Bug 1210780 (CVE-2023-31083) - VUL-0: CVE-2023-31083: kernel: drivers/bluetooth/hci_ldisc.c race condition in hci_uart_tty_ioctl
Summary: VUL-0: CVE-2023-31083: kernel: drivers/bluetooth/hci_ldisc.c race condition i...
Status: RESOLVED FIXED
Alias: CVE-2023-31083
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/364290/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-31083:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-24 13:38 UTC by Robert Frohl
Modified: 2024-06-25 17:37 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
0001-Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch (1.53 KB, patch)
2023-07-10 15:53 UTC, Joey Lee 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2023-04-24 13:38:43 UTC 
CVE-2023-31083

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel
6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO
and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL
pointer dereference may occur.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31083
https://www.cve.org/CVERecord?id=CVE-2023-31083
https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/
Comment 2 Jan Kara 2023-04-25 13:09:32 UTC 
Joey, can you please take care of this? It is a syzkaller report so it may be just some bogus issue (the flawed logic like syzkaller crashed the kernel => CVE) but we should investigate...
Comment 3 Joey Lee 2023-04-28 08:02:56 UTC 
(In reply to Jan Kara from comment #2)
> Joey, can you please take care of this? It is a syzkaller report so it may
> be just some bogus issue (the flawed logic like syzkaller crashed the kernel
> => CVE) but we should investigate...

I will waiting upstream status. If patch shows up, I will backport.
Comment 6 Joey Lee 2023-06-08 06:55:26 UTC 
I did see patch on upstream yet.
Comment 7 Joey Lee 2023-06-13 06:55:47 UTC 
(In reply to Joey Lee from comment #6)
> I did see patch on upstream yet.

Still didn't see patch show up on upstream yet.
Comment 11 Joey Lee 2023-06-27 13:36:54 UTC 
Base on kernel code, the HCIUARTSETPROTO and HCIUARTGETPROTO blocks in hci_uart_tty_ioctl() should use hci_uart->proto_lock. 

I have tried to use reproducer to reproduce issue, but I didn't success:

https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb

I will continue to reproduce issue, then try to patch kernel.
Comment 12 Joey Lee 2023-06-28 15:12:32 UTC 
(In reply to Joey Lee from comment #11)
> Base on kernel code, the HCIUARTSETPROTO and HCIUARTGETPROTO blocks in
> hci_uart_tty_ioctl() should use hci_uart->proto_lock. 
> 
> I have tried to use reproducer to reproduce issue, but I didn't success:
> 
> https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb
> 
> I will continue to reproduce issue, then try to patch kernel.

Not easy to reproduce, I have sent mail to Yu Hao for checking how to reproduce it.
Comment 13 Joey Lee 2023-07-05 08:46:31 UTC 
(In reply to Joey Lee from comment #12)
> (In reply to Joey Lee from comment #11)
> > Base on kernel code, the HCIUARTSETPROTO and HCIUARTGETPROTO blocks in
> > hci_uart_tty_ioctl() should use hci_uart->proto_lock. 
> > 
> > I have tried to use reproducer to reproduce issue, but I didn't success:
> > 
> > https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb
> > 
> > I will continue to reproduce issue, then try to patch kernel.
> 
> Not easy to reproduce, I have sent mail to Yu Hao for checking how to
> reproduce it.

I can reproduce issue after contacted with CVE reporter on upstream:

https://lore.kernel.org/lkml/191B9131-6E47-49B6-8089-108E2B12B9DC@ucr.edu/T/
Comment 14 Joey Lee 2023-07-05 09:38:12 UTC 
(In reply to Joey Lee from comment #13)
> (In reply to Joey Lee from comment #12)
> > (In reply to Joey Lee from comment #11)
> > > Base on kernel code, the HCIUARTSETPROTO and HCIUARTGETPROTO blocks in
> > > hci_uart_tty_ioctl() should use hci_uart->proto_lock. 
> > > 
> > > I have tried to use reproducer to reproduce issue, but I didn't success:
> > > 
> > > https://gist.github.com/ZHYfeng/a3e3ff2bdfea5ed5de5475f0b54d55cb
> > > 
> > > I will continue to reproduce issue, then try to patch kernel.
> > 
> > Not easy to reproduce, I have sent mail to Yu Hao for checking how to
> > reproduce it.
> 
> I can reproduce issue after contacted with CVE reporter on upstream:
> 
> https://lore.kernel.org/lkml/191B9131-6E47-49B6-8089-108E2B12B9DC@ucr.edu/T/

