Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-5717 (GCVE-0-2023-5717)
Vulnerability from cvelistv5 – Published: 2023-10-25 12:55 – Updated: 2026-02-25 17:20
VLAI
EPSS
Title
Out-of-bounds write in Linux kernel's Linux Kernel Performance Events (perf) component
Summary
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Date Public
2023-10-19 08:09
Credits
Budimir Markovic
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T04:00:16.642573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:20:08.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Budimir Markovic"
}
],
"datePublic": "2023-10-19T08:09:42.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:46.196Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in Linux kernel\u0027s Linux Kernel Performance Events (perf) component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-5717",
"datePublished": "2023-10-25T12:55:06.871Z",
"dateReserved": "2023-10-23T10:49:09.250Z",
"dateUpdated": "2026-02-25T17:20:08.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-5717",
"date": "2026-06-01",
"epss": "0.00279",
"percentile": "0.51471"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5717\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-10-25T18:17:43.913\",\"lastModified\":\"2025-02-13T18:15:59.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\\n\\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\\n\\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\"},{\"lang\":\"es\",\"value\":\"Se puede aprovechar una vulnerabilidad de escritura fuera de l\u00edmites del mont\u00f3n en el componente Linux Kernel Performance Events (perf) del kernel de Linux para lograr una escalada de privilegios local. Si se llama a perf_read_group() mientras la lista de hermanos de un evento es m\u00e1s peque\u00f1a que la lista de hermanos de su hijo, puede incrementar o escribir en ubicaciones de memoria fuera del b\u00fafer asignado. Recomendamos actualizar despu\u00e9s del commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.95\",\"versionEndExcluding\":\"3.3\",\"matchCriteriaId\":\"D0791B33-98B2-4081-91D6-F6E6C6342088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.16.50\",\"versionEndExcluding\":\"3.17\",\"matchCriteriaId\":\"04CF39E5-B417-4D51-8790-B5A3C24CF085\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4\",\"versionEndExcluding\":\"4.14.328\",\"matchCriteriaId\":\"9C31A02B-0175-4A49-8B2A-63D1F07114C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.297\",\"matchCriteriaId\":\"02978144-891F-40EF-83B8-59063740AEF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.259\",\"matchCriteriaId\":\"E9F46843-24C9-4AC7-B6BB-1EF101D05435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.199\",\"matchCriteriaId\":\"8D886A8D-A6CD-44FA-ACF5-DD260ECA7A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.137\",\"matchCriteriaId\":\"ED031B8B-BFA9-4475-A6D1-1419BDE46E7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.60\",\"matchCriteriaId\":\"E8DBCAF5-D3B4-4DBB-A86B-26B0A6F7B805\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.5.9\",\"matchCriteriaId\":\"7530F3AE-8FCB-4E55-B216-62CE4E1CEDA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"84267A4F-DBC2-444F-B41D-69E15E1BEC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB440208-241C-4246-9A83-C1715C0DAA6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DC421F1-3D5A-4BEF-BF76-4E468985D20B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"00AB783B-BE05-40E8-9A55-6AA457D95031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7C78D0A-C4A2-4D41-B726-8979E33AD0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"E114E9DD-F7E1-40CC-AAD5-F14E586CB2E6\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:07:32.716Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5717\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-10T04:00:16.642573Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T16:54:49.720Z\"}}], \"cna\": {\"title\": \"Out-of-bounds write in Linux kernel\u0027s Linux Kernel Performance Events (perf) component\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Budimir Markovic\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://git.kernel.org\", \"vendor\": \"Linux\", \"product\": \"Kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.4\", \"lessThan\": \"6.6\", \"versionType\": \"custom\"}], \"packageName\": \"kernel\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-10-19T08:09:42.000Z\", \"references\": [{\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06\", \"tags\": [\"patch\"]}, {\"url\": \"https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\\n\\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\\n\\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2024-01-11T19:06:46.196Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-5717\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T17:20:08.857Z\", \"dateReserved\": \"2023-10-23T10:49:09.250Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2023-10-25T12:55:06.871Z\", \"assignerShortName\": \"Google\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2023:4883-1
Vulnerability from csaf_suse - Published: 2023-12-15 10:41 - Updated: 2023-12-15 10:41Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
The following non-security bugs were fixed:
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214408).
- cpu/SMT: Store the current/max number of threads (bsc#1214408).
- cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- dm-raid: remove useless checking in raid_message() (git-fixes).
- l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).
- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git-fixes).
- md/bitmap: always wake up md_thread in timeout_store (git-fixes).
- md/bitmap: factor out a helper to set timeout (git-fixes).
- md/raid10: Do not add spare disk when recovery fails (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid10: clean up md_add_new_disk() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: improve code of mrdev in raid10_sync_request (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: prioritize adding disk to 'removed' mirror (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: add new workqueue for delete rdev (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not return existing mddevs from mddev_find_or_alloc (git-fixes).
