Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
Lustre 2.16.0, Lustre 2.15.4
-
None
-
3
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component.
This vulnerability could allow a local attacker to crash the system or lead
to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could
allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could
allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow
a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which
could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization
(SEV). An attacker can trigger a stack overflow and cause a denial of
service or potentially guest-to-host escape in kernel configurations without
stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that
could be exploited in order to leak internal kernel information or crash the
system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter
subsystem. This issue may have allowed a local user to crash the system or
potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
table. A user located in the local network or with a high bandwidth
connection can increase the CPU usage of the server that accepts IPV6
connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalatio
(bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
which could be exploited to achieve local privilege escalation
(bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network
protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
(bsc#1208995).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016677.html