Bug 1215861 (CVE-2023-39194) - VUL-0: CVE-2023-39194: kernel: Linux Kernel XFRM Out-Of-Bounds Read Information Disclosure Vulnerability
Summary: VUL-0: CVE-2023-39194: kernel: Linux Kernel XFRM Out-Of-Bounds Read Informati...
Status: RESOLVED FIXED
Alias: CVE-2023-39194
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/380408/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-39194:3.2:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-02 08:30 UTC by Gabriele Sonnu
Modified: 2024-01-30 12:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Gabriele Sonnu 2023-10-02 08:36:24 UTC 
ZDI-23-1492

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the processing of state filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-1492/
Comment 3 Gabriele Sonnu 2023-10-02 09:01:54 UTC 
Fixing commit:

https://github.com/torvalds/linux/commit/dfa73c17d55b921e1d4e154976de35317e43a93a

Based on the above commit, tracking as affected:

 - SLE12-SP5
 - SLE15-SP4
 - SLE15-SP5
 - cve/linux-4.4
 - cve/linux-4.12
 - cve/linux-5.3
Comment 4 Chester Lin 2023-10-03 08:36:15 UTC 
Reassigning to a concrete person to ensure progress [1] (feel free to pass to the next one), see also the process at [2].
 
Hi Michal / Denis,

Could you please take a look at this CVE? Thanks.
 
[1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
[2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security
Comment 6 Michal Kubeček 2023-10-05 14:08:04 UTC 
introduced      d3623099d350    3.15-rc1
fixed           dfa73c17d55b    6.5-rc7

The fix has been submitted to all relevant branches:

SLE15-SP6       6.4.12
SLE15-SP4       55308cb2a1b0    (merged)
cve/linux-5.3   1bf7dabbb3ea
cve/linux-4.12  30ab6919f9a6    (merged)
cve/linux-4.4   04f93a1767c9

Reassigning back to security team.
Comment 15 Maintenance Automation 2023-10-10 16:35:18 UTC 
SUSE-SU-2023:4031-1: An update that solves 13 vulnerabilities, contains one feature and has 39 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109837, 1152446, 1154048, 1207168, 1208995, 1210169, 1212703, 1213016, 1214157, 1214380, 1214386, 1214586, 1214940, 1214943, 1214945, 1214946, 1214948, 1214949, 1214950, 1214952, 1214953, 1214961, 1214962, 1214964, 1214965, 1214966, 1214967, 1215115, 1215117, 1215121, 1215122, 1215136, 1215149, 1215152, 1215162, 1215164, 1215165, 1215207, 1215221, 1215275, 1215299, 1215467, 1215607, 1215634, 1215858, 1215860, 1215861, 1215877, 1215897, 1215898, 1215954
CVE References: CVE-2020-36766, CVE-2023-0394, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Jira References: PED-5021
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src): kgraft-patch-SLE12-SP5_Update_49-1-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): kernel-obs-build-4.12.14-122.179.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1
SUSE Linux Enterprise Server 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): kernel-source-4.12.14-122.179.1, kernel-syms-4.12.14-122.179.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Maintenance Automation 2023-10-10 16:35:38 UTC 
SUSE-SU-2023:4033-1: An update that solves 12 vulnerabilities and has 39 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1109837, 1152446, 1154048, 1208995, 1210169, 1212703, 1213016, 1214157, 1214380, 1214386, 1214586, 1214940, 1214943, 1214945, 1214946, 1214948, 1214949, 1214950, 1214952, 1214953, 1214961, 1214962, 1214964, 1214965, 1214966, 1214967, 1215115, 1215117, 1215121, 1215122, 1215136, 1215149, 1215152, 1215162, 1215164, 1215165, 1215207, 1215221, 1215275, 1215299, 1215467, 1215607, 1215634, 1215858, 1215860, 1215861, 1215877, 1215897, 1215898, 1215954
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Real Time 12 SP5 (src): kernel-syms-rt-4.12.14-10.144.1, kernel-source-rt-4.12.14-10.144.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Maintenance Automation 2023-10-12 12:46:34 UTC 
SUSE-SU-2023:4058-1: An update that solves 18 vulnerabilities, contains three features and has 71 security fixes can now be installed.