Looks check HCI_UART_PROTO_READY is enough to fix problem:

--- linux.orig/drivers/bluetooth/hci_ldisc.c
+++ linux/drivers/bluetooth/hci_ldisc.c
@@ -771,7 +771,7 @@ static int hci_uart_tty_ioctl(struct tty
                break;
 
        case HCIUARTGETPROTO:
-               if (test_bit(HCI_UART_PROTO_SET, &hu->flags))
+               if (test_bit(HCI_UART_PROTO_READY, &hu->flags))
                        err = hu->proto->id;
                else
                        err = -EUNATCH;


I will look at the status on upstream.
Comment 15 Joey Lee 2023-07-10 15:53:57 UTC 
Created attachment 868126 [details]
0001-Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch

Sent this patch to linux-bluetooth@vger.kernel.org for reviewing.
Comment 16 Joey Lee 2023-07-13 06:57:25 UTC 
(In reply to Joey Lee from comment #15)
> Created attachment 868126 [details]
> 0001-Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch
> 
> Sent this patch to linux-bluetooth@vger.kernel.org for reviewing.

The patch be merged to bluetooth-next tree:

  - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
    https://git.kernel.org/bluetooth/bluetooth-next/c/ff1b86784849

I will backport it to SLE when it be merged to kernel mainline.
Comment 17 Marcus Meissner 2023-07-20 15:56:54 UTC 
not yet in mainline as far as i see.

is it missing anything?
Comment 20 Joey Lee 2023-07-26 05:18:26 UTC 
I have backported the following patch from bluetooth-next git tree to 15-SP4 kernel and wait to be merged:

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=15ab2fa56dc00baca71266e17b0ba34036cd1efe
Comment 21 Joey Lee 2023-07-28 14:56:12 UTC 
(In reply to Joey Lee from comment #20)
> I have backported the following patch from bluetooth-next git tree to 15-SP4
> kernel and wait to be merged:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/
> commit/?id=15ab2fa56dc00baca71266e17b0ba34036cd1efe

Backported patch be merged to 15-SP4 kernel now:

commit ad56bc87a28e422f0e2ad833dd6cfc8c9df2de41 (origin/users/jlee/SLE15-SP4/for-next, SLE15-SP4-bsc1210780)
Author: Lee, Chun-Yi <jlee@suse.com>
Date:   Wed Jul 26 11:42:04 2023 +0800

    Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
    HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).


I will backport to other SLE version after my patch be merged to kernel mainline.
Comment 41 Maintenance Automation 2023-08-14 08:30:09 UTC 
SUSE-SU-2023:3302-1: An update that solves 28 vulnerabilities, contains two features and has 115 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1187829, 1193629, 1194869, 1206418, 1207129, 1207894, 1207948, 1208788, 1210335, 1210565, 1210584, 1210627, 1210780, 1210825, 1210853, 1211014, 1211131, 1211243, 1211738, 1211811, 1211867, 1212051, 1212256, 1212265, 1212301, 1212445, 1212456, 1212502, 1212525, 1212603, 1212604, 1212685, 1212766, 1212835, 1212838, 1212842, 1212846, 1212848, 1212861, 1212869, 1212892, 1212901, 1212905, 1212961, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213116, 1213134, 1213167, 1213205, 1213206, 1213226, 1213233, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213272, 1213286, 1213287, 1213304, 1213417, 1213493, 1213523, 1213524, 1213533, 1213543, 1213578, 1213585, 1213586, 1213588, 1213601, 1213620, 1213632, 1213653, 1213705, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871, 1213872
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-1829, CVE-2023-20569, CVE-2023-20593, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-2430, CVE-2023-2985, CVE-2023-3090, CVE-2023-31083, CVE-2023-3111, CVE-2023-3117, CVE-2023-31248, CVE-2023-3212, CVE-2023-3268, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-38409, CVE-2023-3863, CVE-2023-4004
Jira References: PED-4718, PED-4758
Sources used:
openSUSE Leap 15.5 (src): kernel-livepatch-SLE15-SP5-RT_Update_3-1-150500.11.5.1, kernel-syms-rt-5.14.21-150500.13.11.1, kernel-source-rt-5.14.21-150500.13.11.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5-RT_Update_3-1-150500.11.5.1
SUSE Real Time Module 15-SP5 (src): kernel-syms-rt-5.14.21-150500.13.11.1, kernel-source-rt-5.14.21-150500.13.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Maintenance Automation 2023-08-14 16:30:14 UTC 
SUSE-SU-2023:3313-1: An update that solves 13 vulnerabilities and has 20 fixes can now be installed.

