Описание
Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122_144 fixes several issues.
The following security issues were fixed:
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP5
kgraft-patch-4_12_14-122_144-default-7-2.3
Ссылки
- Link for SUSE-SU-2023:3069-1
- E-Mail link for SUSE-SU-2023:3069-1
- SUSE Security Ratings
- SUSE Bug 1210566
- SUSE Bug 1212347
- SUSE CVE CVE-2023-2002 page
- SUSE CVE CVE-2023-3159 page
Описание
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3
Ссылки
- CVE-2023-2002
- SUSE Bug 1210533
- SUSE Bug 1210566
Описание
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3
Ссылки
- CVE-2023-3159
- SUSE Bug 1212128
- SUSE Bug 1212347
- SUSE Bug 1213842
- SUSE Bug 1214128
- SUSE Bug 1215674