1209052 – (CVE-2023-28464) VUL-0: CVE-2023-28464: kernel-source: double free in hci_conn_cleanup()

Bug 1209052 (CVE-2023-28464) - VUL-0: CVE-2023-28464: kernel-source: double free in hci_conn_cleanup()

Summary: VUL-0: CVE-2023-28464: kernel-source: double free in hci_conn_cleanup()

Status:	RESOLVED FIXED

Alias:	CVE-2023-28464

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/359519/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-28464:7.8:(AV:...
Keywords:

Depends on:
Blocks:	1211111
	Show dependency tree / graph

Clone This Bug

Reported:	2023-03-08 10:58 UTC by Carlos López
Modified:	2024-06-25 17:31 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos López 2023-03-08 10:58:08 UTC

From linux-distros:

Hello there.
In the Bluetooth subsystem, a double free vulnerability was found in the hci_conn_cleanup function of net/bluetooth/hci_conn.c, which may cause DOS or privilege escalation.
Version: Linux kernel 6.2 (this problem also exists in 6.3-rc1)

At the end of the hci_conn_del_sysfs(conn) function in the hci_conn_cleanup function, hci_dev_put(hdev) will be called. The hci_dev_put function will eventually call kfree to release the space used by name:
```
hci_dev_put
put_device
kobject_put
kref_put
kobject_release
kobject_cleanup
kfree_const
kfree
```

After the hci_conn_del_sysfs function ends, the hci_dev_put function is called again in the hci_conn_cleanup function, and their parameters hdev are the same, so double free will be caused when the name is released.
In addition, at the end of hci_conn_cleanup, the hci_conn_put function is called again, which will call the put_device function to release conn->dev. Obviously conn->dev has been released, so there will also be a double free problem here.

