Описание
Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-150400_24_92 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Список пакетов
SUSE Linux Enterprise Live Patching 15 SP4
Ссылки
- Link for SUSE-SU-2024:1418-1
- E-Mail link for SUSE-SU-2024:1418-1
- SUSE Security Ratings
- SUSE Bug 1216644
- SUSE Bug 1219435
- SUSE Bug 1220828
- SUSE CVE CVE-2023-5717 page
- SUSE CVE CVE-2024-1086 page
- SUSE CVE CVE-2024-26622 page
Описание
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
Затронутые продукты
Ссылки
- CVE-2023-5717
- SUSE Bug 1216584
- SUSE Bug 1216644
- SUSE Bug 1217557
- SUSE Bug 1219697
- SUSE Bug 1220191
Описание
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Затронутые продукты
Ссылки
- CVE-2024-1086
- SUSE Bug 1219434
- SUSE Bug 1219435
- SUSE Bug 1224298
- SUSE Bug 1224878
- SUSE Bug 1226066
Описание
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.
Затронутые продукты
Ссылки
- CVE-2024-26622
- SUSE Bug 1220825
- SUSE Bug 1220828
- SUSE Bug 1224298
- SUSE Bug 1224878