[LU-17293] kernel update [SLES15 SP5 5.14.21-150500.55.36.1] Created: 16/Nov/23  Updated: 14/Dec/23  Resolved: 29/Nov/23

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.16.0, Lustre 2.15.4
Fix Version/s: Lustre 2.16.0

Type: Improvement Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
is related to LU-17222 kernel update [SLES15 SP5 5.14.21-150... Resolved
is related to LU-17366 kernel update [SLES15 SP5 5.14.21-150... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  • CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
    component can be exploited to achieve local privilege escalation.
    (bsc#1215095)
  • CVE-2023-46813: Fixed a local privilege escalation with user-space programs
    that have access to MMIO regions (bsc#1212649).
  • CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
    that could cause a local DoS. (bsc#1210778)
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
    (bsc#1215860).
  • CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could
    allow a malicious user to execute a remote code execution. (bsc#1215768)
  • CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
    unsafe code paths being incorrectly marked as safe, resulting in arbitrary
    read/write in kernel memory, lateral privilege escalation, and container
    escape. (bsc#1215518)
  • CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
    (bsc#1215745).
  • CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
    local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
    leading to a crash or information disclosure. (bsc#1216046)
  • CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-
    supplied eBPF programs that may have allowed an attacker with CAP_BPF
    privileges to escalate privileges and execute arbitrary code. (bsc#1215863)

The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-November/017006.html

 Comments   
Comment by Gerrit Updater [ 16/Nov/23 ]

"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53156
Subject: LU-17293 kernel: update SLES15 SP5 [5.14.21-150500.55.36.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 3e50280434d250996dfaa9d68d7da5e2c45d59ef

Comment by Gerrit Updater [ 29/Nov/23 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/53156/
Subject: LU-17293 kernel: update SLES15 SP5 [5.14.21-150500.55.36.1]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 350dfbcfa8c4a3a9e36586134598554e5e930ef4

Comment by Peter Jones [ 29/Nov/23 ]

Landed for 2.16

Generated at Sat Feb 10 03:34:14 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.