Call Trace from syzbot, https://syzkaller.appspot.com/bug?id=1bb51491ca5df96a5f724899d1dbb87afda61419:
```
BUG: KASAN: slab-use-after-free in hci_conn_hash_flush+0x23c/0x260 net/bluetooth/hci_conn.c:2437
Read of size 8 at addr ffff88802bd1a000 by task syz-executor.3/5147

CPU: 1 PID: 5147 Comm: syz-executor.3 Not tainted 6.2.0-next-20230306-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:319
 print_report mm/kasan/report.c:430 [inline]
 kasan_report+0x11c/0x130 mm/kasan/report.c:536
 hci_conn_hash_flush+0x23c/0x260 net/bluetooth/hci_conn.c:2437
 hci_dev_close_sync+0x5fb/0x1200 net/bluetooth/hci_sync.c:4889
 hci_dev_do_close+0x31/0x70 net/bluetooth/hci_core.c:554
 hci_unregister_dev+0x1ce/0x580 net/bluetooth/hci_core.c:2702
 vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xb42/0x2b60 kernel/exit.c:869
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
 __do_sys_exit_group kernel/exit.c:1030 [inline]
 __se_sys_exit_group kernel/exit.c:1028 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f16f988c0f9
Code: Unable to access opcode bytes at 0x7f16f988c0cf.
RSP: 002b:00007ffc8ecb8b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffc8ecb8ce0 RCX: 00007f16f988c0f9
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffc8ecb8ce0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f16f98e7aba
R13: 000000000000001c R14: 0000000000000003 R15: 00007ffc8ecb8d20
 </TASK>

Allocated by task 5243:
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:374 [inline]
 ____kasan_kmalloc mm/kasan/common.c:333 [inline]
 __kasan_kmalloc+0xa2/0xb0 mm/kasan/common.c:383
 kmalloc include/linux/slab.h:580 [inline]
 kzalloc include/linux/slab.h:720 [inline]
 hci_conn_add+0xb8/0x15c0 net/bluetooth/hci_conn.c:962
 hci_connect_sco+0x42c/0xac0 net/bluetooth/hci_conn.c:1607
 sco_connect net/bluetooth/sco.c:255 [inline]
 sco_sock_connect+0x350/0xa60 net/bluetooth/sco.c:598
 __sys_connect_file+0x153/0x1a0 net/socket.c:2004
 __sys_connect+0x165/0x1a0 net/socket.c:2021
 __do_sys_connect net/socket.c:2031 [inline]
 __se_sys_connect net/socket.c:2028 [inline]
 __x64_sys_connect+0x73/0xb0 net/socket.c:2028
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 5147:
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 kasan_set_track+0x25/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x40 mm/kasan/generic.c:521
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free+0x160/0x1c0 mm/kasan/common.c:200
 kasan_slab_free include/linux/kasan.h:162 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1807
 slab_free mm/slub.c:3787 [inline]
 __kmem_cache_free+0xaf/0x2d0 mm/slub.c:3800
 device_release+0xa3/0x240 drivers/base/core.c:2436
 kobject_cleanup lib/kobject.c:681 [inline]
 kobject_release lib/kobject.c:712 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1c2/0x4d0 lib/kobject.c:729
 put_device+0x1f/0x30 drivers/base/core.c:3697
 hci_conn_del+0x212/0xa70 net/bluetooth/hci_conn.c:1112
 hci_conn_del+0x7df/0xa70 net/bluetooth/hci_conn.c:1071
 hci_conn_hash_flush+0x19b/0x260 net/bluetooth/hci_conn.c:2441
 hci_dev_close_sync+0x5fb/0x1200 net/bluetooth/hci_sync.c:4889
 hci_dev_do_close+0x31/0x70 net/bluetooth/hci_core.c:554
 hci_unregister_dev+0x1ce/0x580 net/bluetooth/hci_core.c:2702
 vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xb42/0x2b60 kernel/exit.c:869
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
 __do_sys_exit_group kernel/exit.c:1030 [inline]
 __se_sys_exit_group kernel/exit.c:1028 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Last potentially related work creation:
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:491
 insert_work+0x48/0x350 kernel/workqueue.c:1361
 __queue_work+0x5fd/0x1170 kernel/workqueue.c:1524
 __queue_delayed_work+0x1c8/0x270 kernel/workqueue.c:1672
 queue_delayed_work_on+0x109/0x120 kernel/workqueue.c:1708
 queue_delayed_work include/linux/workqueue.h:519 [inline]
 hci_conn_drop include/net/bluetooth/hci_core.h:1417 [inline]
 hci_conn_drop include/net/bluetooth/hci_core.h:1387 [inline]
 sco_chan_del+0x1f8/0x4f0 net/bluetooth/sco.c:169
 __sco_sock_close+0x178/0x740 net/bluetooth/sco.c:431
 sco_sock_close net/bluetooth/sco.c:446 [inline]
 sco_sock_release+0x81/0x360 net/bluetooth/sco.c:1254
 __sock_release+0xcd/0x290 net/socket.c:651
 sock_close+0x1c/0x20 net/socket.c:1393
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 get_signal+0x1c7/0x25b0 kernel/signal.c:2635
 arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:306
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Second to last potentially related work creation:
 kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:491
 insert_work+0x48/0x350 kernel/workqueue.c:1361
 __queue_work+0x5fd/0x1170 kernel/workqueue.c:1524
 __queue_delayed_work+0x1c8/0x270 kernel/workqueue.c:1672
 queue_delayed_work_on+0x109/0x120 kernel/workqueue.c:1708
 queue_delayed_work include/linux/workqueue.h:519 [inline]
 hci_conn_drop include/net/bluetooth/hci_core.h:1417 [inline]
 hci_conn_drop include/net/bluetooth/hci_core.h:1387 [inline]
 sco_chan_del+0x1f8/0x4f0 net/bluetooth/sco.c:169
 __sco_sock_close+0x178/0x740 net/bluetooth/sco.c:431
 sco_sock_close net/bluetooth/sco.c:446 [inline]
 sco_sock_release+0x81/0x360 net/bluetooth/sco.c:1254
 __sock_release+0xcd/0x290 net/socket.c:651
 sock_close+0x1c/0x20 net/socket.c:1393
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xb42/0x2b60 kernel/exit.c:869
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
 get_signal+0x2315/0x25b0 kernel/signal.c:2859
 arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:306
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

The buggy address belongs to the object at ffff88802bd1a000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 0 bytes inside of
 freed 4096-byte region [ffff88802bd1a000, ffff88802bd1b000)

The buggy address belongs to the physical page:
page:ffffea0000af4600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2bd18
head:ffffea0000af4600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000010200 ffff888012442140 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5243, tgid 5241 (syz-executor.2), ts 555978017917, free_ts 553922159565
 prep_new_page mm/page_alloc.c:2492 [inline]
 get_page_from_freelist+0xf75/0x2ad0 mm/page_alloc.c:4236
 __alloc_pages+0x1cb/0x5c0 mm/page_alloc.c:5502
 alloc_pages+0x1aa/0x270 mm/mempolicy.c:2283
 alloc_slab_page mm/slub.c:1851 [inline]
 allocate_slab+0x28e/0x380 mm/slub.c:1998
 new_slab mm/slub.c:2051 [inline]
 ___slab_alloc+0xa91/0x1400 mm/slub.c:3193
 __slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3292
 __slab_alloc_node mm/slub.c:3345 [inline]
 slab_alloc_node mm/slub.c:3442 [inline]
 __kmem_cache_alloc_node+0x136/0x320 mm/slub.c:3491
 kmalloc_trace+0x26/0x60 mm/slab_common.c:1061
 kmalloc include/linux/slab.h:580 [inline]
 kzalloc include/linux/slab.h:720 [inline]
 hci_conn_add+0xb8/0x15c0 net/bluetooth/hci_conn.c:962
 hci_connect_acl+0x413/0x690 net/bluetooth/hci_conn.c:1576
 hci_connect_sco+0x4e/0xac0 net/bluetooth/hci_conn.c:1600
 sco_connect net/bluetooth/sco.c:255 [inline]
 sco_sock_connect+0x350/0xa60 net/bluetooth/sco.c:598
 __sys_connect_file+0x153/0x1a0 net/socket.c:2004
 __sys_connect+0x165/0x1a0 net/socket.c:2021
 __do_sys_connect net/socket.c:2031 [inline]
 __se_sys_connect net/socket.c:2028 [inline]
 __x64_sys_connect+0x73/0xb0 net/socket.c:2028
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1472 [inline]
 free_unref_page_prepare+0x4d1/0xb60 mm/page_alloc.c:3298
 free_unref_page+0x33/0x370 mm/page_alloc.c:3393
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x192/0x220 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x63/0x90 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:186 [inline]
 slab_post_alloc_hook mm/slab.h:769 [inline]
 slab_alloc_node mm/slub.c:3452 [inline]
 __kmem_cache_alloc_node+0x17c/0x320 mm/slub.c:3491
 kmalloc_trace+0x26/0x60 mm/slab_common.c:1061
 kmalloc include/linux/slab.h:580 [inline]
 kzalloc include/linux/slab.h:720 [inline]
 nsim_fib4_rt_create drivers/net/netdevsim/fib.c:280 [inline]
 nsim_fib4_rt_insert drivers/net/netdevsim/fib.c:426 [inline]
 nsim_fib4_event drivers/net/netdevsim/fib.c:464 [inline]
 nsim_fib_event drivers/net/netdevsim/fib.c:884 [inline]
 nsim_fib_event_work+0x728/0x24a0 drivers/net/netdevsim/fib.c:1492
 process_one_work+0x9bf/0x1820 kernel/workqueue.c:2390
 worker_thread+0x669/0x1090 kernel/workqueue.c:2537
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

Memory state around the buggy address:
 ffff88802bd19f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88802bd19f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff88802bd1a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88802bd1a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802bd1a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
```


The path to trigger the vulnerability:
```
rfkill_fop_write
rfkill_set_block(rfkill, ev.soft);
hci_rfkill_set_block(rfkill->data, blocked);
hci_dev_do_close(hdev);
hci_dev_close_sync(hdev);
hci_conn_hash_flush
hci_conn_del
hci_conn_cleanup
```

Please forgive me for not providing a PoC, because I encountered some problems during the writing process, and I can't bypass the following code to enter the rfkill_set_block function, because list_for_each_entry always returns the same pointer in the linked list:
```
switch (ev.op) {
case RFKILL_OP_CHANGE_ALL:
rfkill_update_global_state(ev.type, ev.soft);
list_for_each_entry(rfkill, &rfkill_list, node)
if (rfkill->type == ev.type ||
ev.type == RFKILL_TYPE_ALL)
rfkill_set_block(rfkill, ev.soft);
ret = 0;
break;
```

