Описание
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207139).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
Ссылки
- Link for SUSE-SU-2023:0637-1
- E-Mail link for SUSE-SU-2023:0637-1
- SUSE Security Ratings
- SUSE Bug 1206314
- SUSE Bug 1207139
- SUSE CVE CVE-2022-3564 page
- SUSE CVE CVE-2023-0179 page
Описание
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
Затронутые продукты
Ссылки
- CVE-2022-3564
- SUSE Bug 1206073
- SUSE Bug 1206314
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
Описание
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-0179
- SUSE Bug 1207034
- SUSE Bug 1207139
- SUSE Bug 1215208