SUSE-SU-2023:2385-1

Опубликовано: 06 июн. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100_197_145 fixes one issue.

The following security issue was fixed:

CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP1

kernel-livepatch-4_12_14-150100_197_145-default-2-150100.2.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232385-1/
Link for SUSE-SU-2023:2385-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029735.html
E-Mail link for SUSE-SU-2023:2385-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://www.suse.com/security/cve/CVE-2023-23454/
SUSE CVE CVE-2023-23454 page

Описание

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_145-default-2-150100.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-23454.html
CVE-2023-23454
https://bugzilla.suse.com/1207036
SUSE Bug 1207036
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://bugzilla.suse.com/1208030
SUSE Bug 1208030
https://bugzilla.suse.com/1208044
SUSE Bug 1208044
https://bugzilla.suse.com/1208085
SUSE Bug 1208085
https://bugzilla.suse.com/1211833
SUSE Bug 1211833

SUSE-SU-2023:2385-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP1

Ссылки

Уязвимость: CVE-2023-23454

Описание

Затронутые продукты

Ссылки