Описание
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-150500_55_19 fixes one issue.
The following security issue was fixed:
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
kernel-livepatch-5_14_21-150400_24_81-default-2-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5
kernel-livepatch-5_14_21-150500_55_19-default-2-150500.2.1
Ссылки
- Link for SUSE-SU-2023:3929-1
- E-Mail link for SUSE-SU-2023:3929-1
- SUSE Security Ratings
- SUSE Bug 1214123
- SUSE CVE CVE-2023-4273 page
Описание
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.
Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-2-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-2-150500.2.1
Ссылки
- CVE-2023-4273
- SUSE Bug 1214120
- SUSE Bug 1214123