Описание
Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122_156 fixes several issues.
The following security issues were fixed:
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_156-default-2-2.2
Ссылки
- Link for SUSE-SU-2023:2395-1
- E-Mail link for SUSE-SU-2023:2395-1
- SUSE Security Ratings
- SUSE Bug 1210500
- SUSE Bug 1210662
- SUSE CVE CVE-2023-1989 page
- SUSE CVE CVE-2023-2162 page
Описание
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_156-default-2-2.2
Ссылки
- CVE-2023-1989
- SUSE Bug 1210336
- SUSE Bug 1210500
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
Описание
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_156-default-2-2.2
Ссылки
- CVE-2023-2162
- SUSE Bug 1210647
- SUSE Bug 1210662
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1222212