SUSE-SU-2023:2611-1 -- SLES kernel, reiserfs-kmp-defaultID: oval:org.secpod.oval:def:89049086 | Date: (C)2023-07-18 (M)2024-04-25 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol . * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM . * CVE-2022-3566: Fixed race condition in the TCP Handler . * CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service . * CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context . * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device . * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c . * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free . * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected . * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call . * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event . * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops . * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c . * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class because lmax can exceed QFQ_MIN_LMAX . * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver . * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept was also allowed for a successfully connected AF_NETROM socket . * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests . * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control subsystem . * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies . * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem . * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition . * CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem . The following non-security bugs were fixed: * SUNRPC: Ensure the transport backchannel association . * hv: vmbus: Optimize vmbus_on_event . * ipv6: sr: fix out-of-bounds read when setting HMAC data . * s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver . ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 15 SP3 |
Product: |
kernel |
reiserfs-kmp-default |