Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
Lustre 2.16.0, Lustre 2.15.4
-
None
-
3
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095) - CVE-2023-46813: Fixed a local privilege escalation with user-space programs
that have access to MMIO regions (bsc#1212649). - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860). - CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could
allow a malicious user to execute a remote code execution. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-
supplied eBPF programs that may have allowed an attacker with CAP_BPF
privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-November/017006.html