues. The following security issues were fixed: - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3924,SUSE-2023-3930,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3924,SUSE-SLE-Module-Live-Patching-15-SP5-2023-3930 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233924-1/ Link for SUSE-SU-2023:3924-1 https://lists.suse.com/pipermail/sle-security-updates/2023-October/016471.html E-Mail link for SUSE-SU-2023:3924-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1213587 SUSE Bug 1213587 https://bugzilla.suse.com/1214123 SUSE Bug 1214123 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://www.suse.com/security/cve/CVE-2023-3609/ SUSE CVE CVE-2023-3609 page https://www.suse.com/security/cve/CVE-2023-3776/ SUSE CVE CVE-2023-3776 page https://www.suse.com/security/cve/CVE-2023-4273/ SUSE CVE CVE-2023-4273 page SUSE Linux Enterprise Live Patching 15 SP4 SUSE Linux Enterprise Live Patching 15 SP5 kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. CVE-2023-3609 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233924-1/ https://www.suse.com/security/cve/CVE-2023-3609.html CVE-2023-3609 https://bugzilla.suse.com/1213586 SUSE Bug 1213586 https://bugzilla.suse.com/1213587 SUSE Bug 1213587 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. CVE-2023-3776 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233924-1/ https://www.suse.com/security/cve/CVE-2023-3776.html CVE-2023-3776 https://bugzilla.suse.com/1213588 SUSE Bug 1213588 https://bugzilla.suse.com/1215119 SUSE Bug 1215119 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. CVE-2023-4273 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_74-default-3-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-3-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233924-1/ https://www.suse.com/security/cve/CVE-2023-4273.html CVE-2023-4273 https://bugzilla.suse.com/1214120 SUSE Bug 1214120 https://bugzilla.suse.com/1214123 SUSE Bug 1214123