Category: security (important)
Bug References: 1206418, 1207129, 1210627, 1210780, 1211131, 1211738, 1212502, 1212604, 1212901, 1213167, 1213272, 1213287, 1213304, 1213585, 1213586, 1213588, 1213620, 1213653, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213842, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-31083, CVE-2023-3268, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-4004
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.4 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
SUSE Linux Enterprise Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
Basesystem Module 15-SP4 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3, kernel-source-5.14.21-150400.24.81.1
Development Tools Module 15-SP4 (src): kernel-source-5.14.21-150400.24.81.1, kernel-syms-5.14.21-150400.24.81.1, kernel-obs-build-5.14.21-150400.24.81.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4_Update_16-1-150400.9.3.3
openSUSE Leap 15.4 (src): kernel-obs-qa-5.14.21-150400.24.81.1, kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3, kernel-syms-5.14.21-150400.24.81.1, kernel-source-5.14.21-150400.24.81.1, kernel-obs-build-5.14.21-150400.24.81.1, kernel-livepatch-SLE15-SP4_Update_16-1-150400.9.3.3
openSUSE Leap Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
openSUSE Leap Micro 5.4 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
SUSE Linux Enterprise Micro for Rancher 5.3 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
SUSE Linux Enterprise Micro 5.3 (src): kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Maintenance Automation 2023-08-14 16:30:29 UTC 
SUSE-SU-2023:3311-1: An update that solves 15 vulnerabilities and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1206418, 1207129, 1207948, 1210627, 1210780, 1210825, 1211131, 1211738, 1211811, 1212445, 1212502, 1212604, 1212766, 1212901, 1213167, 1213272, 1213287, 1213304, 1213417, 1213578, 1213585, 1213586, 1213588, 1213601, 1213620, 1213632, 1213653, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871, 1213872
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-31083, CVE-2023-3268, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-38409, CVE-2023-3863, CVE-2023-4004
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-5.14.21-150500.55.19.1, kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4, kernel-livepatch-SLE15-SP5_Update_3-1-150500.11.3.4, kernel-source-5.14.21-150500.55.19.1, kernel-obs-qa-5.14.21-150500.55.19.1, kernel-obs-build-5.14.21-150500.55.19.1
Basesystem Module 15-SP5 (src): kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4, kernel-source-5.14.21-150500.55.19.1
Development Tools Module 15-SP5 (src): kernel-obs-build-5.14.21-150500.55.19.1, kernel-syms-5.14.21-150500.55.19.1, kernel-source-5.14.21-150500.55.19.1
SUSE Linux Enterprise Live Patching 15-SP5 (src): kernel-livepatch-SLE15-SP5_Update_3-1-150500.11.3.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Maintenance Automation 2023-08-15 12:30:08 UTC 
SUSE-SU-2023:3318-1: An update that solves 20 vulnerabilities and has 89 fixes can now be installed.

