Описание
Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_15_23 fixes several issues.
The following security issues were fixed:
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
Ссылки
- Link for SUSE-SU-2023:3783-1
- E-Mail link for SUSE-SU-2023:3783-1
- SUSE Security Ratings
- SUSE Bug 1210619
- SUSE Bug 1213064
- SUSE Bug 1213587
- SUSE Bug 1213706
- SUSE Bug 1214123
- SUSE Bug 1215119
- SUSE CVE CVE-2023-1829 page
- SUSE CVE CVE-2023-31248 page
- SUSE CVE CVE-2023-3609 page
- SUSE CVE CVE-2023-3776 page
- SUSE CVE CVE-2023-3812 page
- SUSE CVE CVE-2023-4273 page
Описание
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Затронутые продукты
Ссылки
- CVE-2023-1829
- SUSE Bug 1210335
- SUSE Bug 1210619
- SUSE Bug 1217444
- SUSE Bug 1217531
- SUSE Bug 1220886
- SUSE Bug 1228311
Описание
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
Затронутые продукты
Ссылки
- CVE-2023-31248
- SUSE Bug 1213061
- SUSE Bug 1213064
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
Затронутые продукты
Ссылки
- CVE-2023-3609
- SUSE Bug 1213586
- SUSE Bug 1213587
- SUSE Bug 1217444
- SUSE Bug 1217531
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
Затронутые продукты
Ссылки
- CVE-2023-3776
- SUSE Bug 1213588
- SUSE Bug 1215119
- SUSE Bug 1215674
- SUSE Bug 1217444
- SUSE Bug 1217531
- SUSE Bug 1221578
- SUSE Bug 1221598
- SUSE Bug 1223091
- SUSE Bug 1223973
Описание
An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Затронутые продукты
Ссылки
- CVE-2023-3812
- SUSE Bug 1213543
- SUSE Bug 1213706
- SUSE Bug 1217444
- SUSE Bug 1217531
Описание
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.
Затронутые продукты
Ссылки
- CVE-2023-4273
- SUSE Bug 1214120
- SUSE Bug 1214123