Описание
Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-150300_59_112 fixes several issues.
The following security issues were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097)
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215442).
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519)
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP3
Ссылки
- Link for SUSE-SU-2023:4836-1
- E-Mail link for SUSE-SU-2023:4836-1
- SUSE Security Ratings
- SUSE Bug 1215097
- SUSE Bug 1215442
- SUSE Bug 1215519
- SUSE CVE CVE-2023-2163 page
- SUSE CVE CVE-2023-3777 page
- SUSE CVE CVE-2023-4622 page
Описание
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Затронутые продукты
Ссылки
- CVE-2023-2163
- SUSE Bug 1215518
- SUSE Bug 1215519
Описание
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
Затронутые продукты
Ссылки
- CVE-2023-3777
- SUSE Bug 1215095
- SUSE Bug 1215097
Описание
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
Затронутые продукты
Ссылки
- CVE-2023-4622
- SUSE Bug 1215117
- SUSE Bug 1215442
- SUSE Bug 1217531
- SUSE Bug 1219699