Описание
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_24_66 fixes several issues.
The following security issues were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208839).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
Ссылки
- Link for SUSE-SU-2023:3657-1
- E-Mail link for SUSE-SU-2023:3657-1
- SUSE Security Ratings
- SUSE Bug 1208839
- SUSE Bug 1211395
- SUSE Bug 1212849
- SUSE Bug 1213063
- SUSE CVE CVE-2023-1077 page
- SUSE CVE CVE-2023-2156 page
- SUSE CVE CVE-2023-3090 page
- SUSE CVE CVE-2023-35001 page
Описание
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
Затронутые продукты
Ссылки
- CVE-2023-1077
- SUSE Bug 1208600
- SUSE Bug 1208839
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
Затронутые продукты
Ссылки
- CVE-2023-2156
- SUSE Bug 1211131
- SUSE Bug 1211395
Описание
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
Затронутые продукты
Ссылки
- CVE-2023-3090
- SUSE Bug 1212842
- SUSE Bug 1212849
- SUSE Bug 1214128
- SUSE Bug 1219701
Описание
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
Затронутые продукты
Ссылки
- CVE-2023-35001
- SUSE Bug 1213059
- SUSE Bug 1213063
- SUSE Bug 1217531