[LU-16601] kernel update [SLES15 SP4 5.14.21-150400.24.46.1]

Related — Thu, 6 Apr 2023 21:29:25 +0000

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in
net/sched/sch_atm.c because of type confusion (non-negative numbers can
sometimes indicate a TC_ACT_SHOT condition rather than valid
classification results) (bsc#1207125).
CVE-2023-23454: Fixed denial or service in cbq_classify in
net/sched/sch_cbq.c (bnc#1207036).
CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM
package. SNDRV_CTL_IOCTL_ELEM_ {READ|WRITE}
32 was missing locks that
could have been used in a use-after-free that could have resulted in a
priviledge escalation to gain ring0 access from the system user
(bsc#1207134).
CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header
bits (bsc#1207034).
CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in
nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth
Denial of Service (DoS) attack on a remote machine (bnc#1207050).
CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race
condition among the superblock operations inside the gadgetfs code
(bsc#1206258).
CVE-2020-24588: Fixed injection of arbitrary network packets against
devices that support receiving non-SSP A-MSDU frames (which is mandatory
as part of 802.11n) (bsc#1199701).

Whamcloud Community JIRA