Описание
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity() that could cause memory corruption (bsc#1208600).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
- CVE-2023-20588: Fixed a potential data leak that could be triggered through a side channel when division by zero occurred on some AMD processors (bsc#1213927).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in the vmxnet3 driver that may have allowed a local attacker with user privileges to cause a denial of service (bsc#1214451).
- CVE-2023-3772: Fixed a flaw in the XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to denial of service (bsc#1213666).
- CVE-2023-2007: Removed the dpt_i2o driver due to security issues (bsc#1210448, jsc#PED-4579).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
Список пакетов
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
Ссылки
- Link for SUSE-SU-2023:4028-1
- E-Mail link for SUSE-SU-2023:4028-1
- SUSE Security Ratings
- SUSE Bug 1208600
- SUSE Bug 1208995
- SUSE Bug 1210448
- SUSE Bug 1213666
- SUSE Bug 1213927
- SUSE Bug 1214348
- SUSE Bug 1214451
- SUSE Bug 1215115
- SUSE CVE CVE-2023-1077 page
- SUSE CVE CVE-2023-1192 page
- SUSE CVE CVE-2023-2007 page
- SUSE CVE CVE-2023-20588 page
- SUSE CVE CVE-2023-3772 page
- SUSE CVE CVE-2023-4385 page
- SUSE CVE CVE-2023-4459 page
- SUSE CVE CVE-2023-4623 page
Описание
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
Затронутые продукты
Ссылки
- CVE-2023-1077
- SUSE Bug 1208600
- SUSE Bug 1208839
- SUSE Bug 1213841
- SUSE Bug 1213842
Описание
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.
Затронутые продукты
Ссылки
- CVE-2023-1192
- SUSE Bug 1208995
Описание
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
Затронутые продукты
Ссылки
- CVE-2023-2007
- SUSE Bug 1210448
Описание
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
Затронутые продукты
Ссылки
- CVE-2023-20588
- SUSE Bug 1213927
Описание
A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.
Затронутые продукты
Ссылки
- CVE-2023-3772
- SUSE Bug 1213666
Описание
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.
Затронутые продукты
Ссылки
- CVE-2023-4385
- SUSE Bug 1214348
- SUSE Bug 1222212
Описание
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
Затронутые продукты
Ссылки
- CVE-2023-4459
- SUSE Bug 1214451
Описание
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
Затронутые продукты
Ссылки
- CVE-2023-4623
- SUSE Bug 1215115
- SUSE Bug 1215440
- SUSE Bug 1217444
- SUSE Bug 1217531
- SUSE Bug 1219698
- SUSE Bug 1221578
- SUSE Bug 1221598