SUSE-SU-2024:0373-1

Опубликовано: 06 фев. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 44 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122_162 fixes one issue.

The following security issue was fixed:

CVE-2023-6932: Fixed a use-after-free vulnerability in the ipv4 igmp component that could lead to local privilege escalation (bsc#1218255).

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

kgraft-patch-4_12_14-122_162-default-7-2.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240373-1/
Link for SUSE-SU-2024:0373-1
https://lists.suse.com/pipermail/sle-security-updates/2024-February/017874.html
E-Mail link for SUSE-SU-2024:0373-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218255
SUSE Bug 1218255
https://www.suse.com/security/cve/CVE-2023-6932/
SUSE CVE CVE-2023-6932 page

Описание

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

Затронутые продукты

SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_162-default-7-2.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-6932.html
CVE-2023-6932
https://bugzilla.suse.com/1218253
SUSE Bug 1218253
https://bugzilla.suse.com/1218255
SUSE Bug 1218255
https://bugzilla.suse.com/1220015
SUSE Bug 1220015
https://bugzilla.suse.com/1220191
SUSE Bug 1220191
https://bugzilla.suse.com/1221578
SUSE Bug 1221578
https://bugzilla.suse.com/1221598
SUSE Bug 1221598

SUSE-SU-2024:0373-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 12 SP5

Ссылки

Уязвимость: CVE-2023-6932

Описание

Затронутые продукты

Ссылки