SUSE-SU-2024:1063-1

Опубликовано: 29 мар. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-150400_24_60 fixes several issues.

The following security issues were fixed:

CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).
CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898).
CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4

kernel-livepatch-5_14_21-150400_24_60-default-11-150400.2.3

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241063-1/
Link for SUSE-SU-2024:1063-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018244.html
E-Mail link for SUSE-SU-2024:1063-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1216898
SUSE Bug 1216898
https://bugzilla.suse.com/1218487
SUSE Bug 1218487
https://bugzilla.suse.com/1218610
SUSE Bug 1218610
https://www.suse.com/security/cve/CVE-2023-46813/
SUSE CVE CVE-2023-46813 page
https://www.suse.com/security/cve/CVE-2023-51779/
SUSE CVE CVE-2023-51779 page
https://www.suse.com/security/cve/CVE-2023-6531/
SUSE CVE CVE-2023-6531 page

Описание

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_60-default-11-150400.2.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-46813.html
CVE-2023-46813
https://bugzilla.suse.com/1212649
SUSE Bug 1212649
https://bugzilla.suse.com/1216896
SUSE Bug 1216896

Описание

bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_60-default-11-150400.2.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-51779.html
CVE-2023-51779
https://bugzilla.suse.com/1218559
SUSE Bug 1218559
https://bugzilla.suse.com/1218610
SUSE Bug 1218610
https://bugzilla.suse.com/1220015
SUSE Bug 1220015
https://bugzilla.suse.com/1220191
SUSE Bug 1220191
https://bugzilla.suse.com/1221578
SUSE Bug 1221578
https://bugzilla.suse.com/1221598
SUSE Bug 1221598

Описание

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_60-default-11-150400.2.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-6531.html
CVE-2023-6531
https://bugzilla.suse.com/1218447
SUSE Bug 1218447
https://bugzilla.suse.com/1218487
SUSE Bug 1218487

SUSE-SU-2024:1063-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP4

Ссылки

Уязвимость: CVE-2023-46813

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-51779

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-6531

Описание

Затронутые продукты

Ссылки