Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
Lustre 2.16.0, Lustre 2.15.4
-
None
-
3
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738). - CVE-2023-20569: Fixed side channel attack 'Inception' or 'RAS Poisoning'
(bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-August/015903.html