Описание
Security update for the Linux Kernel (Live Patch 38 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-150200_24_157 fixes several issues.
The following security issues were fixed:
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP2
kernel-livepatch-5_3_18-150200_24_157-default-2-150200.2.1
Ссылки
- Link for SUSE-SU-2023:3622-1
- E-Mail link for SUSE-SU-2023:3622-1
- SUSE Security Ratings
- SUSE Bug 1213063
- SUSE Bug 1213244
- SUSE CVE CVE-2023-35001 page
- SUSE CVE CVE-2023-3567 page
Описание
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_157-default-2-150200.2.1
Ссылки
- CVE-2023-35001
- SUSE Bug 1213059
- SUSE Bug 1213063
- SUSE Bug 1217531
Описание
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_157-default-2-150200.2.1
Ссылки
- CVE-2023-3567
- SUSE Bug 1213167
- SUSE Bug 1213244
- SUSE Bug 1213842
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531