Here's my PoC code if it helps:
```
#define _GNU_SOURCE
#include<stdio.h>
#include<stdlib.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/capability.h>
#include <linux/rfkill.h>
#include <linux/sched.h>
#include <linux/wait.h>
#include <linux/poll.h>
#include <linux/fs.h>

#define unsigned int __u32
#define unsigned char __u8

struct rfkill_event_ext{
  __u32 idx;
  __u8  type;
  __u8  op;
  __u8  soft;
  __u8  hard;
  __u8  hard_block_reasons;
};

void main()
{
  int fd;

  struct rfkill_event_ext ev;
  memset(&ev, 0, sizeof(struct rfkill_event_ext));

  ev.type = 8;
  ev.op = 2;
  ev.idx = 1;
  ev.soft = 0;

  fd = open("/dev/rfkill", 2);
  if (fd < 0){
    exit(-1);
  }
  write(fd, &ev, sizeof(struct rfkill_event));
}
```

I offer some suggestions for repair. You can delete the hci_dev_put (hdev) and 158 lines of hci_conn_put (conn) codes in net/bluetooth/hci_conn.c without any problems, because they are in the 152 lines of hci_conn_del_sysfs (conn) has been released, like this:
```
*** net/bluetooth/hci_conn.c  Wed Mar  8 17:43:42 2023
--- net/bluetooth/hci_conn.c  Wed Mar  8 17:44:23 2023
***************
*** 152,161 ****
    hci_conn_del_sysfs(conn);

    debugfs_remove_recursive(conn->debugfs);
-
-   hci_dev_put(hdev);
-
-   hci_conn_put(conn);
  }

  static void le_scan_cleanup(struct work_struct *work)
--- 152,157 ----
```

Looking forward to your reply.
Best regards.

