Vulnerability from csaf_suse
Published
2023-10-10 12:21
Modified
2023-10-10 12:21
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).
- Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).
- arm64: insn: Fix ldadd instruction encoding (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).
- blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1214586).
- blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).
- btrfs: output extra information on failure (bsc#1215136).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380)
- direct-io: allow direct writes to empty inodes (bsc#1215164).
- drm/ast: Fix DRAM init on AST2200 (bsc#1152446)
- drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes
- drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms()
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)
- fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)
- fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).
- firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).
- firmware: raspberrypi: Keep count of all consumers (git-fixes).
- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
- fs: avoid softlockups in s_inodes iterators (bsc#1215165).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).
- media: cec: copy sequence field for the reply (git-fixes).
- media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).
- media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).
- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: s5p_cec: decrement usage count if disabled (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes).
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net: virtio_vsock: Enhance connection semantics (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: fix warning in dqgrab() (bsc#1214962).
- remoteproc: Add missing '\n' in log messages (git-fixes).
- remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).
- s390/dasd: fix hanging device after request requeue (bsc#1215121).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152).
- s390: add z16 elf platform (bsc#1215954).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- vhost/test: stop device before reset (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
- vhost: Do not call access_ok() when using IOTLB (git-fixes).
- vhost: Fix vhost_vq_reset() (git-fixes).
- vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vhost: introduce helpers to get the size of metadata area (git-fixes).
- vhost: missing __user tags (git-fixes).
- vhost: vsock: kick send_pkt worker once device is started (git-fixes).
- vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- virtio_balloon: prevent pfn array overflow (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: Remove BUG() to avoid machine dead (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device (git-fixes).
- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).
- virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: free queued packets when closing socket (git-fixes).
- vsock/virtio: update credit only if socket is not closed (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
Patchnames
SUSE-2023-4033,SUSE-SLE-RT-12-SP5-2023-4033
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).\n- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).\n- CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).\n- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).\n- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).\n- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).\n- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).\n- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).\n- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).\n- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).\n- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).\n- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).\n\nThe following non-security bugs were fixed:\n\n- 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).\n- Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).\n- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).\n- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).\n- Input: xpad - add constants for GIP interface numbers (git-fixes).\n- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).\n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).\n- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).\n- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).\n- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).\n- USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).\n- USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).\n- VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).\n- arm64: insn: Fix ldadd instruction encoding (git-fixes)\n- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)\n- blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)\n- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).\n- blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1214586).\n- blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).\n- btrfs: output extra information on failure (bsc#1215136).\n- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380)\n- direct-io: allow direct writes to empty inodes (bsc#1215164).