SUSE-SU-2023:4781-1

Опубликовано: 13 дек. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-150500_13_24 fixes one issue.

The following security issue was fixed:

CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097)

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP5

kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234781-1/
Link for SUSE-SU-2023:4781-1
https://lists.suse.com/pipermail/sle-security-updates/2023-December/017321.html
E-Mail link for SUSE-SU-2023:4781-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215097
SUSE Bug 1215097
https://www.suse.com/security/cve/CVE-2023-3777/
SUSE CVE CVE-2023-3777 page

Описание

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-3777.html
CVE-2023-3777
https://bugzilla.suse.com/1215095
SUSE Bug 1215095
https://bugzilla.suse.com/1215097
SUSE Bug 1215097

SUSE-SU-2023:4781-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP5

Ссылки

Уязвимость: CVE-2023-3777

Описание

Затронутые продукты

Ссылки