Category: security (important)
Bug References: 1150305, 1193629, 1194869, 1206418, 1207129, 1207894, 1208788, 1210565, 1210584, 1210627, 1210780, 1210853, 1211131, 1211243, 1211738, 1211811, 1211867, 1212301, 1212502, 1212604, 1212846, 1212901, 1212905, 1213010, 1213011, 1213012, 1213013, 1213014, 1213015, 1213016, 1213017, 1213018, 1213019, 1213020, 1213021, 1213024, 1213025, 1213032, 1213034, 1213035, 1213036, 1213037, 1213038, 1213039, 1213040, 1213041, 1213059, 1213061, 1213087, 1213088, 1213089, 1213090, 1213092, 1213093, 1213094, 1213095, 1213096, 1213098, 1213099, 1213100, 1213102, 1213103, 1213104, 1213105, 1213106, 1213107, 1213108, 1213109, 1213110, 1213111, 1213112, 1213113, 1213114, 1213134, 1213167, 1213245, 1213247, 1213252, 1213258, 1213259, 1213263, 1213264, 1213272, 1213286, 1213287, 1213304, 1213523, 1213524, 1213543, 1213585, 1213586, 1213588, 1213620, 1213653, 1213705, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-20593, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-2985, CVE-2023-31083, CVE-2023-3117, CVE-2023-31248, CVE-2023-3268, CVE-2023-3390, CVE-2023-35001, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-3812, CVE-2023-4004
Sources used:
openSUSE Leap 15.4 (src): kernel-syms-rt-5.14.21-150400.15.46.1, kernel-source-rt-5.14.21-150400.15.46.1
SUSE Linux Enterprise Live Patching 15-SP4 (src): kernel-livepatch-SLE15-SP4-RT_Update_11-1-150400.1.5.1
SUSE Real Time Module 15-SP4 (src): kernel-syms-rt-5.14.21-150400.15.46.1, kernel-source-rt-5.14.21-150400.15.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Maintenance Automation 2023-08-22 16:30:03 UTC 
SUSE-SU-2023:3376-1: An update that solves 15 vulnerabilities and has 27 fixes can now be installed.

Category: security (important)
Bug References: 1206418, 1207129, 1207948, 1210627, 1210780, 1210825, 1211131, 1211738, 1211811, 1212445, 1212502, 1212604, 1212766, 1212901, 1213167, 1213272, 1213287, 1213304, 1213417, 1213578, 1213585, 1213586, 1213588, 1213601, 1213620, 1213632, 1213653, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871, 1213872
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-31083, CVE-2023-3268, CVE-2023-3567, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776, CVE-2023-38409, CVE-2023-3863, CVE-2023-4004
Sources used:
openSUSE Leap 15.5 (src): kernel-syms-azure-5.14.21-150500.33.14.1, kernel-source-azure-5.14.21-150500.33.14.1
Public Cloud Module 15-SP5 (src): kernel-syms-azure-5.14.21-150500.33.14.1, kernel-source-azure-5.14.21-150500.33.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Maintenance Automation 2023-08-22 20:30:13 UTC 
SUSE-SU-2023:3377-1: An update that solves 11 vulnerabilities and has 19 fixes can now be installed.

Category: security (important)
Bug References: 1206418, 1207129, 1210627, 1210780, 1211131, 1211738, 1212502, 1212604, 1212901, 1213167, 1213272, 1213287, 1213304, 1213588, 1213620, 1213653, 1213713, 1213715, 1213747, 1213756, 1213759, 1213777, 1213810, 1213812, 1213856, 1213857, 1213863, 1213867, 1213870, 1213871
CVE References: CVE-2022-40982, CVE-2023-0459, CVE-2023-20569, CVE-2023-21400, CVE-2023-2156, CVE-2023-2166, CVE-2023-31083, CVE-2023-3268, CVE-2023-3567, CVE-2023-3776, CVE-2023-4004
Sources used:
openSUSE Leap 15.4 (src): kernel-source-azure-5.14.21-150400.14.63.1, kernel-syms-azure-5.14.21-150400.14.63.1
Public Cloud Module 15-SP4 (src): kernel-source-azure-5.14.21-150400.14.63.1, kernel-syms-azure-5.14.21-150400.14.63.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 47 Joey Lee 2023-09-05 15:13:16 UTC 
(In reply to Joey Lee from comment #21)
> (In reply to Joey Lee from comment #20)
> > I have backported the following patch from bluetooth-next git tree to 15-SP4
> > kernel and wait to be merged:
> > 
> > https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/
> > commit/?id=15ab2fa56dc00baca71266e17b0ba34036cd1efe
> 
> Backported patch be merged to 15-SP4 kernel now:
> 
> commit ad56bc87a28e422f0e2ad833dd6cfc8c9df2de41
> (origin/users/jlee/SLE15-SP4/for-next, SLE15-SP4-bsc1210780)
> Author: Lee, Chun-Yi <jlee@suse.com>
> Date:   Wed Jul 26 11:42:04 2023 +0800
> 
>     Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
>     HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
> 
> 
> I will backport to other SLE version after my patch be merged to kernel
> mainline.

