SUSE-SU-2023:2146-1 -- SLES kernel, reiserfs-kmp-defaultID: oval:org.secpod.oval:def:89048821 | Date: (C)2023-06-02 (M)2024-04-25 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation . * CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks . * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system . * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create . * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege . * CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress . * CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove . * CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code . * CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove . * CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference . * CVE-2023-1990: Fixed a use after free in ndlc_remove . * CVE-2023-1989: Fixed a use after free in btsdio_remove . * CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation . * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot . * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. The following non-security bugs were fixed: * Drivers: vmbus: Check for channel allocation before looking up relids . * Replace mkinitrd dependency with dracut . * cifs: fix negotiate context parsing . ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
Product: |
kernel |
reiserfs-kmp-default |