Comment 5 Joey Lee 2023-03-13 12:36:03 UTC

(In reply to Carlos López from comment #0)
> From linux-distros:
> 
> Hello there.
> In the Bluetooth subsystem, a double free vulnerability was found in the
> hci_conn_cleanup function of net/bluetooth/hci_conn.c, which may cause DOS
> or privilege escalation.
> Version: Linux kernel 6.2 (this problem also exists in 6.3-rc1)
> 
> At the end of the hci_conn_del_sysfs(conn) function in the hci_conn_cleanup
> function, hci_dev_put(hdev) will be called. The hci_dev_put function will
> eventually call kfree to release the space used by name:
> ```
> hci_dev_put
> put_device
> kobject_put
> kref_put
> kobject_release
> kobject_cleanup
> kfree_const
> kfree
> ```
> 
> After the hci_conn_del_sysfs function ends, the hci_dev_put function is
> called again in the hci_conn_cleanup function, and their parameters hdev are
> the same, so double free will be caused when the name is released.
> In addition, at the end of hci_conn_cleanup, the hci_conn_put function is
> called again, which will call the put_device function to release conn->dev.
> Obviously conn->dev has been released, so there will also be a double free
> problem here.
> 
> Call Trace from syzbot,
> https://syzkaller.appspot.com/
> bug?id=1bb51491ca5df96a5f724899d1dbb87afda61419:
> ```
> BUG: KASAN: slab-use-after-free in hci_conn_hash_flush+0x23c/0x260
> net/bluetooth/hci_conn.c:2437
> Read of size 8 at addr ffff88802bd1a000 by task syz-executor.3/5147
> 
> CPU: 1 PID: 5147 Comm: syz-executor.3 Not tainted
> 6.2.0-next-20230306-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 03/02/2023
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
>  print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:319
>  print_report mm/kasan/report.c:430 [inline]
>  kasan_report+0x11c/0x130 mm/kasan/report.c:536
>  hci_conn_hash_flush+0x23c/0x260 net/bluetooth/hci_conn.c:2437
>  hci_dev_close_sync+0x5fb/0x1200 net/bluetooth/hci_sync.c:4889
>  hci_dev_do_close+0x31/0x70 net/bluetooth/hci_core.c:554
>  hci_unregister_dev+0x1ce/0x580 net/bluetooth/hci_core.c:2702
>  vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
>  __fput+0x27c/0xa90 fs/file_table.c:321
>  task_work_run+0x16f/0x270 kernel/task_work.c:179
>  exit_task_work include/linux/task_work.h:38 [inline]
>  do_exit+0xb42/0x2b60 kernel/exit.c:869
>  do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
>  __do_sys_exit_group kernel/exit.c:1030 [inline]
>  __se_sys_exit_group kernel/exit.c:1028 [inline]
>  __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7f16f988c0f9
> Code: Unable to access opcode bytes at 0x7f16f988c0cf.
> RSP: 002b:00007ffc8ecb8b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
> RAX: ffffffffffffffda RBX: 00007ffc8ecb8ce0 RCX: 00007f16f988c0f9
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043
> RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffc8ecb8ce0
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f16f98e7aba
> R13: 000000000000001c R14: 0000000000000003 R15: 00007ffc8ecb8d20
>  </TASK>
> 
> Allocated by task 5243:
>  kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
>  kasan_set_track+0x25/0x30 mm/kasan/common.c:52
>  ____kasan_kmalloc mm/kasan/common.c:374 [inline]
>  ____kasan_kmalloc mm/kasan/common.c:333 [inline]
>  __kasan_kmalloc+0xa2/0xb0 mm/kasan/common.c:383
>  kmalloc include/linux/slab.h:580 [inline]
>  kzalloc include/linux/slab.h:720 [inline]
>  hci_conn_add+0xb8/0x15c0 net/bluetooth/hci_conn.c:962
>  hci_connect_sco+0x42c/0xac0 net/bluetooth/hci_conn.c:1607
>  sco_connect net/bluetooth/sco.c:255 [inline]
>  sco_sock_connect+0x350/0xa60 net/bluetooth/sco.c:598
>  __sys_connect_file+0x153/0x1a0 net/socket.c:2004
>  __sys_connect+0x165/0x1a0 net/socket.c:2021
>  __do_sys_connect net/socket.c:2031 [inline]
>  __se_sys_connect net/socket.c:2028 [inline]
>  __x64_sys_connect+0x73/0xb0 net/socket.c:2028
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> Freed by task 5147:
>  kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
>  kasan_set_track+0x25/0x30 mm/kasan/common.c:52
>  kasan_save_free_info+0x2e/0x40 mm/kasan/generic.c:521
>  ____kasan_slab_free mm/kasan/common.c:236 [inline]
>  ____kasan_slab_free+0x160/0x1c0 mm/kasan/common.c:200
>  kasan_slab_free include/linux/kasan.h:162 [inline]
>  slab_free_hook mm/slub.c:1781 [inline]
>  slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1807
>  slab_free mm/slub.c:3787 [inline]
>  __kmem_cache_free+0xaf/0x2d0 mm/slub.c:3800
>  device_release+0xa3/0x240 drivers/base/core.c:2436
>  kobject_cleanup lib/kobject.c:681 [inline]
>  kobject_release lib/kobject.c:712 [inline]
>  kref_put include/linux/kref.h:65 [inline]
>  kobject_put+0x1c2/0x4d0 lib/kobject.c:729
>  put_device+0x1f/0x30 drivers/base/core.c:3697
>  hci_conn_del+0x212/0xa70 net/bluetooth/hci_conn.c:1112
>  hci_conn_del+0x7df/0xa70 net/bluetooth/hci_conn.c:1071
>  hci_conn_hash_flush+0x19b/0x260 net/bluetooth/hci_conn.c:2441
>  hci_dev_close_sync+0x5fb/0x1200 net/bluetooth/hci_sync.c:4889
>  hci_dev_do_close+0x31/0x70 net/bluetooth/hci_core.c:554
>  hci_unregister_dev+0x1ce/0x580 net/bluetooth/hci_core.c:2702
>  vhci_release+0x80/0xf0 drivers/bluetooth/hci_vhci.c:568
>  __fput+0x27c/0xa90 fs/file_table.c:321
>  task_work_run+0x16f/0x270 kernel/task_work.c:179
>  exit_task_work include/linux/task_work.h:38 [inline]
>  do_exit+0xb42/0x2b60 kernel/exit.c:869
>  do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
>  __do_sys_exit_group kernel/exit.c:1030 [inline]
>  __se_sys_exit_group kernel/exit.c:1028 [inline]
>  __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1028
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> Last potentially related work creation:
>  kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
>  __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:491
>  insert_work+0x48/0x350 kernel/workqueue.c:1361
>  __queue_work+0x5fd/0x1170 kernel/workqueue.c:1524
>  __queue_delayed_work+0x1c8/0x270 kernel/workqueue.c:1672
>  queue_delayed_work_on+0x109/0x120 kernel/workqueue.c:1708
>  queue_delayed_work include/linux/workqueue.h:519 [inline]
>  hci_conn_drop include/net/bluetooth/hci_core.h:1417 [inline]
>  hci_conn_drop include/net/bluetooth/hci_core.h:1387 [inline]
>  sco_chan_del+0x1f8/0x4f0 net/bluetooth/sco.c:169
>  __sco_sock_close+0x178/0x740 net/bluetooth/sco.c:431
>  sco_sock_close net/bluetooth/sco.c:446 [inline]
>  sco_sock_release+0x81/0x360 net/bluetooth/sco.c:1254
>  __sock_release+0xcd/0x290 net/socket.c:651
>  sock_close+0x1c/0x20 net/socket.c:1393
>  __fput+0x27c/0xa90 fs/file_table.c:321
>  task_work_run+0x16f/0x270 kernel/task_work.c:179
>  get_signal+0x1c7/0x25b0 kernel/signal.c:2635
>  arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:306
>  exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
>  exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
>  __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
>  syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
>  do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> Second to last potentially related work creation:
>  kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
>  __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:491
>  insert_work+0x48/0x350 kernel/workqueue.c:1361
>  __queue_work+0x5fd/0x1170 kernel/workqueue.c:1524
>  __queue_delayed_work+0x1c8/0x270 kernel/workqueue.c:1672
>  queue_delayed_work_on+0x109/0x120 kernel/workqueue.c:1708
>  queue_delayed_work include/linux/workqueue.h:519 [inline]
>  hci_conn_drop include/net/bluetooth/hci_core.h:1417 [inline]