My patch be merged on upstream:

commit 9c33663af9ad115f90c076a1828129a3fbadea98
Author: Lee, Chun-Yi <joeyli.kernel@gmail.com>
Date:   Mon Jul 10 23:17:23 2023 +0800

    Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

I will backport it to other SLE version.
Comment 52 Petr Mladek 2023-11-30 15:18:42 UTC 
Joey, it seems that the fix has been ported to almost all branches.
The only exception is cve/linux-3.0.

Is cve/linux-3.0 (SLE11-SP4-LTSS) affected, please?

If not, then we might reassign the bug back to the security team
for further tracking.
Comment 65 Maintenance Automation 2023-12-12 16:30:25 UTC 
SUSE-SU-2023:4735-1: An update that solves seven vulnerabilities, contains two features and has 19 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1176950, 1190208, 1203496, 1205462, 1208787, 1210780, 1214037, 1214285, 1214408, 1214764, 1216031, 1216058, 1216259, 1216584, 1216759, 1216965, 1216976, 1217036, 1217087, 1217206, 1217519, 1217525, 1217603, 1217604, 1217607
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-source-rt-4.12.14-10.154.1, kernel-syms-rt-4.12.14-10.154.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 66 Maintenance Automation 2023-12-12 16:30:42 UTC 
SUSE-SU-2023:4733-1: An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210780, 1214037, 1214344, 1214764, 1215371, 1216058, 1216259, 1216584, 1216965, 1216976, 1217140, 1217332, 1217408, 1217780
CVE References: CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717, CVE-2023-6176
Jira References: PED-3184, PED-5021
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 68 Maintenance Automation 2023-12-13 16:30:04 UTC 
SUSE-SU-2023:4784-1: An update that solves seven vulnerabilities, contains two features and has 19 security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1176950, 1190208, 1203496, 1205462, 1208787, 1210780, 1214037, 1214285, 1214408, 1214764, 1216031, 1216058, 1216259, 1216584, 1216759, 1216965, 1216976, 1217036, 1217087, 1217206, 1217519, 1217525, 1217603, 1217604, 1217607
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_51-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.186.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.186.1, kernel-syms-4.12.14-122.186.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.186.1, kernel-syms-4.12.14-122.186.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.186.1, kernel-syms-4.12.14-122.186.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 69 Maintenance Automation 2023-12-13 16:30:11 UTC 
SUSE-SU-2023:4783-1: An update that solves seven vulnerabilities, contains two features and has five security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210780, 1214037, 1214344, 1214764, 1216058, 1216259, 1216584, 1216965, 1216976, 1217332, 1217780
CVE References: CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717, CVE-2023-6176
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_43-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-syms-5.3.18-150200.24.172.1, kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1, kernel-source-5.3.18-150200.24.172.1, kernel-obs-build-5.3.18-150200.24.172.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-syms-5.3.18-150200.24.172.1, kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1, kernel-source-5.3.18-150200.24.172.1, kernel-obs-build-5.3.18-150200.24.172.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-syms-5.3.18-150200.24.172.1, kernel-default-base-5.3.18-150200.24.172.1.150200.9.87.1, kernel-source-5.3.18-150200.24.172.1, kernel-obs-build-5.3.18-150200.24.172.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 70 Maintenance Automation 2023-12-13 20:30:26 UTC 
SUSE-SU-2023:4811-1: An update that solves seven vulnerabilities, contains two features and has eight security fixes can now be installed.

