Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
Lustre 2.16.0, Lustre 2.15.3
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
net/sched/sch_atm.c because of type confusion (non-negative numbers can
sometimes indicate a TC_ACT_SHOT condition rather than valid
classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in
net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_ {READ|WRITE}32 was missing locks that
could have been used in a use-after-free that could have resulted in a
priviledge escalation to gain ring0 access from the system user
(bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header
bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in
nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth
Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race
condition among the superblock operations inside the gadgetfs code
(bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against
devices that support receiving non-SSP A-MSDU frames (which is mandatory
as part of 802.11n) (bsc#1199701).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013801.html