SUSE-SU-2023:0852-1 -- SLES kernelID: oval:org.secpod.oval:def:89048625 | Date: (C)2023-04-11 (M)2024-04-25 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol . A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen . * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow . * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure . * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query . * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver . * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set . * CVE-2023-0590: Fixed race condition in qdisc_graft . * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation . The following non-security bugs were fixed: * kabi/severities: add l2tp local symbols ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 12 SP4 |