Category: security (important)
Bug References: 1084909, 1210780, 1214037, 1214344, 1214764, 1215371, 1216058, 1216259, 1216584, 1216965, 1216976, 1217140, 1217332, 1217408, 1217780
CVE References: CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717, CVE-2023-6176
Jira References: PED-3184, PED-5021
Sources used:
openSUSE Leap 15.3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-livepatch-SLE15-SP3_Update_39-1-150300.7.3.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-obs-qa-5.3.18-150300.59.144.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_39-1-150300.7.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Enterprise Storage 7.1 (src): kernel-obs-build-5.3.18-150300.59.144.1, kernel-syms-5.3.18-150300.59.144.1, kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1, kernel-source-5.3.18-150300.59.144.1
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.144.1.150300.18.84.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 71 Maintenance Automation 2023-12-15 12:30:01 UTC 
SUSE-SU-2023:4882-1: An update that solves seven vulnerabilities, contains two features and has one security fix can now be installed.

Category: security (important)
Bug References: 1084909, 1208787, 1210780, 1216058, 1216259, 1216584, 1216965, 1216976
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_46-1-150100.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1
SUSE CaaS Platform 4.0 (src): kernel-syms-4.12.14-150100.197.165.1, kernel-obs-build-4.12.14-150100.197.165.1, kernel-source-4.12.14-150100.197.165.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 72 Maintenance Automation 2023-12-15 12:30:07 UTC 
SUSE-SU-2023:4883-1: An update that solves seven vulnerabilities, contains two features and has 18 security fixes can now be installed.

Category: security (important)
Bug References: 1176950, 1190208, 1203496, 1205462, 1208787, 1210780, 1214037, 1214285, 1214408, 1214764, 1216031, 1216058, 1216259, 1216584, 1216759, 1216965, 1216976, 1217036, 1217087, 1217206, 1217519, 1217525, 1217603, 1217604, 1217607
CVE References: CVE-2023-0461, CVE-2023-31083, CVE-2023-39197, CVE-2023-39198, CVE-2023-45863, CVE-2023-45871, CVE-2023-5717
Jira References: PED-3184, PED-5021
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-azure-4.12.14-16.160.1, kernel-syms-azure-4.12.14-16.160.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-azure-4.12.14-16.160.1, kernel-syms-azure-4.12.14-16.160.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-azure-4.12.14-16.160.1, kernel-syms-azure-4.12.14-16.160.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 76 Joey Lee 2024-03-20 12:50:03 UTC 
(In reply to Petr Mladek from comment #52)
> Joey, it seems that the fix has been ported to almost all branches.
> The only exception is cve/linux-3.0.
> 
> Is cve/linux-3.0 (SLE11-SP4-LTSS) affected, please?
> 
> If not, then we might reassign the bug back to the security team
> for further tracking.

Thanks for your reminder. I just sent out the merge request to cve/linux-3.0.
Comment 77 Joey Lee 2024-03-20 12:51:55 UTC 
(In reply to Joey Lee from comment #76)
> (In reply to Petr Mladek from comment #52)
> > Joey, it seems that the fix has been ported to almost all branches.
> > The only exception is cve/linux-3.0.
> > 
> > Is cve/linux-3.0 (SLE11-SP4-LTSS) affected, please?
> > 
> > If not, then we might reassign the bug back to the security team
> > for further tracking.
> 
> Thanks for your reminder. I just sent out the merge request to cve/linux-3.0.

hm... My submit is not success. I am checking why kernel-source git reject.
Comment 78 Joey Lee 2024-03-20 13:29:08 UTC 
(In reply to Joey Lee from comment #77)
> (In reply to Joey Lee from comment #76)
> > (In reply to Petr Mladek from comment #52)
> > > Joey, it seems that the fix has been ported to almost all branches.
> > > The only exception is cve/linux-3.0.
> > > 
> > > Is cve/linux-3.0 (SLE11-SP4-LTSS) affected, please?
> > > 
> > > If not, then we might reassign the bug back to the security team
> > > for further tracking.
> > 
> > Thanks for your reminder. I just sent out the merge request to cve/linux-3.0.
> 
> hm... My submit is not success. I am checking why kernel-source git reject.

The cve/linux-3.0 is deprecated. I direct backported to SLE11-SP4-LTSS and wait to be merged.
Comment 84 Robert Frohl 2024-05-07 09:09:19 UTC 
done, closing