Описание
Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-150100_197_142 fixes several issues.
The following security issues were fixed:
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP1
Ссылки
- Link for SUSE-SU-2023:2386-1
- E-Mail link for SUSE-SU-2023:2386-1
- SUSE Security Ratings
- SUSE Bug 1207188
- SUSE Bug 1210500
- SUSE Bug 1210662
- SUSE CVE CVE-2023-1989 page
- SUSE CVE CVE-2023-2162 page
- SUSE CVE CVE-2023-23454 page
Описание
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
Затронутые продукты
Ссылки
- CVE-2023-1989
- SUSE Bug 1210336
- SUSE Bug 1210500
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
Описание
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-2162
- SUSE Bug 1210647
- SUSE Bug 1210662
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1222212
Описание
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23454
- SUSE Bug 1207036
- SUSE Bug 1207188
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
- SUSE Bug 1211833