Описание
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-150100_197_120 fixes several issues.
The following security issues were fixed:
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP1
kernel-livepatch-4_12_14-150100_197_120-default-12-150100.2.2
Ссылки
- Link for SUSE-SU-2023:3046-1
- E-Mail link for SUSE-SU-2023:3046-1
- SUSE Security Ratings
- SUSE Bug 1210566
- SUSE Bug 1212347
- SUSE CVE CVE-2023-2002 page
- SUSE CVE CVE-2023-3159 page
Описание
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_120-default-12-150100.2.2
Ссылки
- CVE-2023-2002
- SUSE Bug 1210533
- SUSE Bug 1210566
Описание
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP1:kernel-livepatch-4_12_14-150100_197_120-default-12-150100.2.2
Ссылки
- CVE-2023-3159
- SUSE Bug 1212128
- SUSE Bug 1212347
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1215674