>  hci_conn_drop include/net/bluetooth/hci_core.h:1387 [inline]
>  sco_chan_del+0x1f8/0x4f0 net/bluetooth/sco.c:169
>  __sco_sock_close+0x178/0x740 net/bluetooth/sco.c:431
>  sco_sock_close net/bluetooth/sco.c:446 [inline]
>  sco_sock_release+0x81/0x360 net/bluetooth/sco.c:1254
>  __sock_release+0xcd/0x290 net/socket.c:651
>  sock_close+0x1c/0x20 net/socket.c:1393
>  __fput+0x27c/0xa90 fs/file_table.c:321
>  task_work_run+0x16f/0x270 kernel/task_work.c:179
>  exit_task_work include/linux/task_work.h:38 [inline]
>  do_exit+0xb42/0x2b60 kernel/exit.c:869
>  do_group_exit+0xd4/0x2a0 kernel/exit.c:1019
>  get_signal+0x2315/0x25b0 kernel/signal.c:2859
>  arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:306
>  exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
>  exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203
>  __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
>  syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
>  do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> 
> The buggy address belongs to the object at ffff88802bd1a000
>  which belongs to the cache kmalloc-4k of size 4096
> The buggy address is located 0 bytes inside of
>  freed 4096-byte region [ffff88802bd1a000, ffff88802bd1b000)
> 
> The buggy address belongs to the physical page:
> page:ffffea0000af4600 refcount:1 mapcount:0 mapping:0000000000000000
> index:0x0 pfn:0x2bd18
> head:ffffea0000af4600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
> anon flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
> page_type: 0xffffffff()
> raw: 00fff00000010200 ffff888012442140 0000000000000000 dead000000000001
> raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
> page dumped because: kasan: bad access detected
> page_owner tracks the page as allocated
> page last allocated via order 3, migratetype Unmovable, gfp_mask
> 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMA
> LLOC|__GFP_HARDWALL), pid 5243, tgid 5241 (syz-executor.2), ts 555978017917,
> free_ts 553922159565
>  prep_new_page mm/page_alloc.c:2492 [inline]
>  get_page_from_freelist+0xf75/0x2ad0 mm/page_alloc.c:4236
>  __alloc_pages+0x1cb/0x5c0 mm/page_alloc.c:5502
>  alloc_pages+0x1aa/0x270 mm/mempolicy.c:2283
>  alloc_slab_page mm/slub.c:1851 [inline]
>  allocate_slab+0x28e/0x380 mm/slub.c:1998
>  new_slab mm/slub.c:2051 [inline]
>  ___slab_alloc+0xa91/0x1400 mm/slub.c:3193
>  __slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3292
>  __slab_alloc_node mm/slub.c:3345 [inline]
>  slab_alloc_node mm/slub.c:3442 [inline]
>  __kmem_cache_alloc_node+0x136/0x320 mm/slub.c:3491
>  kmalloc_trace+0x26/0x60 mm/slab_common.c:1061
>  kmalloc include/linux/slab.h:580 [inline]
>  kzalloc include/linux/slab.h:720 [inline]
>  hci_conn_add+0xb8/0x15c0 net/bluetooth/hci_conn.c:962
>  hci_connect_acl+0x413/0x690 net/bluetooth/hci_conn.c:1576
>  hci_connect_sco+0x4e/0xac0 net/bluetooth/hci_conn.c:1600
>  sco_connect net/bluetooth/sco.c:255 [inline]
>  sco_sock_connect+0x350/0xa60 net/bluetooth/sco.c:598
>  __sys_connect_file+0x153/0x1a0 net/socket.c:2004
>  __sys_connect+0x165/0x1a0 net/socket.c:2021
>  __do_sys_connect net/socket.c:2031 [inline]
>  __se_sys_connect net/socket.c:2028 [inline]
>  __x64_sys_connect+0x73/0xb0 net/socket.c:2028
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
> page last free stack trace:
>  reset_page_owner include/linux/page_owner.h:24 [inline]
>  free_pages_prepare mm/page_alloc.c:1472 [inline]
>  free_unref_page_prepare+0x4d1/0xb60 mm/page_alloc.c:3298
>  free_unref_page+0x33/0x370 mm/page_alloc.c:3393
>  qlink_free mm/kasan/quarantine.c:168 [inline]
>  qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187
>  kasan_quarantine_reduce+0x192/0x220 mm/kasan/quarantine.c:294
>  __kasan_slab_alloc+0x63/0x90 mm/kasan/common.c:305
>  kasan_slab_alloc include/linux/kasan.h:186 [inline]
>  slab_post_alloc_hook mm/slab.h:769 [inline]
>  slab_alloc_node mm/slub.c:3452 [inline]
>  __kmem_cache_alloc_node+0x17c/0x320 mm/slub.c:3491
>  kmalloc_trace+0x26/0x60 mm/slab_common.c:1061
>  kmalloc include/linux/slab.h:580 [inline]
>  kzalloc include/linux/slab.h:720 [inline]
>  nsim_fib4_rt_create drivers/net/netdevsim/fib.c:280 [inline]
>  nsim_fib4_rt_insert drivers/net/netdevsim/fib.c:426 [inline]
>  nsim_fib4_event drivers/net/netdevsim/fib.c:464 [inline]
>  nsim_fib_event drivers/net/netdevsim/fib.c:884 [inline]
>  nsim_fib_event_work+0x728/0x24a0 drivers/net/netdevsim/fib.c:1492
>  process_one_work+0x9bf/0x1820 kernel/workqueue.c:2390
>  worker_thread+0x669/0x1090 kernel/workqueue.c:2537
>  kthread+0x2e8/0x3a0 kernel/kthread.c:376
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
> 
> Memory state around the buggy address:
>  ffff88802bd19f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>  ffff88802bd19f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> > ffff88802bd1a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>                    ^
>  ffff88802bd1a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>  ffff88802bd1a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> ==================================================================
> ```
> 
> 
> The path to trigger the vulnerability:
> ```
> rfkill_fop_write
> rfkill_set_block(rfkill, ev.soft);
> hci_rfkill_set_block(rfkill->data, blocked);
> hci_dev_do_close(hdev);
> hci_dev_close_sync(hdev);
> hci_conn_hash_flush
> hci_conn_del
> hci_conn_cleanup
> ```
> 
> Please forgive me for not providing a PoC, because I encountered some
> problems during the writing process, and I can't bypass the following code
> to enter the rfkill_set_block function, because list_for_each_entry always
> returns the same pointer in the linked list:
> ```
> switch (ev.op) {
> case RFKILL_OP_CHANGE_ALL:
> rfkill_update_global_state(ev.type, ev.soft);
> list_for_each_entry(rfkill, &rfkill_list, node)
> if (rfkill->type == ev.type ||
> ev.type == RFKILL_TYPE_ALL)
> rfkill_set_block(rfkill, ev.soft);
> ret = 0;
> break;
> ```
> 
> Here's my PoC code if it helps:
> ```
> #define _GNU_SOURCE
> #include<stdio.h>
> #include<stdlib.h>
> #include <linux/kernel.h>
> #include <linux/module.h>
> #include <linux/capability.h>
> #include <linux/rfkill.h>
> #include <linux/sched.h>
> #include <linux/wait.h>
> #include <linux/poll.h>
> #include <linux/fs.h>
> 
> #define unsigned int __u32
> #define unsigned char __u8
> 
> struct rfkill_event_ext{
>   __u32 idx;
>   __u8  type;
>   __u8  op;
>   __u8  soft;
>   __u8  hard;
>   __u8  hard_block_reasons;
> };
> 
> void main()
> {
>   int fd;
> 
>   struct rfkill_event_ext ev;
>   memset(&ev, 0, sizeof(struct rfkill_event_ext));
> 
>   ev.type = 8;
>   ev.op = 2;
>   ev.idx = 1;
>   ev.soft = 0;
> 
>   fd = open("/dev/rfkill", 2);
>   if (fd < 0){
>     exit(-1);
>   }
>   write(fd, &ev, sizeof(struct rfkill_event));
> }
> ```
> 
> I offer some suggestions for repair. You can delete the hci_dev_put (hdev)
> and 158 lines of hci_conn_put (conn) codes in net/bluetooth/hci_conn.c
> without any problems, because they are in the 152 lines of
> hci_conn_del_sysfs (conn) has been released, like this:
> ```
> *** net/bluetooth/hci_conn.c  Wed Mar  8 17:43:42 2023
> --- net/bluetooth/hci_conn.c  Wed Mar  8 17:44:23 2023
> ***************
> *** 152,161 ****
>     hci_conn_del_sysfs(conn);
> 
>     debugfs_remove_recursive(conn->debugfs);
> -
> -   hci_dev_put(hdev);
> -
> -   hci_conn_put(conn);
>   }
> 
>   static void le_scan_cleanup(struct work_struct *work)
> --- 152,157 ----
> ```
> 
> Looking forward to your reply.
> Best regards.

