Описание
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_24_60 fixes several issues.
The following security issues were fixed:
- CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
Ссылки
- Link for SUSE-SU-2023:2428-1
- E-Mail link for SUSE-SU-2023:2428-1
- SUSE Security Ratings
- SUSE Bug 1207188
- SUSE Bug 1210499
- SUSE Bug 1210662
- SUSE CVE CVE-2023-0386 page
- SUSE CVE CVE-2023-2162 page
- SUSE CVE CVE-2023-23454 page
Описание
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-0386
- SUSE Bug 1209615
- SUSE Bug 1210499
Описание
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-2162
- SUSE Bug 1210647
- SUSE Bug 1210662
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1222212
Описание
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23454
- SUSE Bug 1207036
- SUSE Bug 1207188
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
- SUSE Bug 1211833