Описание
Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues.
The following security issues were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215097)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215519)
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
SUSE Linux Enterprise Live Patching 15 SP5
Ссылки
- Link for SUSE-SU-2023:4867-1
- E-Mail link for SUSE-SU-2023:4867-1
- SUSE Security Ratings
- SUSE Bug 1215097
- SUSE Bug 1215519
- SUSE CVE CVE-2023-2163 page
- SUSE CVE CVE-2023-3777 page
Описание
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Затронутые продукты
Ссылки
- CVE-2023-2163
- SUSE Bug 1215518
- SUSE Bug 1215519
Описание
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
Затронутые продукты
Ссылки
- CVE-2023-3777
- SUSE Bug 1215095
- SUSE Bug 1215097