I will put the above suggestion code to SLE.

Comment 7 Carlos López 2023-03-24 08:26:33 UTC

The reporter sent the following patch to the bluetooth mailing list:
https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/

Which seems to fail tests:
https://patchwork.kernel.org/project/bluetooth/patch/20230309093442.74618-1-wzhmmmmm@gmail.com/

Comment 8 Carlos López 2023-03-28 11:50:12 UTC

Public:
https://www.openwall.com/lists/oss-security/2023/03/28/2

Comment 9 Joey Lee 2023-03-29 09:23:11 UTC

I have backported the patch and sent for waiting it be merged.
Current status:

cve/linux-2.6.32        [not affect]
        SLE11-SP1-TD    [not affect]
cve/linux-3.0           [not affect]
        SLE11-SP4-LTSS  [not affect]
        SLE11-SP3-TD    [not affect]
cve/linux-4.4   [sent]
cve/linux-4.12  [sent]
cve/linux-5.3   [sent]
SLE15-SP4       [sent]
SLE15-SP5       [sent]

Comment 21 Maintenance Automation 2023-04-10 12:30:35 UTC

SUSE-SU-2023:1803-1: An update that solves 14 vulnerabilities, contains one feature and has 23 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1076830, 1109158, 1181001, 1191924, 1193231, 1199837, 1203092, 1203693, 1206010, 1207001, 1207036, 1207125, 1207795, 1207890, 1208048, 1208179, 1208599, 1208777, 1208850, 1209008, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209634, 1209684, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Jira References: ECO-3191
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_42-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.156.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-syms-4.12.14-122.156.1, kernel-source-4.12.14-122.156.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2023-04-10 12:31:08 UTC

SUSE-SU-2023:1800-1: An update that solves 20 vulnerabilities and has seven fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1207185, 1207560, 1208179, 1208598, 1208599, 1208601, 1208777, 1208787, 1208843, 1209008, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209672, 1209683, 1209778
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-23004, CVE-2023-25012, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_35-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1
SUSE Enterprise Storage 7 (src): kernel-obs-build-5.3.18-150200.24.148.1, kernel-source-5.3.18-150200.24.148.1, kernel-syms-5.3.18-150200.24.148.1, kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Maintenance Automation 2023-04-10 12:31:32 UTC

SUSE-SU-2023:1802-1: An update that solves 11 vulnerabilities and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1198400, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1637, CVE-2023-1652, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.43.1, kernel-syms-azure-5.14.21-150400.14.43.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.43.1, kernel-syms-azure-5.14.21-150400.14.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Maintenance Automation 2023-04-10 12:32:12 UTC

SUSE-SU-2023:1801-1: An update that solves 14 vulnerabilities, contains one feature and has 19 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1076830, 1109158, 1181001, 1193231, 1199837, 1203693, 1206010, 1207001, 1207036, 1207125, 1207795, 1207890, 1208048, 1208599, 1208777, 1208850, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209634, 1209684, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Jira References: ECO-3191
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.130.1, kernel-syms-azure-4.12.14-16.130.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Maintenance Automation 2023-04-11 12:30:23 UTC

SUSE-SU-2023:1811-1: An update that solves 20 vulnerabilities and has eight fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1207560, 1208137, 1208179, 1208598, 1208599, 1208601, 1208777, 1208787, 1208843, 1209008, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209672, 1209683, 1209778, 1209785
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1076, CVE-2023-1078, CVE-2023-1095, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-23004, CVE-2023-25012, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_31-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Real Time 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1
SUSE Enterprise Storage 7.1 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1, kernel-source-5.3.18-150300.59.118.1, kernel-syms-5.3.18-150300.59.118.1, kernel-obs-build-5.3.18-150300.59.118.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2023-04-14 16:30:46 UTC

SUSE-SU-2023:1848-1: An update that solves 15 vulnerabilities and has nine fixes can now be installed.

Category: security (important)
Bug References: 1076830, 1192273, 1194535, 1207036, 1207125, 1207168, 1207795, 1208179, 1208599, 1208777, 1208811, 1208850, 1209008, 1209052, 1209256, 1209289, 1209291, 1209532, 1209547, 1209549, 1209634, 1209778, 1209845, 1209887
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2023-0590, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-23454, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_39-1-150100.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.142.1, kernel-obs-build-4.12.14-150100.197.142.1, kernel-source-4.12.14-150100.197.142.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Maintenance Automation 2023-04-18 12:30:14 UTC

SUSE-SU-2023:1897-1: An update that solves 14 vulnerabilities and has 25 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208829, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209572, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209687, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050, 1210203
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
openSUSE Leap 15.4 (src): kernel-obs-build-5.14.21-150400.24.60.1, kernel-syms-5.14.21-150400.24.60.1, kernel-source-5.14.21-150400.24.60.1, kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3, kernel-obs-qa-5.14.21-150400.24.60.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
Basesystem Module 15-SP4 (src): kernel-source-5.14.21-150400.24.60.1, kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3
Development Tools Module 15-SP4 (src): kernel-syms-5.14.21-150400.24.60.1, kernel-source-5.14.21-150400.24.60.1, kernel-obs-build-5.14.21-150400.24.60.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_11-1-150400.9.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Maintenance Automation 2023-04-18 12:30:48 UTC

SUSE-SU-2023:1894-1: An update that solves 14 vulnerabilities and has 20 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142926, 1181001, 1193231, 1199837, 1203693, 1206010, 1207001, 1207125, 1207890, 1208048, 1208599, 1208777, 1208850, 1209052, 1209118, 1209126, 1209256, 1209289, 1209291, 1209292, 1209532, 1209547, 1209549, 1209556, 1209572, 1209613, 1209634, 1209684, 1209687, 1209777, 1209778, 1209798
CVE References: CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2022-20567, CVE-2023-1076, CVE-2023-1095, CVE-2023-1281, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-23455, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.121.1, kernel-source-rt-4.12.14-10.121.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Maintenance Automation 2023-04-18 12:31:10 UTC

SUSE-SU-2023:1892-1: An update that solves 16 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1207168, 1208137, 1208598, 1208601, 1208787, 1209052, 1209256, 1209288, 1209289, 1209290, 1209291, 1209366, 1209532, 1209547, 1209549, 1209634, 1209635, 1209636, 1209778, 1209785
CVE References: CVE-2017-5753, CVE-2021-3923, CVE-2022-4744, CVE-2023-0461, CVE-2023-1075, CVE-2023-1078, CVE-2023-1281, CVE-2023-1382, CVE-2023-1390, CVE-2023-1513, CVE-2023-1582, CVE-2023-28327, CVE-2023-28328, CVE-2023-28464, CVE-2023-28466, CVE-2023-28772
Sources used:
SUSE Real Time Module 15-SP3 (src): kernel-source-rt-5.3.18-150300.124.1, kernel-syms-rt-5.3.18-150300.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Maintenance Automation 2023-04-25 12:30:10 UTC

