Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- Drop dvb-core fix patch due to regression (bsc#1205758).
- Revert CVE-2018-20784 due to regression (bsc#1126703).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464).
- bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336).
- btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687).
- do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513).
- fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154).
- firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128).
- fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
- kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753).
- kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824).
- media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758).
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291 CVE-2023-28328).
- media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758).
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118 bsc#1208837).
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449).
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777).
- netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162).
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772).
- tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566).
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380).
- x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998).
- xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
Ссылки
- Link for SUSE-SU-2023:2805-1
- E-Mail link for SUSE-SU-2023:2805-1
- SUSE Security Ratings
- SUSE Bug 1126703
- SUSE Bug 1204405
- SUSE Bug 1205756
- SUSE Bug 1205758
- SUSE Bug 1205760
- SUSE Bug 1205762
- SUSE Bug 1205803
- SUSE Bug 1206878
- SUSE Bug 1207036
- SUSE Bug 1207125
- SUSE Bug 1207168
- SUSE Bug 1207795
- SUSE Bug 1208600
- SUSE Bug 1208777
- SUSE Bug 1208837
- SUSE Bug 1209008
- SUSE Bug 1209039
Описание
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Затронутые продукты
Ссылки
- CVE-2017-5753
- SUSE Bug 1068032
- SUSE Bug 1074562
- SUSE Bug 1074578
- SUSE Bug 1074701
- SUSE Bug 1075006
- SUSE Bug 1075419
- SUSE Bug 1075748
- SUSE Bug 1080039
- SUSE Bug 1087084
- SUSE Bug 1087939
- SUSE Bug 1089055
- SUSE Bug 1136865
- SUSE Bug 1178658
- SUSE Bug 1201877
- SUSE Bug 1209547
Описание
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
Затронутые продукты
Ссылки
- CVE-2018-20784
- SUSE Bug 1126703
Описание
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-3566
- SUSE Bug 1204405
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
Затронутые продукты
Ссылки
- CVE-2022-45884
- SUSE Bug 1205756
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
Затронутые продукты
Ссылки
- CVE-2022-45885
- SUSE Bug 1205758
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
Затронутые продукты
Ссылки
- CVE-2022-45886
- SUSE Bug 1205760
Описание
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
Затронутые продукты
Ссылки
- CVE-2022-45887
- SUSE Bug 1205762
- SUSE Bug 1220015
Описание
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
Затронутые продукты
Ссылки
- CVE-2022-45919
- SUSE Bug 1205803
- SUSE Bug 1208912
- SUSE Bug 1214128
- SUSE Bug 1215674
Описание
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
Затронутые продукты
Ссылки
- CVE-2023-0590
- SUSE Bug 1207795
- SUSE Bug 1207822
- SUSE Bug 1211495
- SUSE Bug 1211833
Описание
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
Затронутые продукты
Ссылки
- CVE-2023-1077
- SUSE Bug 1208600
- SUSE Bug 1208839
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2023-1095
- SUSE Bug 1208777
Описание
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-1118
- SUSE Bug 1208837
- SUSE Bug 1208910
- SUSE Bug 1210423
- SUSE Bug 1211495
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
Затронутые продукты
Ссылки
- CVE-2023-1249
- SUSE Bug 1209039
Описание
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-1380
- SUSE Bug 1209287
Описание
A remote denial of service vulnerability was found in the Linux kernel's TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
Затронутые продукты
Ссылки
- CVE-2023-1390
- SUSE Bug 1209289
- SUSE Bug 1210779
- SUSE Bug 1211495
Описание
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
Затронутые продукты
Ссылки
- CVE-2023-1513
- SUSE Bug 1209532
Описание
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
Затронутые продукты
Ссылки
- CVE-2023-1611
- SUSE Bug 1209687
Описание
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-1670
- SUSE Bug 1209871
- SUSE Bug 1222212
Описание
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
Затронутые продукты
Ссылки
- CVE-2023-1989
- SUSE Bug 1210336
- SUSE Bug 1210500
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
Описание
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
Затронутые продукты
Ссылки
- CVE-2023-1990
- SUSE Bug 1210337
- SUSE Bug 1210501
- SUSE Bug 1214128
Описание
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
Затронутые продукты
Ссылки
- CVE-2023-1998
- SUSE Bug 1210506
Описание
An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-2124
- SUSE Bug 1210498
Описание
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
Затронутые продукты
Ссылки
- CVE-2023-2162
- SUSE Bug 1210647
- SUSE Bug 1210662
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1222212
Описание
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
Затронутые продукты
Ссылки
- CVE-2023-2194
- SUSE Bug 1210715
Описание
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23454
- SUSE Bug 1207036
- SUSE Bug 1207188
- SUSE Bug 1208030
- SUSE Bug 1208044
- SUSE Bug 1208085
- SUSE Bug 1211833
Описание
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Затронутые продукты
Ссылки
- CVE-2023-23455
- SUSE Bug 1207125
- SUSE Bug 1207189
- SUSE Bug 1211833
Описание
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Затронутые продукты
Ссылки
- CVE-2023-2513
- SUSE Bug 1211105
Описание
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-28328
- SUSE Bug 1209291
- SUSE Bug 1222212
Описание
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
Затронутые продукты
Ссылки
- CVE-2023-28464
- SUSE Bug 1209052
- SUSE Bug 1211111
- SUSE Bug 1220130
Описание
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
Затронутые продукты
Ссылки
- CVE-2023-28772
- SUSE Bug 1209549
- SUSE Bug 1211110
- SUSE Bug 1214378
Описание
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
Затронутые продукты
Ссылки
- CVE-2023-30772
- SUSE Bug 1210329
Описание
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
Затронутые продукты
Ссылки
- CVE-2023-3090
- SUSE Bug 1212842
- SUSE Bug 1212849
- SUSE Bug 1214128
- SUSE Bug 1219701
Описание
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
Затронутые продукты
Ссылки
- CVE-2023-3141
- SUSE Bug 1212129
- SUSE Bug 1215674
Описание
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
Затронутые продукты
Ссылки
- CVE-2023-31436
- SUSE Bug 1210940
- SUSE Bug 1211260
- SUSE Bug 1213841
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1223091
- SUSE Bug 1224419
Описание
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
Затронутые продукты
Ссылки
- CVE-2023-3159
- SUSE Bug 1212128
- SUSE Bug 1212347
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1215674
Описание
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
Затронутые продукты
Ссылки
- CVE-2023-3161
- SUSE Bug 1212154
- SUSE Bug 1215674
Описание
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
Затронутые продукты
Ссылки
- CVE-2023-32269
- SUSE Bug 1211186
Описание
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
Затронутые продукты
Ссылки
- CVE-2023-35824
- SUSE Bug 1212501
- SUSE Bug 1215674