SUSE-SU-2023:2450-1

Опубликовано: 07 июн. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-150300_59_121 fixes one issue.

The following security issue was fixed:

CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP3

kernel-livepatch-5_3_18-150300_59_121-default-2-150300.2.3

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232450-1/
Link for SUSE-SU-2023:2450-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029780.html
E-Mail link for SUSE-SU-2023:2450-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://www.suse.com/security/cve/CVE-2023-23454/
SUSE CVE CVE-2023-23454 page

Описание

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_121-default-2-150300.2.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-23454.html
CVE-2023-23454
https://bugzilla.suse.com/1207036
SUSE Bug 1207036
https://bugzilla.suse.com/1207188
SUSE Bug 1207188
https://bugzilla.suse.com/1208030
SUSE Bug 1208030
https://bugzilla.suse.com/1208044
SUSE Bug 1208044
https://bugzilla.suse.com/1208085
SUSE Bug 1208085
https://bugzilla.suse.com/1211833
SUSE Bug 1211833

SUSE-SU-2023:2450-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP3

Ссылки

Уязвимость: CVE-2023-23454

Описание

Затронутые продукты

Ссылки