Vulnerability from csaf_suse
Published
2024-01-16 12:29
Modified
2024-01-16 12:29
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS (bsc#1210778).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure (bsc#1216046).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
Patchnames
SUSE-2024-112,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-112
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).\n- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).\n- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).\n- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS (bsc#1210778).\n- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).\n- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure (bsc#1216046).\n- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).\n- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).\n- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).\n- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).\n- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).\n- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).\n\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-112,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-112", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0112-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:0112-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20240112-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:0112-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017672.html", }, { category: "self", summary: "SUSE Bug 1179610", url: "https://bugzilla.suse.com/1179610", }, { category: "self", summary: "SUSE Bug 1205762", url: "https://bugzilla.suse.com/1205762", }, { category: "self", summary: "SUSE Bug 1210778", url: "https://bugzilla.suse.com/1210778", }, { category: "self", summary: "SUSE Bug 1212051", url: "https://bugzilla.suse.com/1212051", }, { category: "self", summary: "SUSE Bug 1212703", url: "https://bugzilla.suse.com/1212703", }, { category: "self", summary: "SUSE Bug 1215237", url: "https://bugzilla.suse.com/1215237", }, { category: "self", summary: "SUSE Bug 1215858", url: "https://bugzilla.suse.com/1215858", }, { category: "self", summary: "SUSE Bug 1215860", url: "https://bugzilla.suse.com/1215860", }, { category: "self", summary: "SUSE Bug 1216046", url: "https://bugzilla.suse.com/1216046", }, { category: "self", summary: "SUSE Bug 1216058", url: "https://bugzilla.suse.com/1216058", }, { category: "self", summary: "SUSE Bug 1216976", url: "https://bugzilla.suse.com/1216976", }, { category: "self", summary: "SUSE Bug 1217947", url: "https://bugzilla.suse.com/1217947", }, { category: "self", summary: "SUSE Bug 1218253", url: "https://bugzilla.suse.com/1218253", }, { category: "self", summary: "SUSE Bug 1218559", url: "https://bugzilla.suse.com/1218559", }, { category: "self", summary: "SUSE CVE CVE-2020-26555 page", url: "https://www.suse.com/security/cve/CVE-2020-26555/", }, { category: "self", summary: "SUSE CVE CVE-2022-45887 page", url: "https://www.suse.com/security/cve/CVE-2022-45887/", }, { category: "self", summary: "SUSE CVE CVE-2023-1206 page", url: "https://www.suse.com/security/cve/CVE-2023-1206/", }, { category: "self", summary: "SUSE CVE CVE-2023-31085 page", url: "https://www.suse.com/security/cve/CVE-2023-31085/", }, { category: "self", summary: "SUSE CVE CVE-2023-3111 page", url: "https://www.suse.com/security/cve/CVE-2023-3111/", }, { category: "self", summary: "SUSE CVE CVE-2023-39189 page", url: "https://www.suse.com/security/cve/CVE-2023-39189/", }, { category: "self", summary: "SUSE CVE CVE-2023-39192 page", url: "https://www.suse.com/security/cve/CVE-2023-39192/", }, { category: "self", summary: "SUSE CVE CVE-2023-39193 page", url: "https://www.suse.com/security/cve/CVE-2023-39193/", }, { category: "self", summary: "SUSE CVE CVE-2023-39197 page", url: "https://www.suse.com/security/cve/CVE-2023-39197/", }, { category: "self", summary: "SUSE CVE CVE-2023-45863 page", url: "https://www.suse.com/security/cve/CVE-2023-45863/", }, { category: "self", summary: "SUSE CVE CVE-2023-51779 page", url: "https://www.suse.com/security/cve/CVE-2023-51779/", }, { category: "self", summary: "SUSE CVE CVE-2023-6606 page", url: "https://www.suse.com/security/cve/CVE-2023-6606/", }, { category: "self", summary: "SUSE CVE CVE-2023-6932 page", url: "https://www.suse.com/security/cve/CVE-2023-6932/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2024-01-16T12:29:23Z", generator: { date: "2024-01-16T12:29:23Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:0112-1", initial_release_date: "2024-01-16T12:29:23Z", revision_history: [ { date: "2024-01-16T12:29:23Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-debug-3.0.101-108.150.1.i586", product: { name: "kernel-debug-3.0.101-108.150.1.i586", product_id: "kernel-debug-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-debug-base-3.0.101-108.150.1.i586", product: { name: "kernel-debug-base-3.0.101-108.150.1.i586", product_id: "kernel-debug-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-debug-devel-3.0.101-108.150.1.i586", product: { name: "kernel-debug-devel-3.0.101-108.150.1.i586", product_id: "kernel-debug-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-debug-extra-3.0.101-108.150.1.i586", product: { name: "kernel-debug-extra-3.0.101-108.150.1.i586", product_id: "kernel-debug-extra-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-debug-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-debug-hmac-3.0.101-108.150.1.i586", product_id: "kernel-debug-hmac-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-default-3.0.101-108.150.1.i586", product: { name: "kernel-default-3.0.101-108.150.1.i586", product_id: "kernel-default-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-default-base-3.0.101-108.150.1.i586", product: { name: "kernel-default-base-3.0.101-108.150.1.i586", product_id: "kernel-default-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-default-devel-3.0.101-108.150.1.i586", product: { name: "kernel-default-devel-3.0.101-108.150.1.i586", product_id: "kernel-default-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-default-extra-3.0.101-108.150.1.i586", product: { name: "kernel-default-extra-3.0.101-108.150.1.i586", product_id: "kernel-default-extra-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-default-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-default-hmac-3.0.101-108.150.1.i586", product_id: "kernel-default-hmac-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-ec2-3.0.101-108.150.1.i586", product: { name: "kernel-ec2-3.0.101-108.150.1.i586", product_id: "kernel-ec2-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-ec2-base-3.0.101-108.150.1.i586", product: { name: "kernel-ec2-base-3.0.101-108.150.1.i586", product_id: "kernel-ec2-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-ec2-devel-3.0.101-108.150.1.i586", product: { name: "kernel-ec2-devel-3.0.101-108.150.1.i586", product_id: "kernel-ec2-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-ec2-extra-3.0.101-108.150.1.i586", product: { name: "kernel-ec2-extra-3.0.101-108.150.1.i586", product_id: "kernel-ec2-extra-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-ec2-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-ec2-hmac-3.0.101-108.150.1.i586", product_id: "kernel-ec2-hmac-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-pae-3.0.101-108.150.1.i586", product: { name: "kernel-pae-3.0.101-108.150.1.i586", product_id: "kernel-pae-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-pae-base-3.0.101-108.150.1.i586", product: { name: "kernel-pae-base-3.0.101-108.150.1.i586", product_id: "kernel-pae-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-pae-devel-3.0.101-108.150.1.i586", product: { name: "kernel-pae-devel-3.0.101-108.150.1.i586", product_id: "kernel-pae-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-pae-extra-3.0.101-108.150.1.i586", product: { name: "kernel-pae-extra-3.0.101-108.150.1.i586", product_id: "kernel-pae-extra-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-pae-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-pae-hmac-3.0.101-108.150.1.i586", product_id: "kernel-pae-hmac-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-source-3.0.101-108.150.1.i586", product: { name: "kernel-source-3.0.101-108.150.1.i586", product_id: "kernel-source-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.i586", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.i586", product_id: "kernel-source-vanilla-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-syms-3.0.101-108.150.1.i586", product: { name: "kernel-syms-3.0.101-108.150.1.i586", product_id: "kernel-syms-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-trace-3.0.101-108.150.1.i586", product: { name: "kernel-trace-3.0.101-108.150.1.i586", product_id: "kernel-trace-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-trace-base-3.0.101-108.150.1.i586", product: { name: "kernel-trace-base-3.0.101-108.150.1.i586", product_id: "kernel-trace-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-trace-devel-3.0.101-108.150.1.i586", product: { name: "kernel-trace-devel-3.0.101-108.150.1.i586", product_id: "kernel-trace-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-trace-extra-3.0.101-108.150.1.i586", product: { name: "kernel-trace-extra-3.0.101-108.150.1.i586", product_id: "kernel-trace-extra-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-trace-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-trace-hmac-3.0.101-108.150.1.i586", product_id: "kernel-trace-hmac-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-vanilla-3.0.101-108.150.1.i586", product: { name: "kernel-vanilla-3.0.101-108.150.1.i586", product_id: "kernel-vanilla-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-vanilla-base-3.0.101-108.150.1.i586", product: { name: "kernel-vanilla-base-3.0.101-108.150.1.i586", product_id: "kernel-vanilla-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-vanilla-devel-3.0.101-108.150.1.i586", product: { name: "kernel-vanilla-devel-3.0.101-108.150.1.i586", product_id: "kernel-vanilla-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-vanilla-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-vanilla-hmac-3.0.101-108.150.1.i586", product_id: "kernel-vanilla-hmac-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-xen-3.0.101-108.150.1.i586", product: { name: "kernel-xen-3.0.101-108.150.1.i586", product_id: "kernel-xen-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-xen-base-3.0.101-108.150.1.i586", product: { name: "kernel-xen-base-3.0.101-108.150.1.i586", product_id: "kernel-xen-base-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-xen-devel-3.0.101-108.150.1.i586", product: { name: "kernel-xen-devel-3.0.101-108.150.1.i586", product_id: "kernel-xen-devel-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-xen-extra-3.0.101-108.150.1.i586", product: { name: "kernel-xen-extra-3.0.101-108.150.1.i586", product_id: "kernel-xen-extra-3.0.101-108.150.1.i586", }, }, { category: "product_version", name: "kernel-xen-hmac-3.0.101-108.150.1.i586", product: { name: "kernel-xen-hmac-3.0.101-108.150.1.i586", product_id: "kernel-xen-hmac-3.0.101-108.150.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "kernel-source-3.0.101-108.150.1.ia64", product: { name: "kernel-source-3.0.101-108.150.1.ia64", product_id: "kernel-source-3.0.101-108.150.1.ia64", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.ia64", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.ia64", product_id: "kernel-source-vanilla-3.0.101-108.150.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "kernel-docs-3.0.101-108.150.1.noarch", product: { name: "kernel-docs-3.0.101-108.150.1.noarch", product_id: "kernel-docs-3.0.101-108.150.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "kernel-source-3.0.101-108.150.1.ppc", product: { name: "kernel-source-3.0.101-108.150.1.ppc", product_id: "kernel-source-3.0.101-108.150.1.ppc", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.ppc", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.ppc", product_id: "kernel-source-vanilla-3.0.101-108.150.1.ppc", }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "kernel-source-3.0.101-108.150.1.ppc64", product: { name: "kernel-source-3.0.101-108.150.1.ppc64", product_id: "kernel-source-3.0.101-108.150.1.ppc64", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.ppc64", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.ppc64", product_id: "kernel-source-vanilla-3.0.101-108.150.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "kernel-source-3.0.101-108.150.1.s390", product: { name: "kernel-source-3.0.101-108.150.1.s390", product_id: "kernel-source-3.0.101-108.150.1.s390", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.s390", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.s390", product_id: "kernel-source-vanilla-3.0.101-108.150.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "kernel-source-3.0.101-108.150.1.s390x", product: { name: "kernel-source-3.0.101-108.150.1.s390x", product_id: "kernel-source-3.0.101-108.150.1.s390x", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.s390x", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.s390x", product_id: "kernel-source-vanilla-3.0.101-108.150.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "kernel-debug-3.0.101-108.150.1.x86_64", product: { name: "kernel-debug-3.0.101-108.150.1.x86_64", product_id: "kernel-debug-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-debug-base-3.0.101-108.150.1.x86_64", product: { name: "kernel-debug-base-3.0.101-108.150.1.x86_64", product_id: "kernel-debug-base-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-debug-devel-3.0.101-108.150.1.x86_64", product: { name: "kernel-debug-devel-3.0.101-108.150.1.x86_64", product_id: "kernel-debug-devel-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-debug-extra-3.0.101-108.150.1.x86_64", product: { name: "kernel-debug-extra-3.0.101-108.150.1.x86_64", product_id: "kernel-debug-extra-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-debug-hmac-3.0.101-108.150.1.x86_64", product: { name: "kernel-debug-hmac-3.0.101-108.150.1.x86_64", product_id: "kernel-debug-hmac-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-default-3.0.101-108.150.1.x86_64", product: { name: "kernel-default-3.0.101-108.150.1.x86_64", product_id: "kernel-default-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-default-base-3.0.101-108.150.1.x86_64", product: { name: "kernel-default-base-3.0.101-108.150.1.x86_64", product_id: "kernel-default-base-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-default-devel-3.0.101-108.150.1.x86_64", product: { name: "kernel-default-devel-3.0.101-108.150.1.x86_64", product_id: "kernel-default-devel-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-default-extra-3.0.101-108.150.1.x86_64", product: { name: "kernel-default-extra-3.0.101-108.150.1.x86_64", product_id: "kernel-default-extra-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-default-hmac-3.0.101-108.150.1.x86_64", product: { name: "kernel-default-hmac-3.0.101-108.150.1.x86_64", product_id: "kernel-default-hmac-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-ec2-3.0.101-108.150.1.x86_64", product: { name: "kernel-ec2-3.0.101-108.150.1.x86_64", product_id: "kernel-ec2-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-ec2-base-3.0.101-108.150.1.x86_64", product: { name: "kernel-ec2-base-3.0.101-108.150.1.x86_64", product_id: "kernel-ec2-base-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-ec2-devel-3.0.101-108.150.1.x86_64", product: { name: "kernel-ec2-devel-3.0.101-108.150.1.x86_64", product_id: "kernel-ec2-devel-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-ec2-extra-3.0.101-108.150.1.x86_64", product: { name: "kernel-ec2-extra-3.0.101-108.150.1.x86_64", product_id: "kernel-ec2-extra-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-ec2-hmac-3.0.101-108.150.1.x86_64", product: { name: "kernel-ec2-hmac-3.0.101-108.150.1.x86_64", product_id: "kernel-ec2-hmac-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-source-3.0.101-108.150.1.x86_64", product: { name: "kernel-source-3.0.101-108.150.1.x86_64", product_id: "kernel-source-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-source-vanilla-3.0.101-108.150.1.x86_64", product: { name: "kernel-source-vanilla-3.0.101-108.150.1.x86_64", product_id: "kernel-source-vanilla-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-3.0.101-108.150.1.x86_64", product: { name: "kernel-syms-3.0.101-108.150.1.x86_64", product_id: "kernel-syms-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-trace-3.0.101-108.150.1.x86_64", product: { name: "kernel-trace-3.0.101-108.150.1.x86_64", product_id: "kernel-trace-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-trace-base-3.0.101-108.150.1.x86_64", product: { name: "kernel-trace-base-3.0.101-108.150.1.x86_64", product_id: "kernel-trace-base-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-trace-devel-3.0.101-108.150.1.x86_64", product: { name: "kernel-trace-devel-3.0.101-108.150.1.x86_64", product_id: "kernel-trace-devel-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-trace-extra-3.0.101-108.150.1.x86_64", product: { name: "kernel-trace-extra-3.0.101-108.150.1.x86_64", product_id: "kernel-trace-extra-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-trace-hmac-3.0.101-108.150.1.x86_64", product: { name: "kernel-trace-hmac-3.0.101-108.150.1.x86_64", product_id: "kernel-trace-hmac-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-vanilla-3.0.101-108.150.1.x86_64", product: { name: "kernel-vanilla-3.0.101-108.150.1.x86_64", product_id: "kernel-vanilla-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-vanilla-base-3.0.101-108.150.1.x86_64", product: { name: "kernel-vanilla-base-3.0.101-108.150.1.x86_64", product_id: "kernel-vanilla-base-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-vanilla-devel-3.0.101-108.150.1.x86_64", product: { name: "kernel-vanilla-devel-3.0.101-108.150.1.x86_64", product_id: "kernel-vanilla-devel-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-vanilla-hmac-3.0.101-108.150.1.x86_64", product: { name: "kernel-vanilla-hmac-3.0.101-108.150.1.x86_64", product_id: "kernel-vanilla-hmac-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-xen-3.0.101-108.150.1.x86_64", product: { name: "kernel-xen-3.0.101-108.150.1.x86_64", product_id: "kernel-xen-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-xen-base-3.0.101-108.150.1.x86_64", product: { name: "kernel-xen-base-3.0.101-108.150.1.x86_64", product_id: "kernel-xen-base-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-xen-devel-3.0.101-108.150.1.x86_64", product: { name: "kernel-xen-devel-3.0.101-108.150.1.x86_64", product_id: "kernel-xen-devel-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-xen-extra-3.0.101-108.150.1.x86_64", product: { name: "kernel-xen-extra-3.0.101-108.150.1.x86_64", product_id: "kernel-xen-extra-3.0.101-108.150.1.x86_64", }, }, { category: "product_version", name: "kernel-xen-hmac-3.0.101-108.150.1.x86_64", product: { name: "kernel-xen-hmac-3.0.101-108.150.1.x86_64", product_id: "kernel-xen-hmac-3.0.101-108.150.