ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS (bsc#1210778).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure (bsc#1216046).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
Π‘ΠΏΠΈΡΠΎΠΊ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ²
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
Π‘ΡΡΠ»ΠΊΠΈ
- Link for SUSE-SU-2024:0112-1
- E-Mail link for SUSE-SU-2024:0112-1
- SUSE Security Ratings
- SUSE Bug 1179610
- SUSE Bug 1205762
- SUSE Bug 1210778
- SUSE Bug 1212051
- SUSE Bug 1212703
- SUSE Bug 1215237
- SUSE Bug 1215858
- SUSE Bug 1215860
- SUSE Bug 1216046
- SUSE Bug 1216058
- SUSE Bug 1216976
- SUSE Bug 1217947
- SUSE Bug 1218253
- SUSE Bug 1218559
- SUSE CVE CVE-2020-26555 page
- SUSE CVE CVE-2022-45887 page
- SUSE CVE CVE-2023-1206 page
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2020-26555
- SUSE Bug 1179610
- SUSE Bug 1215237
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-45887
- SUSE Bug 1205762
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-1206
- SUSE Bug 1212703
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-31085
- SUSE Bug 1210778
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-3111
- SUSE Bug 1212051
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-39189
- SUSE Bug 1216046
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-39192
- SUSE Bug 1215858
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-39193
- SUSE Bug 1215860
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-39197
- SUSE Bug 1216976
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-45863
- SUSE Bug 1216058
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-51779
- SUSE Bug 1218559
- SUSE Bug 1218610
- SUSE Bug 1220015
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-6606
- SUSE Bug 1217947
- SUSE Bug 1220015
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2023-6932
- SUSE Bug 1218253
- SUSE Bug 1218255
- SUSE Bug 1220015
- SUSE Bug 1220191
- SUSE Bug 1221578
- SUSE Bug 1221598