Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:2007-1

Опубликовано: 25 апр. 2023
Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-150200_24_115 fixes several issues.

The following security issues were fixed:

  • CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
  • CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
  • CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420).

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP4
kgraft-patch-4_12_14-95_105-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-150200_24_115-default-13-150200.2.2

Ссылки

Описание

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_105-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_115-default-13-150200.2.2
Ссылки

Описание

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_105-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_115-default-13-150200.2.2
Ссылки

Описание

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_105-default-9-2.2
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_115-default-13-150200.2.2
Ссылки
Уязвимость SUSE-SU-2023:2007-1