SUSE-SU-2023:1992-1: An update that solves 14 vulnerabilities and has 26 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1189998, 1193629, 1194869, 1198400, 1203200, 1206552, 1207168, 1207185, 1207574, 1208602, 1208815, 1208829, 1208902, 1209052, 1209118, 1209256, 1209290, 1209292, 1209366, 1209532, 1209547, 1209556, 1209572, 1209600, 1209634, 1209635, 1209636, 1209681, 1209684, 1209687, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1210050, 1210203
CVE References: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-rt-5.14.21-150400.15.23.1, kernel-source-rt-5.14.21-150400.15.23.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_6-1-150400.1.3.3
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.23.1, kernel-source-rt-5.14.21-150400.15.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 41 Maintenance Automation 2023-05-17 16:30:08 UTC

SUSE-SU-2023:2232-1: An update that solves 28 vulnerabilities and has 14 fixes can now be installed.

Category: security (important)
Bug References: 1076830, 1194535, 1202353, 1205128, 1207036, 1207125, 1207168, 1207185, 1207795, 1207845, 1208179, 1208333, 1208599, 1208777, 1208837, 1208850, 1209008, 1209052, 1209256, 1209289, 1209291, 1209532, 1209547, 1209549, 1209613, 1209687, 1209777, 1209778, 1209845, 1209871, 1209887, 1210124, 1210202, 1210301, 1210329, 1210336, 1210337, 1210469, 1210498, 1210506, 1210647, 1211037
CVE References: CVE-2017-5753, CVE-2020-36691, CVE-2021-3923, CVE-2021-4203, CVE-2022-20567, CVE-2022-43945, CVE-2023-0590, CVE-2023-0597, CVE-2023-1076, CVE-2023-1095, CVE-2023-1118, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772, CVE-2023-30772
Sources used:
SUSE OpenStack Cloud 9 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1
SUSE OpenStack Cloud Crowbar 9 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1, drbd-9.0.14+git.62f906cf-4.26.2
SUSE Linux Enterprise High Availability Extension 12 SP4 (src): drbd-9.0.14+git.62f906cf-4.26.2
SUSE Linux Enterprise Live Patching 12-SP4 (src): kgraft-patch-SLE12-SP4_Update_35-1-6.5.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): kernel-source-4.12.14-95.125.1, kernel-syms-4.12.14-95.125.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 46 Joey Lee 2023-06-13 09:40:25 UTC

(In reply to Joey Lee from comment #9)
> I have backported the patch and sent for waiting it be merged.
> Current status:
> 
> cve/linux-2.6.32        [not affect]
>         SLE11-SP1-TD    [not affect]
> cve/linux-3.0           [not affect]
>         SLE11-SP4-LTSS  [not affect]
>         SLE11-SP3-TD    [not affect]
> cve/linux-4.4   [sent]
> cve/linux-4.12  [sent]
> cve/linux-5.3   [sent]
> SLE15-SP4       [sent]
> SLE15-SP5       [sent]

update status:

cve/linux-2.6.32        [not affect]
        SLE11-SP1-TD    [not affect]
cve/linux-3.0           [not affect]
        SLE11-SP4-LTSS  [not affect]
        SLE11-SP3-TD    [not affect]
cve/linux-4.4   [DONE]
cve/linux-4.12  [DONE]
cve/linux-5.3   [DONE]
SLE15-SP4       [DONE]
SLE15-SP5       [DONE]

The patch be backported to SLE kernel. Reset assigner.

Comment 50 Marcus Meissner 2023-07-03 15:41:09 UTC

done

Comment 55 Maintenance Automation 2023-07-11 08:37:00 UTC

SUSE-SU-2023:2805-1: An update that solves 38 vulnerabilities and has four fixes can now be installed.

Category: security (important)
Bug References: 1126703, 1204405, 1205756, 1205758, 1205760, 1205762, 1205803, 1206878, 1207036, 1207125, 1207168, 1207795, 1208600, 1208777, 1208837, 1209008, 1209039, 1209052, 1209256, 1209287, 1209289, 1209291, 1209532, 1209549, 1209687, 1209871, 1210329, 1210336, 1210337, 1210498, 1210506, 1210647, 1210715, 1210940, 1211105, 1211186, 1211449, 1212128, 1212129, 1212154, 1212501, 1212842
CVE References: CVE-2017-5753, CVE-2018-20784, CVE-2022-3566, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2023-0590, CVE-2023-1077, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1380, CVE-2023-1390, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2124, CVE-2023-2162, CVE-2023-2194, CVE-2023-23454, CVE-2023-23455, CVE-2023-2513, CVE-2023-28328, CVE-2023-28464, CVE-2023-28772, CVE-2023-30772, CVE-2023-3090, CVE-2023-3141, CVE-2023-31436, CVE-2023-3159, CVE-2023-3161, CVE-2023-32269, CVE-2023-35824
Sources used:
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): kernel-syms-4.4.121-92.205.1, kernel-source-4.4.121-92.205.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 56 Maintenance Automation 2023-07-11 16:31:43 UTC

SUSE-SU-2023:2809-1: An update that solves 84 vulnerabilities, contains 25 features and has 320 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1185861, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206578, 1206640, 1206649, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158, 1212350, 1212405, 1212445, 1212448, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212605, 1212606, 1212619, 1212701, 1212741
CVE References: CVE-2020-24588, CVE-2022-2196, CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0386, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28466, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_1-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.5.1, kernel-source-rt-5.14.21-150500.13.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 57 Maintenance Automation 2023-07-18 16:32:16 UTC

