Vulnerability from csaf_suse
Published
2023-10-10 14:42
Modified
2023-10-10 14:42
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
The following non-security bugs were fixed:
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
Patchnames
SUSE-2023-4035,SUSE-SLE-Micro-5.5-2023-4035,SUSE-SLE-Module-Live-Patching-15-SP5-2023-4035,SUSE-SLE-Module-RT-15-SP5-2023-4035,openSUSE-SLE-15.5-2023-4035
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).\n- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).\n- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).\n- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).\n- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).\n- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)\n- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).\n- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).\n- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).\n- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).\n- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).\n- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)\n\nThe following non-security bugs were fixed:\n\n- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).\n- arm64: module-plts: inline linux/moduleloader.h (git-fixes)\n- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)\n- arm64: sdei: abort running SDEI handlers during crash (git-fixes)\n- arm64: tegra: Update AHUB clock parent and rate (git-fixes)\n- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)\n- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).\n- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).\n- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).\n- ASoC: meson: spdifin: start hw on dai probe (git-fixes).\n- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).\n- ASoC: rt5640: Fix sleep in atomic context (git-fixes).\n- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).\n- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).\n- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).\n- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).\n- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).\n- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).\n- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).\n- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).\n- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).\n- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).\n- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).\n- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).\n- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).\n- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: \t* rename ast_device to ast_private\n- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: \t* rename ast_device to ast_private \t* context changes\n- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).\n- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).\n- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).\n- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).\n- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).\n- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).\n- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).\n- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).\n- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).\n- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).\n- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).\n- ext4: Remove ext4 locking of moved directory (bsc#1214957).\n- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).\n- fs: Establish locking order for unrelated directories (bsc#1214958).\n- fs: Lock moved directories (bsc#1214959).\n- fs: lockd: avoid possible wrong NULL parameter (git-fixes).\n- fs: no need to check source (bsc#1215752).\n- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).\n- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).\n- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).\n- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).\n- gve: Changes to add new TX queues (bsc#1214479).\n- gve: Control path for DQO-QPL (bsc#1214479).\n- gve: fix frag_list chaining (bsc#1214479).\n- gve: Fix gve interrupt names (bsc#1214479).\n- gve: RX path for DQO-QPL (bsc#1214479).\n- gve: trivial spell fix Recive to Receive (bsc#1214479).\n- gve: Tx path for DQO-QPL (bsc#1214479).\n- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).\n- gve: use vmalloc_array and vcalloc (bsc#1214479).\n- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).\n- hwrng: virtio - add an internal buffer (git-fixes).\n- hwrng: virtio - always add a pending request (git-fixes).\n- hwrng: virtio - do not wait on cleanup (git-fixes).\n- hwrng: virtio - do not waste entropy (git-fixes).\n- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).\n- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).\n- iommu/virtio: Detach domain on endpoint release (git-fixes).\n- iommu/virtio: Return size mapped for a detached domain (git-fixes).\n- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).\n- jbd2: correct the end of the journal recovery scan range (bsc#1214955).\n- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).\n- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).\n- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).\n- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).\n- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).\n- jbd2: remove t_checkpoint_io_list (bsc#1214946).\n- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).\n- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.