Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:0698-1 Final 1 1 2024-02-29T07:35:35Z current 2024-02-29T07:35:35Z 2024-02-29T07:35:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5) This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues. The following security issues were fixed: - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215300). - CVE-2023-39198: Fixed a race condition leading to a use-after-free in qxl_mode_dumb_create() (bsc#1217116). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218733). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-683,SUSE-2024-684,SUSE-2024-696,SUSE-2024-698,SUSE-2024-699,SUSE-2024-710,SUSE-2024-711,SUSE-2024-712,SUSE-2024-713,SUSE-SLE-Live-Patching-12-SP5-2024-693,SUSE-SLE-Module-Live-Patching-15-SP3-2024-698,SUSE-SLE-Module-Live-Patching-15-SP4-2024-682,SUSE-SLE-Module-Live-Patching-15-SP5-2024-713 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20240698-1/ Link for SUSE-SU-2024:0698-1 https://lists.suse.com/pipermail/sle-security-updates/2024-February/018070.html E-Mail link for SUSE-SU-2024:0698-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215300 SUSE Bug 1215300 https://bugzilla.suse.com/1217116 SUSE Bug 1217116 https://bugzilla.suse.com/1218733 SUSE Bug 1218733 https://www.suse.com/security/cve/CVE-2023-39198/ SUSE CVE CVE-2023-39198 page https://www.suse.com/security/cve/CVE-2023-4921/ SUSE CVE CVE-2023-4921 page https://www.suse.com/security/cve/CVE-2023-51780/ SUSE CVE CVE-2023-51780 page SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Live Patching 15 SP3 SUSE Linux Enterprise Live Patching 15 SP4 SUSE Linux Enterprise Live Patching 15 SP5 kernel-livepatch-5_14_21-150400_24_60-default-10-150400.2.1 kernel-livepatch-5_14_21-150400_24_66-default-8-150400.2.1 kernel-livepatch-5_3_18-150300_59_109-default-13-150300.2.2 kernel-livepatch-5_3_18-150300_59_109-preempt-13-150300.2.2 kernel-livepatch-5_3_18-150300_59_115-default-11-150300.2.1 kernel-livepatch-5_3_18-150300_59_115-preempt-11-150300.2.1 kernel-livepatch-5_3_18-150300_59_118-default-10-150300.2.1 kernel-livepatch-5_3_18-150300_59_118-preempt-10-150300.2.1 kernel-livepatch-5_14_21-150400_24_69-default-7-150400.2.1 kernel-livepatch-5_14_21-150500_53-default-8-150500.3.1 kernel-livepatch-5_14_21-150500_55_12-default-7-150500.2.1 kernel-livepatch-5_14_21-150500_55_19-default-6-150500.2.1 kgraft-patch-4_12_14-122_147-default-12-2.2 kernel-livepatch-5_14_21-150400_24_55-default-11-150400.2.1 kgraft-patch-4_12_14-122_147-default-12-2.2 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-livepatch-5_3_18-150300_59_115-default-11-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_14_21-150400_24_55-default-11-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150500_55_19-default-6-150500.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. CVE-2023-39198 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-12-2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-11-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_55-default-11-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-6-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240698-1/ https://www.suse.com/security/cve/CVE-2023-39198.html CVE-2023-39198 https://bugzilla.suse.com/1216965 SUSE Bug 1216965 https://bugzilla.suse.com/1217116 SUSE Bug 1217116 https://bugzilla.suse.com/1219703 SUSE Bug 1219703 A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-12-2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-11-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_55-default-11-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-6-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240698-1/ https://www.suse.com/security/cve/CVE-2023-4921.html CVE-2023-4921 https://bugzilla.suse.com/1215275 SUSE Bug 1215275 https://bugzilla.suse.com/1215300 SUSE Bug 1215300 https://bugzilla.suse.com/1217444 SUSE Bug 1217444 https://bugzilla.suse.com/1217531 SUSE Bug 1217531 https://bugzilla.suse.com/1220906 SUSE Bug 1220906 https://bugzilla.suse.com/1223091 SUSE Bug 1223091 https://bugzilla.suse.com/1224418 SUSE Bug 1224418 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. CVE-2023-51780 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-12-2.2 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-11-150300.2.1 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_55-default-11-150400.2.1 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-6-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20240698-1/ https://www.suse.com/security/cve/CVE-2023-51780.html CVE-2023-51780 https://bugzilla.suse.com/1218730 SUSE Bug 1218730 https://bugzilla.suse.com/1218733 SUSE Bug 1218733 https://bugzilla.suse.com/1220191 SUSE Bug 1220191 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 https://bugzilla.suse.com/1224298 SUSE Bug 1224298 https://bugzilla.suse.com/1224878 SUSE Bug 1224878