SUSE-SU-2023:2871-1: An update that solves 82 vulnerabilities, contains 25 features and has 390 fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1187829, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198400, 1198438, 1198835, 1199304, 1199701, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204363, 1204662, 1204993, 1205153, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207036, 1207050, 1207051, 1207088, 1207125, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207933, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208410, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208601, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208741, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209039, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209291, 1209292, 1209366, 1209367, 1209436, 1209457, 1209504, 1209532, 1209556, 1209600, 1209615, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209780, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210335, 1210336, 1210337, 1210409, 1210439, 1210449, 1210450, 1210453, 1210454, 1210498, 1210506, 1210533, 1210551, 1210565, 1210584, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210853, 1210940, 1210943, 1210947, 1210953, 1210986, 1211014, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211205, 1211263, 1211280, 1211281, 1211299, 1211346, 1211387, 1211400, 1211410, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211794, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211852, 1211855, 1211960, 1212051, 1212129, 1212154, 1212155, 1212158, 1212265, 1212350, 1212445, 1212448, 1212456, 1212494, 1212495, 1212504, 1212513, 1212540, 1212556, 1212561, 1212563, 1212564, 1212584, 1212592, 1212603, 1212605, 1212606, 1212619, 1212685, 1212701, 1212741, 1212835, 1212838, 1212842, 1212848, 1212861, 1212869, 1212892, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134
CVE References: CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1829, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2430, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-3090, CVE-2023-31084, CVE-2023-3111, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829
Jira References: PED-1549, PED-3210, PED-3259, PED-3692, PED-370, PED-3750, PED-3759, PED-376, PED-3931, PED-4022, PED-835, SES-1880, SLE-18375, SLE-18377, SLE-18378, SLE-18379, SLE-18383, SLE-18384, SLE-18385, SLE-18978, SLE-18992, SLE-19001, SLE-19253, SLE-19255, SLE-19556
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-qa-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1, kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Basesystem Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-default-base-5.14.21-150500.55.7.1.150500.6.2.5
Development Tools Module 15-SP5 (src): kernel-source-5.14.21-150500.55.7.1, kernel-syms-5.14.21-150500.55.7.1, kernel-obs-build-5.14.21-150500.55.7.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_1-1-150500.11.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 62 Maintenance Automation 2024-02-27 12:01:08 UTC

SUSE-SU-2023:2646-1: An update that solves 69 vulnerabilities, contains six features and has 292 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109158, 1142685, 1152472, 1152489, 1155798, 1160435, 1166486, 1172073, 1174777, 1177529, 1186449, 1189998, 1189999, 1191731, 1193629, 1194869, 1195175, 1195655, 1195921, 1196058, 1197534, 1197617, 1198101, 1198438, 1198835, 1199304, 1200054, 1202353, 1202633, 1203039, 1203200, 1203325, 1203331, 1203332, 1203693, 1203906, 1204356, 1204662, 1204993, 1205191, 1205205, 1205544, 1205650, 1205756, 1205758, 1205760, 1205762, 1205803, 1205846, 1206024, 1206036, 1206056, 1206057, 1206103, 1206224, 1206232, 1206340, 1206459, 1206492, 1206493, 1206552, 1206578, 1206640, 1206649, 1206677, 1206824, 1206843, 1206876, 1206877, 1206878, 1206880, 1206881, 1206882, 1206883, 1206884, 1206885, 1206886, 1206887, 1206888, 1206889, 1206890, 1206891, 1206893, 1206894, 1206935, 1206992, 1207034, 1207050, 1207088, 1207149, 1207158, 1207168, 1207185, 1207270, 1207315, 1207328, 1207497, 1207500, 1207501, 1207506, 1207507, 1207521, 1207553, 1207560, 1207574, 1207588, 1207589, 1207590, 1207591, 1207592, 1207593, 1207594, 1207602, 1207603, 1207605, 1207606, 1207607, 1207608, 1207609, 1207610, 1207611, 1207612, 1207613, 1207614, 1207615, 1207616, 1207617, 1207618, 1207619, 1207620, 1207621, 1207622, 1207623, 1207624, 1207625, 1207626, 1207627, 1207628, 1207629, 1207630, 1207631, 1207632, 1207633, 1207634, 1207635, 1207636, 1207637, 1207638, 1207639, 1207640, 1207641, 1207642, 1207643, 1207644, 1207645, 1207646, 1207647, 1207648, 1207649, 1207650, 1207651, 1207652, 1207653, 1207734, 1207768, 1207769, 1207770, 1207771, 1207773, 1207795, 1207827, 1207842, 1207845, 1207875, 1207878, 1207935, 1207948, 1208050, 1208076, 1208081, 1208105, 1208107, 1208128, 1208130, 1208149, 1208153, 1208183, 1208212, 1208219, 1208290, 1208368, 1208420, 1208428, 1208429, 1208449, 1208534, 1208541, 1208542, 1208570, 1208588, 1208598, 1208599, 1208600, 1208602, 1208604, 1208605, 1208607, 1208619, 1208628, 1208700, 1208758, 1208759, 1208776, 1208777, 1208784, 1208787, 1208815, 1208816, 1208829, 1208837, 1208843, 1208845, 1208848, 1208864, 1208902, 1208948, 1208976, 1209008, 1209052, 1209092, 1209159, 1209256, 1209258, 1209262, 1209287, 1209288, 1209290, 1209292, 1209367, 1209457, 1209504, 1209532, 1209556, 1209600, 1209635, 1209636, 1209637, 1209684, 1209687, 1209693, 1209739, 1209779, 1209788, 1209798, 1209799, 1209804, 1209805, 1209856, 1209871, 1209927, 1209980, 1209982, 1209999, 1210034, 1210050, 1210158, 1210165, 1210202, 1210203, 1210206, 1210216, 1210230, 1210294, 1210301, 1210329, 1210336, 1210409, 1210439, 1210449, 1210450, 1210469, 1210498, 1210506, 1210533, 1210551, 1210629, 1210644, 1210647, 1210725, 1210741, 1210762, 1210763, 1210764, 1210765, 1210766, 1210767, 1210768, 1210769, 1210770, 1210771, 1210775, 1210783, 1210791, 1210793, 1210806, 1210816, 1210817, 1210827, 1210940, 1210943, 1210947, 1210953, 1210986, 1211025, 1211037, 1211043, 1211044, 1211089, 1211105, 1211113, 1211131, 1211140, 1211205, 1211263, 1211280, 1211281, 1211299, 1211387, 1211414, 1211449, 1211465, 1211519, 1211564, 1211590, 1211592, 1211593, 1211595, 1211654, 1211686, 1211687, 1211688, 1211689, 1211690, 1211691, 1211692, 1211693, 1211714, 1211796, 1211804, 1211807, 1211808, 1211820, 1211836, 1211847, 1211855, 1211960, 1212129, 1212154, 1212155, 1212158
CVE References: CVE-2022-2196, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1380, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-32233, CVE-2023-33288, CVE-2023-33951, CVE-2023-33952
Jira References: PED-3210, PED-3259, PED-3692, PED-3750, PED-3759, PED-4022
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.3.1, kernel-syms-azure-5.14.21-150500.33.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.