Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3676-1

Опубликовано: 19 сент. 2023
Источник: suse-cvrf

Описание

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues.

The following security issues were fixed:

  • CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395).
  • CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063).
  • CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212849).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4
kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5
kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1

Ссылки

Описание

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1
Ссылки

Описание

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1
Ссылки

Описание

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1
Ссылки