exploitDog

SUSE-SU-2023:2734-1

Опубликовано: 29 июн. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-150400_24_60 fixes one issue.

The following security issue was fixed:

CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP3

kernel-livepatch-5_3_18-150300_59_121-default-3-150300.2.1

SUSE Linux Enterprise Live Patching 15 SP4

kernel-livepatch-5_14_21-150400_24_60-default-3-150400.2.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232734-1/
Link for SUSE-SU-2023:2734-1
https://lists.suse.com/pipermail/sle-security-updates/2023-June/015382.html
E-Mail link for SUSE-SU-2023:2734-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210989
SUSE Bug 1210989
https://www.suse.com/security/cve/CVE-2023-31436/
SUSE CVE CVE-2023-31436 page

Описание

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_121-default-3-150300.2.1

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_60-default-3-150400.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-31436.html
CVE-2023-31436
https://bugzilla.suse.com/1210940
SUSE Bug 1210940
https://bugzilla.suse.com/1211260
SUSE Bug 1211260
https://bugzilla.suse.com/1213841
SUSE Bug 1213841
https://bugzilla.suse.com/1213842
SUSE Bug 1213842
https://bugzilla.suse.com/1214128
SUSE Bug 1214128
https://bugzilla.suse.com/1223091
SUSE Bug 1223091
https://bugzilla.suse.com/1224419
SUSE Bug 1224419