Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0421-1

Опубликовано: 07 фев. 2024
Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues.

The following security issues were fixed:

  • CVE-2023-6932: Fixed a use-after-free vulnerability in the ipv4 igmp component that could lead to local privilege escalation (bsc#1218255).
  • CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217522).
  • CVE-2023-5178: Fixed a use-after-free vulnerability in queue intialization setup (bsc#1215768).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4
kernel-livepatch-5_14_21-150400_24_88-default-4-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5
kernel-livepatch-5_14_21-150500_55_7-default-6-150500.2.1

Ссылки

Описание

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-4-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-6-150500.2.1
Ссылки

Описание

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-4-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-6-150500.2.1
Ссылки

Описание

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

Затронутые продукты
SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-4-150400.2.1
SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-6-150500.2.1
Ссылки