SUSE-SU-2023:2367-1

Опубликовано: 05 июн. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-150400_15_28 fixes one issue.

The following security issue was fixed:

CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4

kernel-livepatch-5_14_21-150400_15_28-rt-2-150400.2.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232367-1/
Link for SUSE-SU-2023:2367-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029713.html
E-Mail link for SUSE-SU-2023:2367-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://www.suse.com/security/cve/CVE-2023-23454/
SUSE CVE CVE-2023-23454 page

Описание

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_28-rt-2-150400.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-23454.html
CVE-2023-23454
https://bugzilla.suse.com/1207036
SUSE Bug 1207036
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://bugzilla.suse.com/1208030
SUSE Bug 1208030
https://bugzilla.suse.com/1208044
SUSE Bug 1208044
https://bugzilla.suse.com/1208085
SUSE Bug 1208085
https://bugzilla.suse.com/1211833
SUSE Bug 1211833

SUSE-SU-2023:2367-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4

Ссылки

Уязвимость: CVE-2023-23454

Описание

Затронутые продукты

Ссылки