SUSE-SU-2023:4030-1 -- SLES kernel, reiserfs-kmp-defaultID: oval:org.secpod.oval:def:89050938 | Date: (C)2023-11-16 (M)2024-04-25 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system . * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges . * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% . * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio . * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler . * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation . * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation . * CVE-2020-36766: Fixed a potential information leak in in the CEC driver . * CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system . * CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system . * CVE-2023-4881: Fixed an out-of-bounds write flaw in the netfilter subsystem that could lead to information disclosure or denial of service . * CVE-2023-40283: Fixed a use-after-free issue in the Bluetooth subsystem . * CVE-2023-1192: Fixed a use-after-free in the CIFS subsystem . The following non-security bugs were fixed: * check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC . * mkspec: Allow unsupported KMPs * rpm/mkspec-dtb: support for nested subdirs. * x86/srso: Do not probe microcode in a guest . * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off . * x86/srso: Fix srso_show_state side effect . * x86/srso: Set CPUID feature bits independently of bug or mitigation status . ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
Product: |
kernel |
reiserfs-kmp-default |