SUSE-SU-2023:2413-1

Опубликовано: 06 июн. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-150200_24_151 fixes one issue.

The following security issue was fixed:

CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

kernel-livepatch-5_3_18-150200_24_151-default-2-150200.2.3

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232413-1/
Link for SUSE-SU-2023:2413-1
https://lists.suse.com/pipermail/sle-security-updates/2023-June/015097.html
E-Mail link for SUSE-SU-2023:2413-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://www.suse.com/security/cve/CVE-2023-23454/
SUSE CVE CVE-2023-23454 page

Описание

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-2-150200.2.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-23454.html
CVE-2023-23454
https://bugzilla.suse.com/1207036
SUSE Bug 1207036
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://bugzilla.suse.com/1208030
SUSE Bug 1208030
https://bugzilla.suse.com/1208044
SUSE Bug 1208044
https://bugzilla.suse.com/1208085
SUSE Bug 1208085
https://bugzilla.suse.com/1211833
SUSE Bug 1211833

SUSE-SU-2023:2413-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

Ссылки

Уязвимость: CVE-2023-23454

Описание

Затронутые продукты

Ссылки