Описание
Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_101 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2023:3111-1
- E-Mail link for SUSE-SU-2023:3111-1
- SUSE Security Ratings
- SUSE Bug 1210566
- SUSE Bug 1212509
- SUSE CVE CVE-2023-2002 page
- SUSE CVE CVE-2023-35788 page
Описание
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Затронутые продукты
Ссылки
- CVE-2023-2002
- SUSE Bug 1210533
- SUSE Bug 1210566
Описание
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
Затронутые продукты
Ссылки
- CVE-2023-35788
- SUSE Bug 1212504
- SUSE Bug 1212509