Описание
Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_127 fixes several issues.
The following security issues were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213244).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2023:3632-1
- E-Mail link for SUSE-SU-2023:3632-1
- SUSE Security Ratings
- SUSE Bug 1211395
- SUSE Bug 1213063
- SUSE Bug 1213244
- SUSE CVE CVE-2023-2156 page
- SUSE CVE CVE-2023-35001 page
- SUSE CVE CVE-2023-3567 page
Описание
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
Затронутые продукты
Ссылки
- CVE-2023-2156
- SUSE Bug 1211131
- SUSE Bug 1211395
Описание
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Затронутые продукты
Ссылки
- CVE-2023-35001
- SUSE Bug 1213059
- SUSE Bug 1213063
- SUSE Bug 1217531
Описание
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
Затронутые продукты
Ссылки
- CVE-2023-3567
- SUSE Bug 1213167
- SUSE Bug 1213244
- SUSE Bug 1213842
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531