\n- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.\n- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).\n- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).\n- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).\n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).\n- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).\n- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).\n- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).\n- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).\n- loop: Fix use-after-free issues (bsc#1214991).\n- loop: loop_set_status_from_info() check before assignment (bsc#1214990).\n- module: Expose module_init_layout_section() (git-fixes)\n- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).\n- net: mana: Add page pool for RX buffers (bsc#1214040).\n- net: mana: Configure hwc timeout from hardware (bsc#1214037).\n- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).\n- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).\n- nfs/blocklayout: Use the passed in gfp flags (git-fixes).\n- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).\n- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).\n- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).\n- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).\n- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).\n- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).\n- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).\n- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).\n- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).\n- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).\n- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).\n- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).\n- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).\n- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).\n- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).\n- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).\n- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).\n- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).\n- pNFS: Fix assignment of xprtdata.cred (git-fixes).\n- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).\n- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).\n- quota: add new helper dquot_active() (bsc#1214998).\n- quota: factor out dquot_write_dquot() (bsc#1214995).\n- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).\n- quota: fix warning in dqgrab() (bsc#1214962).\n- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).\n- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).\n- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)\n- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).\n- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).\n- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).\n- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).\n- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).\n- scsi: storvsc: Handle additional SRB status values (git-fixes).\n- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).\n- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).\n- spi: Add TPM HW flow flag (bsc#1213534)\n- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)\n- spi: tegra210-quad: set half duplex flag (bsc#1213534)\n- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).\n- tpm_tis_spi: Add hardware wait polling (bsc#1213534)\n- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).\n- udf: Fix extension of the last extent in the file (bsc#1214964).\n- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).\n- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).\n- udf: Fix uninitialized array access for some pathnames (bsc#1214967).\n- Update metadata\n- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).\n- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).\n- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).\n- vhost-scsi: unbreak any layout for response (git-fixes).\n- vhost: allow batching hint without size (git-fixes).\n- vhost: allow batching hint without size (git-fixes).\n- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).\n- vhost: handle error while adding split ranges to iotlb (git-fixes).\n- virtio_net: add checking sq is full inside xdp xmit (git-fixes).\n- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).\n- virtio_net: reorder some funcs (git-fixes).\n- virtio_net: separate the logic of checking whether sq is full (git-fixes).\n- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).\n- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).\n- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).\n- virtio-net: fix race between set queues and probe (git-fixes).\n- virtio-net: set queues after driver_ok (git-fixes).\n- virtio-rng: make device ready before making request (git-fixes).\n- virtio: acknowledge all features before access (git-fixes).\n- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).\n- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).\n- x86/coco: Export cc_vendor (bsc#1206453).\n- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).\n- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).\n- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).\n- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)\n- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).\n- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).\n- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).\n- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).\n- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).