SUSE-SU-2023:4358-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234358-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4358-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4358-1
Related
Published
2023-11-03T12:46:24Z
Modified
2023-11-03T12:46:24Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
  • CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
  • CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
  • CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAPNETADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
  • CVE-2023-3111: Fixed a use-after-free vulnerability in preparetorelocate in fs/btrfs/relocation.c (bsc#1212051).
  • CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
  • CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
  • CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).

The following non-security bugs were fixed:

  • nvme-fc: Prevent null pointer dereference in nvmefcio_getuuid() (bsc#1214842).
References

Affected packages

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.149.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.149.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.149.1"
        }
    ]
}