Category: security (important)
Bug References: 1065729, 1152472, 1187236, 1201284, 1202845, 1206453, 1208995, 1210169, 1210643, 1210658, 1212639, 1212703, 1213123, 1213534, 1213808, 1214022, 1214037, 1214040, 1214233, 1214351, 1214479, 1214543, 1214635, 1214813, 1214873, 1214928, 1214940, 1214941, 1214942, 1214943, 1214944, 1214945, 1214946, 1214947, 1214948, 1214949, 1214950, 1214951, 1214952, 1214953, 1214954, 1214955, 1214957, 1214958, 1214959, 1214961, 1214962, 1214963, 1214964, 1214965, 1214966, 1214967, 1214986, 1214988, 1214990, 1214991, 1214992, 1214993, 1214995, 1214997, 1214998, 1215115, 1215117, 1215123, 1215124, 1215148, 1215150, 1215221, 1215275, 1215322, 1215467, 1215523, 1215581, 1215752, 1215858, 1215860, 1215861, 1215875, 1215877, 1215894, 1215895, 1215896, 1215899, 1215911, 1215915, 1215916, 1215941, 1215956, 1215957
CVE References: CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-2177, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-4155, CVE-2023-42753, CVE-2023-42754, CVE-2023-4389, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921, CVE-2023-5345
Jira References: PED-1549, PED-2023, PED-2025
Sources used:
openSUSE Leap 15.5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1
Public Cloud Module 15-SP5 (src): kernel-source-azure-5.14.21-150500.33.20.1, kernel-syms-azure-5.14.21-150500.33.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Maintenance Automation 2023-11-02 16:30:11 UTC 
SUSE-SU-2023:4347-1: An update that solves 17 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1208995, 1210169, 1210778, 1212703, 1214233, 1214380, 1214386, 1215115, 1215117, 1215221, 1215275, 1215299, 1215467, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051
CVE References: CVE-2020-36766, CVE-2023-1192, CVE-2023-1206, CVE-2023-1859, CVE-2023-31085, CVE-2023-34324, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-40283, CVE-2023-42754, CVE-2023-45862, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
Sources used:
SUSE Linux Enterprise Live Patching 15-SP1 (src): kernel-livepatch-SLE15-SP1_Update_45-1-150100.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1
SUSE CaaS Platform 4.0 (src): kernel-obs-build-4.12.14-150100.197.160.1, kernel-syms-4.12.14-150100.197.160.1, kernel-source-4.12.14-150100.197.160.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Maintenance Automation 2023-11-02 16:30:24 UTC 
SUSE-SU-2023:4348-1: An update that solves 11 vulnerabilities and has three security fixes can now be installed.

Category: security (important)
Bug References: 1210778, 1210853, 1212051, 1214842, 1215095, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051, 1216134
CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-3111, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862
Sources used:
openSUSE Leap 15.3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2, kernel-obs-qa-5.3.18-150300.59.141.1, kernel-source-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-livepatch-SLE15-SP3_Update_38-1-150300.7.3.2
SUSE Linux Enterprise Live Patching 15-SP3 (src): kernel-livepatch-SLE15-SP3_Update_38-1-150300.7.3.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Manager Proxy 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1
SUSE Manager Retail Branch Server 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1
SUSE Manager Server 4.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1
SUSE Enterprise Storage 7.1 (src): kernel-syms-5.3.18-150300.59.141.1, kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2, kernel-source-5.3.18-150300.59.141.1, kernel-obs-build-5.3.18-150300.59.141.2
SUSE Linux Enterprise Micro 5.1 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
SUSE Linux Enterprise Micro 5.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src): kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Maintenance Automation 2023-11-03 16:30:20 UTC 
SUSE-SU-2023:4358-1: An update that solves nine vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1212051, 1214842, 1215095, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046
CVE References: CVE-2023-2163, CVE-2023-3111, CVE-2023-34324, CVE-2023-3777, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Maintenance Automation 2023-11-06 16:30:03 UTC 
SUSE-SU-2023:4377-1: An update that solves 10 vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1210778, 1210853, 1212051, 1215467, 1215518, 1215745, 1215858, 1215860, 1215861, 1216046, 1216051, 1216134
CVE References: CVE-2023-2163, CVE-2023-31085, CVE-2023-3111, CVE-2023-34324, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862
Sources used:
SUSE Linux Enterprise Live Patching 15-SP2 (src): kernel-livepatch-SLE15-SP2_Update_42-1-150200.5.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.169.1, kernel-source-5.3.18-150200.24.169.1, kernel-syms-5.3.18-150200.24.169.1, kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): kernel-obs-build-5.3.18-150200.24.169.1, kernel-source-5.3.18-150200.24.169.1, kernel-syms-5.3.18-150200.24.169.1, kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): kernel-obs-build-5.3.18-150200.24.169.1, kernel-source-5.3.18-150200.24.169.1, kernel-syms-5.3.18-150200.24.169.1, kernel-default-base-5.3.18-150200.24.169.1.150200.9.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.