\n- drm/ast: Fix DRAM init on AST2200 (bsc#1152446)\n- drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: \t* move changes to drm_fb_helper.c \t* context changes\n- drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: \t* send hotplug event from drm_client_add() \t* remove drm_dbg_kms()\n- drm/virtio: Fix GEM handle creation UAF (git-fixes).\n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).\n- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).\n- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).\n- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).\n- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).\n- fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).\n- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)\n- fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)\n- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)\n- fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).\n- firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).\n- firmware: raspberrypi: Keep count of all consumers (git-fixes).\n- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).\n- fs: avoid softlockups in s_inodes iterators (bsc#1215165).\n- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).\n- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n- idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).\n- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).\n- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).\n- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).\n- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).\n- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).\n- jbd2: remove t_checkpoint_io_list (bsc#1214946).\n- jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).\n- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).\n- jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).\n- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.\n- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.\n- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).\n- media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).\n- media: cec: copy sequence field for the reply (git-fixes).\n- media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).\n- media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).\n- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes).\n- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).\n- media: s5p_cec: decrement usage count if disabled (git-fixes).\n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).\n- mkspec: Allow unsupported KMPs (bsc#1214386)\n- net/mlx5: Fix size field in bufferx_reg struct (git-fixes).\n- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).\n- net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes).\n- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).\n- net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).\n- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).\n- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).\n- net: virtio_vsock: Enhance connection semantics (git-fixes).\n- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).\n- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.\n- powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).\n- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).\n- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).\n- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).\n- quota: fix warning in dqgrab() (bsc#1214962).\n- remoteproc: Add missing '\\n' in log messages (git-fixes).\n- remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).\n- s390/dasd: fix hanging device after request requeue (bsc#1215121).\n- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152).\n- s390: add z16 elf platform (bsc#1215954).\n- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).\n- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).\n- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).\n- tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634).\n- udf: Fix extension of the last extent in the file (bsc#1214964).\n- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).\n- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).\n- udf: Fix uninitialized array access for some pathnames (bsc#1214967).\n- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).\n- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).\n- vhost/net: Clear the pending messages when the backend is removed (git-fixes).\n- vhost/test: stop device before reset (git-fixes).\n- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).\n- vhost: Do not call access_ok() when using IOTLB (git-fixes).\n- vhost: Fix vhost_vq_reset() (git-fixes).\n- vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).\n- vhost: fix range used in translate_desc() (git-fixes).\n- vhost: introduce helpers to get the size of metadata area (git-fixes).\n- vhost: missing __user tags (git-fixes).\n- vhost: vsock: kick send_pkt worker once device is started (git-fixes).\n- vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).\n- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n- virtio-gpu: fix possible memory allocation failure (git-fixes).\n- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).\n- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).\n- virtio-net: fix race between set queues and probe (git-fixes).\n- virtio-net: fix the race between refill work and close (git-fixes).