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product: { name: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss-extreme-core:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-default-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-default-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-default-base-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-default-base-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-default-devel-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-default-devel-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-ec2-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-ec2-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-ec2-base-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-ec2-base-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-ec2-devel-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-ec2-devel-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-source-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-source-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-syms-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-trace-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-trace-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-trace-base-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-trace-base-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-trace-devel-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-trace-devel-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-xen-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-xen-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-xen-base-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-xen-base-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, { category: "default_component_of", full_product_name: { name: "kernel-xen-devel-3.0.101-108.150.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", product_id: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", }, product_reference: "kernel-xen-devel-3.0.101-108.150.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE", }, ], }, vulnerabilities: [ { cve: "CVE-2020-26555", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26555", }, ], notes: [ { category: "general", text: "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26555", url: "https://www.suse.com/security/cve/CVE-2020-26555", }, { category: "external", summary: "SUSE Bug 1179610 for CVE-2020-26555", url: "https://bugzilla.suse.com/1179610", }, { category: "external", summary: "SUSE Bug 1215237 for CVE-2020-26555", url: "https://bugzilla.suse.com/1215237", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2020-26555", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2020-26555", }, { cve: "CVE-2022-45887", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-45887", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-45887", url: "https://www.suse.com/security/cve/CVE-2022-45887", }, { category: "external", summary: "SUSE Bug 1205762 for CVE-2022-45887", url: "https://bugzilla.suse.com/1205762", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2022-45887", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2022-45887", }, { cve: "CVE-2023-1206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1206", }, ], notes: [ { category: "general", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel's IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1206", url: "https://www.suse.com/security/cve/CVE-2023-1206", }, { category: "external", summary: "SUSE Bug 1212703 for CVE-2023-1206", url: "https://bugzilla.suse.com/1212703", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-1206", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-1206", }, { cve: "CVE-2023-31085", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-31085", }, ], notes: [ { category: "general", text: "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-31085", url: "https://www.suse.com/security/cve/CVE-2023-31085", }, { category: "external", summary: "SUSE Bug 1210778 for CVE-2023-31085", url: "https://bugzilla.suse.com/1210778", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-31085", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-31085", }, { cve: "CVE-2023-3111", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-3111", }, ], notes: [ { category: "general", text: "A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-3111", url: "https://www.suse.com/security/cve/CVE-2023-3111", }, { category: "external", summary: "SUSE Bug 1212051 for CVE-2023-3111", url: "https://bugzilla.suse.com/1212051", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-3111", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-3111", }, { cve: "CVE-2023-39189", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39189", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39189", url: "https://www.suse.com/security/cve/CVE-2023-39189", }, { category: "external", summary: "SUSE Bug 1216046 for CVE-2023-39189", url: "https://bugzilla.suse.com/1216046", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39189", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-39189", }, { cve: "CVE-2023-39192", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39192", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39192", url: "https://www.suse.com/security/cve/CVE-2023-39192", }, { category: "external", summary: "SUSE Bug 1215858 for CVE-2023-39192", url: "https://bugzilla.suse.com/1215858", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39192", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-39192", }, { cve: "CVE-2023-39193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39193", }, ], notes: [ { category: "general", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39193", url: "https://www.suse.com/security/cve/CVE-2023-39193", }, { category: "external", summary: "SUSE Bug 1215860 for CVE-2023-39193", url: "https://bugzilla.suse.com/1215860", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39193", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-39193", }, { cve: "CVE-2023-39197", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39197", }, ], notes: [ { category: "general", text: "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39197", url: "https://www.suse.com/security/cve/CVE-2023-39197", }, { category: "external", summary: "SUSE Bug 1216976 for CVE-2023-39197", url: "https://bugzilla.suse.com/1216976", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-39197", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "low", }, ], title: "CVE-2023-39197", }, { cve: "CVE-2023-45863", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45863", }, ], notes: [ { category: "general", text: "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45863", url: "https://www.suse.com/security/cve/CVE-2023-45863", }, { category: "external", summary: "SUSE Bug 1216058 for CVE-2023-45863", url: "https://bugzilla.suse.com/1216058", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-45863", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-45863", }, { cve: "CVE-2023-51779", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-51779", }, ], notes: [ { category: "general", text: "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-51779", url: "https://www.suse.com/security/cve/CVE-2023-51779", }, { category: "external", summary: "SUSE Bug 1218559 for CVE-2023-51779", url: "https://bugzilla.suse.com/1218559", }, { category: "external", summary: "SUSE Bug 1218610 for CVE-2023-51779", url: "https://bugzilla.suse.com/1218610", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-51779", url: "https://bugzilla.suse.com/1220015", }, { category: "external", summary: "SUSE Bug 1220191 for CVE-2023-51779", url: "https://bugzilla.suse.com/1220191", }, { category: "external", summary: "SUSE Bug 1221578 for CVE-2023-51779", url: "https://bugzilla.suse.com/1221578", }, { category: "external", summary: "SUSE Bug 1221598 for CVE-2023-51779", url: "https://bugzilla.suse.com/1221598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-51779", }, { cve: "CVE-2023-6606", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-6606", }, ], notes: [ { category: "general", text: "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-6606", url: "https://www.suse.com/security/cve/CVE-2023-6606", }, { category: "external", summary: "SUSE Bug 1217947 for CVE-2023-6606", url: "https://bugzilla.suse.com/1217947", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-6606", url: "https://bugzilla.suse.com/1220015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-6606", }, { cve: "CVE-2023-6932", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-6932", }, ], notes: [ { category: "general", text: "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-6932", url: "https://www.suse.com/security/cve/CVE-2023-6932", }, { category: "external", summary: "SUSE Bug 1218253 for CVE-2023-6932", url: "https://bugzilla.suse.com/1218253", }, { category: "external", summary: "SUSE Bug 1218255 for CVE-2023-6932", url: "https://bugzilla.suse.com/1218255", }, { category: "external", summary: "SUSE Bug 1220015 for CVE-2023-6932", url: "https://bugzilla.suse.com/1220015", }, { category: "external", summary: "SUSE Bug 1220191 for CVE-2023-6932", url: "https://bugzilla.suse.com/1220191", }, { category: "external", summary: "SUSE Bug 1221578 for CVE-2023-6932", url: "https://bugzilla.suse.com/1221578", }, { category: "external", summary: "SUSE Bug 1221598 for CVE-2023-6932", url: "https://bugzilla.suse.com/1221598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.150.1.x86_64", "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.150.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-01-16T12:29:23Z", details: "moderate", }, ], title: "CVE-2023-6932", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.