\n- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).\n- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).\n- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).\n- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).\n- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).\n- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).\n- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).\n- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).\n- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).\n- x86/srso: Do not probe microcode in a guest (git-fixes).\n- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).\n- x86/srso: Fix srso_show_state() side effect (git-fixes).\n- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).\n- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).\n- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4035,SUSE-SLE-Micro-5.5-2023-4035,SUSE-SLE-Module-Live-Patching-15-SP5-2023-4035,SUSE-SLE-Module-RT-15-SP5-2023-4035,openSUSE-SLE-15.5-2023-4035", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4035-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4035-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234035-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4035-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016616.html", }, { category: "self", summary: "SUSE Bug 1152472", url: "https://bugzilla.suse.com/1152472", }, { category: "self", summary: "SUSE Bug 1202845", url: "https://bugzilla.suse.com/1202845", }, { category: "self", summary: "SUSE Bug 1206453", url: "https://bugzilla.suse.com/1206453", }, { category: "self", summary: "SUSE Bug 1213808", url: "https://bugzilla.suse.com/1213808", }, { category: "self", summary: "SUSE Bug 1214941", url: "https://bugzilla.suse.com/1214941", }, { category: "self", summary: "SUSE Bug 1214942", url: "https://bugzilla.suse.com/1214942", }, { category: "self", summary: "SUSE Bug 1214943", url: "https://bugzilla.suse.com/1214943", }, { category: "self", summary: "SUSE Bug 1214944", url: "https://bugzilla.suse.com/1214944", }, { category: "self", summary: "SUSE Bug 1214950", url: "https://bugzilla.suse.com/1214950", }, { category: "self", summary: "SUSE Bug 1214951", url: "https://bugzilla.suse.com/1214951", }, { category: "self", summary: "SUSE Bug 1214954", url: "https://bugzilla.suse.com/1214954", }, { category: "self", summary: "SUSE Bug 1214957", url: "https://bugzilla.suse.com/1214957", }, { category: "self", summary: "SUSE Bug 1214986", url: "https://bugzilla.suse.com/1214986", }, { category: "self", summary: "SUSE Bug 1214992", url: "https://bugzilla.suse.com/1214992", }, { category: "self", summary: "SUSE Bug 1214993", url: "https://bugzilla.suse.com/1214993", }, { category: "self", summary: "SUSE Bug 1215322", url: "https://bugzilla.suse.com/1215322", }, { category: "self", summary: "SUSE Bug 1215523", url: "https://bugzilla.suse.com/1215523", }, { category: "self", summary: "SUSE Bug 1215877", url: "https://bugzilla.suse.com/1215877", }, { category: "self", summary: "SUSE Bug 1215894", url: "https://bugzilla.suse.com/1215894", }, { category: "self", summary: "SUSE Bug 1215895", url: "https://bugzilla.suse.com/1215895", }, { category: "self", summary: "SUSE Bug 1215896", url: "https://bugzilla.suse.com/1215896", }, { category: "self", summary: "SUSE Bug 1215911", url: "https://bugzilla.suse.com/1215911", }, { category: "self", summary: "SUSE Bug 1215915", url: "https://bugzilla.suse.com/1215915", }, { category: "self", summary: "SUSE Bug 1215916", url: "https://bugzilla.suse.com/1215916", }, { category: "self", summary: "SUSE CVE CVE-2023-1206 page", url: "https://www.suse.com/security/cve/CVE-2023-1206/", }, { category: "self", summary: "SUSE CVE CVE-2023-39192 page", url: "https://www.suse.com/security/cve/CVE-2023-39192/", }, { category: "self", summary: "SUSE CVE CVE-2023-39193 page", url: "https://www.suse.com/security/cve/CVE-2023-39193/", }, { category: "self", summary: "SUSE CVE CVE-2023-39194 page", url: "https://www.suse.com/security/cve/CVE-2023-39194/", }, { category: "self", summary: "SUSE CVE CVE-2023-4155 page", url: "https://www.suse.com/security/cve/CVE-2023-4155/", }, { category: "self", summary: "SUSE CVE CVE-2023-42753 page", url: "https://www.suse.com/security/cve/CVE-2023-42753/", }, { category: "self", summary: "SUSE CVE CVE-2023-42754 page", url: "https://www.suse.com/security/cve/CVE-2023-42754/", }, { category: "self", summary: "SUSE CVE CVE-2023-4389 page", url: "https://www.suse.com/security/cve/CVE-2023-4389/", }, { category: "self", summary: "SUSE CVE CVE-2023-4622 page", url: "https://www.suse.com/security/cve/CVE-2023-4622/", }, { category: "self", summary: "SUSE CVE CVE-2023-4623 page", url: "https://www.suse.com/security/cve/CVE-2023-4623/", }, { category: "self", summary: "SUSE CVE CVE-2023-4921 page", url: "https://www.suse.com/security/cve/CVE-2023-4921/", }, { category: "self", summary: "SUSE CVE CVE-2023-5345 page", url: "https://www.suse.com/security/cve/CVE-2023-5345/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2023-10-10T14:42:43Z", generator: { date: "2023-10-10T14:42:43Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4035-1", initial_release_date: "2023-10-10T14:42:43Z", revision_history: [ { date: "2023-10-10T14:42:43Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch", product: { name: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch", product_id: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch", }, }, { category: "product_version", name: "kernel-source-rt-5.14.21-150500.13.21.1.noarch", product: { name: "kernel-source-rt-5.14.21-150500.13.21.1.noarch", product_id: "kernel-source-rt-5.14.21-150500.13.21.