|
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could
allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could
allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow
a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which
could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization
(SEV). An attacker can trigger a stack overflow and cause a denial of
service or potentially guest-to-host escape in kernel configurations without
stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that
could be exploited in order to leak internal kernel information or crash the
system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter
subsystem. This issue may have allowed a local user to crash the system or
potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
table. A user located in the local network or with a high bandwidth
connection can increase the CPU usage of the server that accepts IPV6
connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalatio
(bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
which could be exploited to achieve local privilege escalation
(bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network
protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
(bsc#1208995).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016678.html
|