Описание
Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.
The following security issues were fixed:
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
Ссылки
- Link for SUSE-SU-2023:2714-1
- E-Mail link for SUSE-SU-2023:2714-1
- SUSE Security Ratings
- SUSE Bug 1207189
- SUSE Bug 1209672
- SUSE Bug 1210452
- SUSE Bug 1210989
- SUSE CVE CVE-2022-4744 page
- SUSE CVE CVE-2023-23455 page
- SUSE CVE CVE-2023-28466 page
- SUSE CVE CVE-2023-31436 page
Описание
A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2022-4744
- SUSE Bug 1209635
- SUSE Bug 1209672
- SUSE Bug 1211833
Описание
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23455
- SUSE Bug 1207125
- SUSE Bug 1207189
- SUSE Bug 1211833
Описание
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
Затронутые продукты
Ссылки
- CVE-2023-28466
- SUSE Bug 1209366
- SUSE Bug 1210452
- SUSE Bug 1211833
- SUSE Bug 1213841
Описание
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
Затронутые продукты
Ссылки
- CVE-2023-31436
- SUSE Bug 1210940
- SUSE Bug 1211260
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1223091
- SUSE Bug 1224419