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", product_id: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", product_id: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", product_id: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", product: { name: "kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", product_id: "kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", product_id: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", product_id: "kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", product_id: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, }, { category: "product_version", name: "reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", product: { name: "reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", product_id: "reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.5", product: { name: "SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Live Patching 15 SP5", product: { name: "SUSE Linux Enterprise Live Patching 15 SP5", product_id: "SUSE Linux Enterprise Live Patching 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-live-patching:15:sp5", }, }, }, { category: "product_name", name: "SUSE Real Time Module 15 SP5", product: { name: "SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-rt:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5", product_id: "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", }, product_reference: "kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 15 SP5", }, { category: "default_component_of", full_product_name: { name: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", }, product_reference: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-5.14.21-150500.13.21.1.noarch as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", }, product_reference: "kernel-source-rt-5.14.21-150500.13.21.1.noarch", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of SUSE Real Time Module 15 SP5", product_id: "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "SUSE Real Time Module 15 SP5", }, { category: "default_component_of", full_product_name: { name: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", }, product_reference: "kernel-devel-rt-5.14.21-150500.13.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-extra-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-optional-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-5.14.21-150500.13.21.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", }, product_reference: "kernel-source-rt-5.14.21-150500.13.21.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", }, product_reference: "reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-1206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1206", }, ], notes: [ { category: "general", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1206", url: "https://www.suse.com/security/cve/CVE-2023-1206", }, { category: "external", summary: "SUSE Bug 1212703 for CVE-2023-1206", url: "https://bugzilla.suse.com/1212703", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-1206", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-1206", }, { cve: "CVE-2023-39192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39192", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39192", url: "https://www.suse.com/security/cve/CVE-2023-39192", }, { category: "external", summary: "SUSE Bug 1215858 for CVE-2023-39192", url: "https://bugzilla.suse.com/1215858", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39192", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-39192", }, { cve: "CVE-2023-39193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39193", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39193", url: "https://www.suse.com/security/cve/CVE-2023-39193", }, { category: "external", summary: "SUSE Bug 1215860 for CVE-2023-39193", url: "https://bugzilla.suse.com/1215860", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39193", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39194", }, ], notes: [ { category: "general", text: "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39194", url: "https://www.suse.com/security/cve/CVE-2023-39194", }, { category: "external", summary: "SUSE Bug 1215861 for CVE-2023-39194", url: "https://bugzilla.suse.com/1215861", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "low", }, ], title: "CVE-2023-39194", }, { cve: "CVE-2023-4155", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4155", }, ], notes: [ { category: "general", text: "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4155", url: "https://www.suse.com/security/cve/CVE-2023-4155", }, { category: "external", summary: "SUSE Bug 1214022 for CVE-2023-4155", url: "https://bugzilla.suse.com/1214022", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-4155", }, { cve: "CVE-2023-42753", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-42753", }, ], notes: [ { category: "general", text: "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-42753", url: "https://www.suse.com/security/cve/CVE-2023-42753", }, { category: "external", summary: "SUSE Bug 1215150 for CVE-2023-42753", url: "https://bugzilla.suse.com/1215150", }, { category: "external", summary: "SUSE Bug 1218613 for CVE-2023-42753", url: "https://bugzilla.suse.com/1218613", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-42753", }, { cve: "CVE-2023-42754", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-42754", }, ], notes: [ { category: "general", text: "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-42754", url: "https://www.suse.com/security/cve/CVE-2023-42754", }, { category: "external", summary: "SUSE Bug 1215467 for CVE-2023-42754", url: "https://bugzilla.suse.com/1215467", }, { category: "external", summary: "SUSE Bug 1222212 for CVE-2023-42754", url: "https://bugzilla.suse.com/1222212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-42754", }, { cve: "CVE-2023-4389", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4389", }, ], notes: [ { category: "general", text: "A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4389", url: "https://www.suse.com/security/cve/CVE-2023-4389", }, { category: "external", summary: "SUSE Bug 1214351 for CVE-2023-4389", url: "https://bugzilla.suse.com/1214351", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-4389", }, { cve: "CVE-2023-4622", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4622", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4622", url: "https://www.suse.com/security/cve/CVE-2023-4622", }, { category: "external", summary: "SUSE Bug 1215117 for CVE-2023-4622", url: "https://bugzilla.suse.com/1215117", }, { category: "external", summary: "SUSE Bug 1215442 for CVE-2023-4622", url: "https://bugzilla.suse.com/1215442", }, { category: "external", summary: "SUSE Bug 1217531 for CVE-2023-4622", url: "https://bugzilla.suse.com/1217531", }, { category: "external", summary: "SUSE Bug 1219699 for CVE-2023-4622", url: "https://bugzilla.suse.com/1219699", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "important", }, ], title: "CVE-2023-4622", }, { cve: "CVE-2023-4623", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4623", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4623", url: "https://www.suse.com/security/cve/CVE-2023-4623", }, { category: "external", summary: "SUSE Bug 1215115 for CVE-2023-4623", url: "https://bugzilla.suse.com/1215115", }, { category: "external", summary: "SUSE Bug 1215440 for CVE-2023-4623", url: "https://bugzilla.suse.com/1215440", }, { category: "external", summary: "SUSE Bug 1217444 for CVE-2023-4623", url: "https://bugzilla.suse.com/1217444", }, { category: "external", summary: "SUSE Bug 1217531 for CVE-2023-4623", url: "https://bugzilla.suse.com/1217531", }, { category: "external", summary: "SUSE Bug 1219698 for CVE-2023-4623", url: "https://bugzilla.suse.com/1219698", }, { category: "external", summary: "SUSE Bug 1221578 for CVE-2023-4623", url: "https://bugzilla.suse.com/1221578", }, { category: "external", summary: "SUSE Bug 1221598 for CVE-2023-4623", url: "https://bugzilla.suse.com/1221598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "important", }, ], title: "CVE-2023-4623", }, { cve: "CVE-2023-4921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-4921", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-4921", url: "https://www.suse.com/security/cve/CVE-2023-4921", }, { category: "external", summary: "SUSE Bug 1215275 for CVE-2023-4921", url: "https://bugzilla.suse.com/1215275", }, { category: "external", summary: "SUSE Bug 1215300 for CVE-2023-4921", url: "https://bugzilla.suse.com/1215300", }, { category: "external", summary: "SUSE Bug 1217444 for CVE-2023-4921", url: "https://bugzilla.suse.com/1217444", }, { category: "external", summary: "SUSE Bug 1217531 for CVE-2023-4921", url: "https://bugzilla.suse.com/1217531", }, { category: "external", summary: "SUSE Bug 1220906 for CVE-2023-4921", url: "https://bugzilla.suse.com/1220906", }, { category: "external", summary: "SUSE Bug 1223091 for CVE-2023-4921", url: "https://bugzilla.suse.com/1223091", }, { category: "external", summary: "SUSE Bug 1224418 for CVE-2023-4921", url: "https://bugzilla.suse.com/1224418", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "important", }, ], title: "CVE-2023-4921", }, { cve: "CVE-2023-5345", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-5345", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.\n\nIn case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.\n\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-5345", url: "https://www.suse.com/security/cve/CVE-2023-5345", }, { category: "external", summary: "SUSE Bug 1215899 for CVE-2023-5345", url: "https://bugzilla.suse.com/1215899", }, { category: "external", summary: "SUSE Bug 1215971 for CVE-2023-5345", url: "https://bugzilla.suse.com/1215971", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1.x86_64", "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "SUSE Real Time Module 15 SP5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "SUSE Real Time Module 15 SP5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:cluster-md-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:dlm-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:gfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-devel-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-extra-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-optional-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-rt_debug-vdso-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kernel-source-rt-5.14.21-150500.13.21.1.noarch", "openSUSE Leap 15.5:kernel-syms-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:kselftests-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:ocfs2-kmp-rt-5.14.21-150500.13.21.1.x86_64", "openSUSE Leap 15.5:reiserfs-kmp-rt-5.14.21-150500.13.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-10T14:42:43Z", details: "moderate", }, ], title: "CVE-2023-5345", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.