\n- virtio-net: set queues after driver_ok (git-fixes).\n- virtio-rng: make device ready before making request (git-fixes).\n- virtio: acknowledge all features before access (git-fixes).\n- virtio_balloon: prevent pfn array overflow (git-fixes).\n- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).\n- virtio_mmio: Restore guest page size on resume (git-fixes).\n- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).\n- virtio_net: Remove BUG() to avoid machine dead (git-fixes).\n- virtio_net: add checking sq is full inside xdp xmit (git-fixes).\n- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).\n- virtio_net: reorder some funcs (git-fixes).\n- virtio_net: separate the logic of checking whether sq is full (git-fixes).\n- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).\n- virtio_pci: Support surprise removal of virtio pci device (git-fixes).\n- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).\n- virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).\n- vringh: Fix loop descriptors check in the indirect cases (git-fixes).\n- vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).\n- vsock/virtio: enable VQs early on probe (git-fixes).\n- vsock/virtio: free queued packets when closing socket (git-fixes).\n- vsock/virtio: update credit only if socket is not closed (git-fixes).\n- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).\n- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).\n- x86/srso: Do not probe microcode in a guest (git-fixes).\n- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).\n- x86/srso: Fix srso_show_state() side effect (git-fixes).\n- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).\n- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4033,SUSE-SLE-RT-12-SP5-2023-4033", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4033-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4033-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234033-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4033-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016620.html", }, { category: "self", summary: "SUSE Bug 1065729", url: "https://bugzilla.suse.com/1065729", }, { category: "self", summary: "SUSE Bug 1109837", url: "https://bugzilla.suse.com/1109837", }, { category: "self", summary: "SUSE Bug 1152446", url: "https://bugzilla.suse.com/1152446", }, { category: "self", summary: "SUSE Bug 1154048", url: "https://bugzilla.suse.com/1154048", }, { category: "self", summary: "SUSE Bug 1208995", url: "https://bugzilla.suse.com/1208995", }, { category: "self", summary: "SUSE Bug 1210169", url: "https://bugzilla.suse.com/1210169", }, { category: "self", summary: "SUSE Bug 1212703", url: "https://bugzilla.suse.com/1212703", }, { category: "self", summary: "SUSE Bug 1213016", url: "https://bugzilla.suse.com/1213016", }, { category: "self", summary: "SUSE Bug 1214157", url: "https://bugzilla.suse.com/1214157", }, { category: "self", summary: "SUSE Bug 1214380", url: "https://bugzilla.suse.com/1214380", }, { category: "self", summary: "SUSE Bug 1214386", url: "https://bugzilla.suse.com/1214386", }, { category: "self", summary: "SUSE Bug 1214586", url: "https://bugzilla.suse.com/1214586", }, { category: "self", summary: "SUSE Bug 1214940", url: "https://bugzilla.suse.com/1214940", }, { category: "self", summary: "SUSE Bug 1214943", url: "https://bugzilla.suse.com/1214943", }, { category: "self", summary: "SUSE Bug 1214945", url: "https://bugzilla.suse.com/1214945", }, { category: "self", summary: "SUSE Bug 1214946", url: "https://bugzilla.suse.com/1214946", }, { category: "self", summary: "SUSE Bug 1214948", url: "https://bugzilla.suse.com/1214948", }, { category: "self", summary: "SUSE Bug 1214949", url: "https://bugzilla.suse.com/1214949", }, { category: "self", summary: "SUSE Bug 1214950", url: "https://bugzilla.suse.com/1214950", }, { category: "self", summary: "SUSE Bug 1214952", url: "https://bugzilla.suse.com/1214952", }, { category: "self", summary: "SUSE Bug 1214953", url: "https://bugzilla.suse.com/1214953", }, { category: "self", summary: "SUSE Bug 1214961", url: "https://bugzilla.suse.com/1214961", }, { category: "self", summary: "SUSE Bug 1214962", url: "https://bugzilla.suse.com/1214962", }, { category: "self", summary: "SUSE Bug 1214964", url: "https://bugzilla.suse.com/1214964", }, { category: "self", summary: "SUSE Bug 1214965", url: "https://bugzilla.suse.com/1214965", }, { category: "self", summary: "SUSE Bug 1214966", url: "https://bugzilla.suse.com/1214966", }, { category: "self", summary: "SUSE Bug 1214967", url: "https://bugzilla.suse.com/1214967", }, { category: "self", summary: "SUSE Bug 1215115", url: "https://bugzilla.suse.com/1215115", }, { category: "self", summary: "SUSE Bug 1215117", url: "https://bugzilla.suse.com/1215117", }, { category: "self", summary: "SUSE Bug 1215121", url: "https://bugzilla.suse.com/1215121", }, { category: "self", summary: "SUSE Bug 1215122", url: "https://bugzilla.suse.com/1215122", }, { category: "self", summary: "SUSE Bug 1215136", url: "https://bugzilla.suse.com/1215136", }, { category: "self", summary: "SUSE Bug 1215149", url: "https://bugzilla.suse.com/1215149", }, { category: "self", summary: "SUSE Bug 1215152", url: "https://bugzilla.suse.com/1215152", }, { category: "self", summary: "SUSE Bug 1215162", url: "https://bugzilla.suse.com/1215162", }, { category: "self", summary: "SUSE Bug 1215164", url: "https://bugzilla.suse.com/1215164", }, { category: "self", summary: "SUSE Bug 1215165", url: "https://bugzilla.suse.com/1215165", }, { category: "self", summary: "SUSE Bug 1215207", url: "https://bugzilla.suse.com/1215207", }, { category: "self", summary: "SUSE Bug 1215221", url: "https://bugzilla.suse.com/1215221", }, { category: "self", summary: "SUSE Bug 1215275", url: "https://bugzilla.suse.com/1215275", }, { category: "self", summary: "SUSE Bug 1215299", url: "https://bugzilla.suse.com/1215299", }, { category: "self", summary: "SUSE Bug 1215467", url: "https://bugzilla.suse.com/1215467", }, { category: "self", summary: "SUSE Bug 1215607", url: "https://bugzilla.suse.com/1215607", }, { category: "self", summary: "SUSE Bug 1215634", url: "https://bugzilla.suse.com/1215634", }, { category: "self", summary: "SUSE Bug 1215858", url: "https://bugzilla.suse.com/1215858", }, { category: "self", summary: "SUSE Bug 1215860", url: "https://bugzilla.suse.com/1215860", }, { category: "self", summary: "SUSE Bug 1215861", url: "https://bugzilla.suse.com/1215861", }, { category: "self", summary: "SUSE Bug 1215877", url: "https://bugzilla.suse.com/1215877", }, { category: "self", summary: "SUSE Bug 1215897", url: "https://bugzilla.suse.com/1215897", }, { category: "self", summary: "SUSE Bug 1215898", url: "https://bugzilla.suse.com/1215898", }, { category: "self", summary: "SUSE Bug 1215954", url: "https://bugzilla.suse.com/1215954", }, { category: "self", summary: "SUSE CVE CVE-2020-36766 page", url: "https://www.suse.com/security/cve/CVE-2020-36766/", }, { category: "self", summary: "SUSE CVE CVE-2023-1192 page", url: "https://www.suse.com/security/cve/CVE-2023-1192/", }, { category: "self", summary: "SUSE CVE CVE-2023-1206 page", url: "https://www.suse.com/security/cve/CVE-2023-1206/", }, { category: "self", summary: "SUSE CVE CVE-2023-1859 page", url: "https://www.suse.com/security/cve/CVE-2023-1859/", }, { category: "self", summary: "SUSE CVE CVE-2023-39192 page", url: "https://www.suse.com/security/cve/CVE-2023-39192/", }, { category: "self", summary: "SUSE CVE CVE-2023-39193 page", url: "https://www.suse.com/security/cve/CVE-2023-39193/", }, { category: "self", summary: "SUSE CVE CVE-2023-39194 page", url: "https://www.suse.com/security/cve/CVE-2023-39194/", }, { category: "self", summary: "SUSE CVE CVE-2023-42754 page", url: "https://www.suse.com/security/cve/CVE-2023-42754/", }, { category: "self", summary: "SUSE CVE CVE-2023-4622 page", url: "https://www.suse.com/security/cve/CVE-2023-4622/", }, { category: "self", summary: "SUSE CVE CVE-2023-4623 page", url: "https://www.suse.com/security/cve/CVE-2023-4623/", }, { category: "self", summary: "SUSE CVE CVE-2023-4881 page", url: "https://www.suse.com/security/cve/CVE-2023-4881/", }, { category: "self", summary: "SUSE CVE CVE-2023-4921 page", url: "https://www.suse.com/security/cve/CVE-2023-4921/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2023-10-10T12:21:11Z", generator: { date: "2023-10-10T12:21:11Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4033-1", initial_release_date: "2023-10-10T12:21:11Z", revision_history: [ { date: "2023-10-10T12:21:11Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-4.12.14-10.144.1.noarch", product: { name: "kernel-devel-rt-4.12.14-10.144.1.noarch", product_id: "kernel-devel-rt-4.12.14-10.144.1.noarch", }, }, { category: "product_version", name: "kernel-source-rt-4.12.14-10.144.1.noarch", product: { name: "kernel-source-rt-4.12.14-10.144.1.noarch", product_id: "kernel-source-rt-4.12.14-10.144.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", product: { name: "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", product_id: "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "cluster-md-kmp-rt_debug-4.12.14-10.144.1.x86_64", product: { name: "cluster-md-kmp-rt_debug-4.12.14-10.144.1.x86_64", product_id: "cluster-md-kmp-rt_debug-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt-4.12.14-10.144.1.x86_64", product: { name: "dlm-kmp-rt-4.12.14-10.144.1.x86_64", product_id: "dlm-kmp-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt_debug-4.12.14-10.144.1.x86_64", product: { name: "dlm-kmp-rt_debug-4.12.14-10.144.1.x86_64", product_id: "dlm-kmp-rt_debug-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt-4.12.14-10.144.1.x86_64", product: { name: "gfs2-kmp-rt-4.12.14-10.144.1.x86_64", product_id: "gfs2-kmp-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64", product: { name: "gfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64", product_id: "gfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt-4.12.14-10.144.1.x86_64", product_id: "kernel-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt-base-4.12.14-10.144.1.x86_64", product_id: "kernel-rt-base-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt-devel-4.12.14-10.144.1.x86_64", product_id: "kernel-rt-devel-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-extra-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt-extra-4.12.14-10.144.1.x86_64", product_id: "kernel-rt-extra-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-kgraft-devel-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt-kgraft-devel-4.12.14-10.144.1.x86_64", product_id: "kernel-rt-kgraft-devel-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt_debug-4.12.14-10.144.1.x86_64", product_id: "kernel-rt_debug-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-base-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt_debug-base-4.12.14-10.144.1.x86_64", product_id: "kernel-rt_debug-base-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", product_id: "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-extra-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt_debug-extra-4.12.14-10.144.1.x86_64", product_id: "kernel-rt_debug-extra-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-kgraft-devel-4.12.14-10.144.1.x86_64", product: { name: "kernel-rt_debug-kgraft-devel-4.12.14-10.144.1.x86_64", product_id: "kernel-rt_debug-kgraft-devel-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-4.12.14-10.144.1.x86_64", product: { name: "kernel-syms-rt-4.12.14-10.144.1.x86_64", product_id: "kernel-syms-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt-4.12.14-10.144.1.x86_64", product: { name: "kselftests-kmp-rt-4.12.14-10.144.1.x86_64", product_id: "kselftests-kmp-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt_debug-4.12.14-10.144.1.x86_64", product: { name: "kselftests-kmp-rt_debug-4.12.14-10.144.1.x86_64", product_id: "kselftests-kmp-rt_debug-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", product: { name: "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", product_id: "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64", product: { name: "ocfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64", product_id: "ocfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 12 SP5", product: { name: "SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", }, product_reference: "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "dlm-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", }, product_reference: "dlm-kmp-rt-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "gfs2-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", }, product_reference: "gfs2-kmp-rt-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-4.12.14-10.144.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", }, product_reference: "kernel-devel-rt-4.12.14-10.144.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", }, product_reference: "kernel-rt-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", }, product_reference: "kernel-rt-base-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", }, product_reference: "kernel-rt-devel-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", }, product_reference: "kernel-rt_debug-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", }, product_reference: "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-4.12.14-10.144.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", }, product_reference: "kernel-source-rt-4.12.14-10.144.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", }, product_reference: "kernel-syms-rt-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, { category: "default_component_of", full_product_name: { name: "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5", product_id: "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", }, product_reference: "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-36766", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-36766", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-36766", url: "https://www.suse.com/security/cve/CVE-2020-36766", }, { category: "external", summary: "SUSE Bug 1215299 for CVE-2020-36766", url: "https://bugzilla.suse.com/1215299", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "low", }, ], title: "CVE-2020-36766", }, { cve: "CVE-2023-1192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1192", }, ], notes: [ { category: "general", text: "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1192", url: "https://www.suse.com/security/cve/CVE-2023-1192", }, { category: "external", summary: "SUSE Bug 1208995 for CVE-2023-1192", url: "https://bugzilla.suse.com/1208995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "moderate", }, ], title: "CVE-2023-1192", }, { cve: "CVE-2023-1206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1206", }, ], notes: [ { category: "general", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1206", url: "https://www.suse.com/security/cve/CVE-2023-1206", }, { category: "external", summary: "SUSE Bug 1212703 for CVE-2023-1206", url: "https://bugzilla.suse.com/1212703", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-1206", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "moderate", }, ], title: "CVE-2023-1206", }, { cve: "CVE-2023-1859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1859", }, ], notes: [ { category: "general", text: "A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1859", url: "https://www.suse.com/security/cve/CVE-2023-1859", }, { category: "external", summary: "SUSE Bug 1210169 for CVE-2023-1859", url: "https://bugzilla.suse.com/1210169", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 1.9, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "low", }, ], title: "CVE-2023-1859", }, { cve: "CVE-2023-39192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39192", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39192", url: "https://www.suse.com/security/cve/CVE-2023-39192", }, { category: "external", summary: "SUSE Bug 1215858 for CVE-2023-39192", url: "https://bugzilla.suse.com/1215858", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39192", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "moderate", }, ], title: "CVE-2023-39192", }, { cve: "CVE-2023-39193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39193", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39193", url: "https://www.suse.com/security/cve/CVE-2023-39193", }, { category: "external", summary: "SUSE Bug 1215860 for CVE-2023-39193", url: "https://bugzilla.suse.com/1215860", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39193", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "moderate", }, ], title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39194", }, ], notes: [ { category: "general", text: "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39194", url: "https://www.suse.com/security/cve/CVE-2023-39194", }, { category: "external", summary: "SUSE Bug 1215861 for CVE-2023-39194", url: "https://bugzilla.suse.com/1215861", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "low", }, ], title: "CVE-2023-39194", }, { cve: "CVE-2023-42754", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-42754", }, ], notes: [ { category: "general", text: "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-42754", url: "https://www.suse.com/security/cve/CVE-2023-42754", }, { category: "external", summary: "SUSE Bug 1215467 for CVE-2023-42754", url: "https://bugzilla.suse.com/1215467", }, { category: "external", summary: "SUSE Bug 1222212 for CVE-2023-42754", url: "https://bugzilla.suse.com/1222212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "moderate", }, ], title: "CVE-2023-42754", }, { cve: "CVE-2023-4622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4622", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4622", url: "https://www.suse.com/security/cve/CVE-2023-4622", }, { category: "external", summary: "SUSE Bug 1215117 for CVE-2023-4622", url: "https://bugzilla.suse.com/1215117", }, { category: "external", summary: "SUSE Bug 1215442 for CVE-2023-4622", url: "https://bugzilla.suse.com/1215442", }, { category: "external", summary: "SUSE Bug 1217531 for CVE-2023-4622", url: "https://bugzilla.suse.com/1217531", }, { category: "external", summary: "SUSE Bug 1219699 for CVE-2023-4622", url: "https://bugzilla.suse.com/1219699", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "important", }, ], title: "CVE-2023-4622", }, { cve: "CVE-2023-4623", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4623", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4623", url: "https://www.suse.com/security/cve/CVE-2023-4623", }, { category: "external", summary: "SUSE Bug 1215115 for CVE-2023-4623", url: "https://bugzilla.suse.com/1215115", }, { category: "external", summary: "SUSE Bug 1215440 for CVE-2023-4623", url: "https://bugzilla.suse.com/1215440", }, { category: "external", summary: "SUSE Bug 1217444 for CVE-2023-4623", url: "https://bugzilla.suse.com/1217444", }, { category: "external", summary: "SUSE Bug 1217531 for CVE-2023-4623", url: "https://bugzilla.suse.com/1217531", }, { category: "external", summary: "SUSE Bug 1219698 for CVE-2023-4623", url: "https://bugzilla.suse.com/1219698", }, { category: "external", summary: "SUSE Bug 1221578 for CVE-2023-4623", url: "https://bugzilla.suse.com/1221578", }, { category: "external", summary: "SUSE Bug 1221598 for CVE-2023-4623", url: "https://bugzilla.suse.com/1221598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "important", }, ], title: "CVE-2023-4623", }, { cve: "CVE-2023-4881", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4881", }, ], notes: [ { category: "general", text: "** REJECT ** CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4881", url: "https://www.suse.com/security/cve/CVE-2023-4881", }, { category: "external", summary: "SUSE Bug 1215221 for CVE-2023-4881", url: "https://bugzilla.suse.com/1215221", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "moderate", }, ], title: "CVE-2023-4881", }, { cve: "CVE-2023-4921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4921", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4921", url: "https://www.suse.com/security/cve/CVE-2023-4921", }, { category: "external", summary: "SUSE Bug 1215275 for CVE-2023-4921", url: "https://bugzilla.suse.com/1215275", }, { category: "external", summary: "SUSE Bug 1215300 for CVE-2023-4921", url: "https://bugzilla.suse.com/1215300", }, { category: "external", summary: "SUSE Bug 1217444 for CVE-2023-4921", url: "https://bugzilla.suse.com/1217444", }, { category: "external", summary: "SUSE Bug 1217531 for CVE-2023-4921", url: "https://bugzilla.suse.com/1217531", }, { category: "external", summary: "SUSE Bug 1220906 for CVE-2023-4921", url: "https://bugzilla.suse.com/1220906", }, { category: "external", summary: "SUSE Bug 1223091 for CVE-2023-4921", url: "https://bugzilla.suse.com/1223091", }, { category: "external", summary: "SUSE Bug 1224418 for CVE-2023-4921", url: "https://bugzilla.suse.com/1224418", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch", "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T12:21:11Z", details: "important", }, ], title: "CVE-2023-4921", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.