- md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: fix deadlock causing by sysfs_notify (git-fixes).
- md: fix incorrect declaration about claim_rdev in md_import_device (git-fixes).
- md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).
- md: get sysfs entry after redundancy attr group create (git-fixes).
- md: refactor mddev_find_or_alloc (git-fixes).
- md: remove lock_bdev / unlock_bdev (git-fixes).
- mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports) bsc#1216759).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607).
- s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087).
- s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: serial: option: add Quectel RM500U-CN modem (git-fixes).
- usb: serial: option: add Telit FE990 compositions (git-fixes).
- usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: reserve data and rt quota at the same time (bsc#1203496).
Patchnames: SUSE-2023-4883,SUSE-SLE-SERVER-12-SP5-2023-4883
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).\n- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).\n- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).\n- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).\n- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).\n- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).\n\nThe following non-security bugs were fixed:\n\n- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).\n- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).\n- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).\n- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).\n- cpu/SMT: Remove topology_smt_supported() (bsc#1214408).\n- cpu/SMT: Store the current/max number of threads (bsc#1214408).\n- cpu/hotplug: Create SMT sysfs interface for all arches (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).\n- dm-raid: remove useless checking in raid_message() (git-fixes).\n- l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).\n- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow (git-fixes).\n- md/bitmap: always wake up md_thread in timeout_store (git-fixes).\n- md/bitmap: factor out a helper to set timeout (git-fixes).\n- md/raid10: Do not add spare disk when recovery fails (git-fixes).\n- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).\n- md/raid10: clean up md_add_new_disk() (git-fixes).\n- md/raid10: fix io loss while replacement replace rdev (git-fixes).\n- md/raid10: fix leak of \u0027r10bio-\u003eremaining\u0027 for recovery (git-fixes).\n- md/raid10: fix memleak for \u0027conf-\u003ebio_split\u0027 (git-fixes).\n- md/raid10: fix memleak of md thread (git-fixes).\n- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).\n- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).\n- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).\n- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).\n- md/raid10: improve code of mrdev in raid10_sync_request (git-fixes).\n- md/raid10: prevent soft lockup while flush writes (git-fixes).\n- md/raid10: prioritize adding disk to \u0027removed\u0027 mirror (git-fixes).\n- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).\n- md: add new workqueue for delete rdev (git-fixes).\n- md: avoid signed overflow in slot_store() (git-fixes).\n- md: do not return existing mddevs from mddev_find_or_alloc (git-fixes).\n- md: factor out a mddev_alloc_unit helper from mddev_find (git-fixes).\n- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).\n- md: fix deadlock causing by sysfs_notify (git-fixes).\n- md: fix incorrect declaration about claim_rdev in md_import_device (git-fixes).\n- md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).\n- md: get sysfs entry after redundancy attr group create (git-fixes).\n- md: refactor mddev_find_or_alloc (git-fixes).\n- md: remove lock_bdev / unlock_bdev (git-fixes).\n- mm, memcg: add mem_cgroup_disabled checks in vmpressure and swap-related functions (bsc#1190208 (MM functional and performance backports) bsc#1216759).\n- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).\n- net: mana: Configure hwc timeout from hardware (bsc#1214037).\n- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).\n- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).\n- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).\n- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.\n- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).\n- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217607).\n- s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).\n- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203996 bsc#1217087).\n- s390/cmma: fix initial kernel address space page table walk (LTC#203996 bsc#1217087).\n- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217206).\n- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217519).\n- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217604).\n- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203996 bsc#1217087).\n- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203996 bsc#1217087).\n- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217603).\n- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).\n- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).\n- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1216031).\n- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).\n- usb: serial: option: add Quectel RM500U-CN modem (git-fixes).\n- usb: serial: option: add Telit FE990 compositions (git-fixes).\n- usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).\n- usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).\n- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).\n- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).\n- xfs: reserve data and rt quota at the same time (bsc#1203496).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4883,SUSE-SLE-SERVER-12-SP5-2023-4883",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4883-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4883-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234883-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4883-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017435.html"
},
{
"category": "self",
"summary": "SUSE Bug 1176950",
"url": "https://bugzilla.suse.com/1176950"
},
{
"category": "self",
"summary": "SUSE Bug 1190208",
"url": "https://bugzilla.suse.com/1190208"
},
{
"category": "self",
"summary": "SUSE Bug 1203496",
"url": "https://bugzilla.suse.com/1203496"
},
{
"category": "self",
"summary": "SUSE Bug 1205462",
"url": "https://bugzilla.suse.com/1205462"
},
{
"category": "self",
"summary": "SUSE Bug 1208787",
"url": "https://bugzilla.suse.com/1208787"
},
{
"category": "self",
"summary": "SUSE Bug 1210780",
"url": "https://bugzilla.suse.com/1210780"
},
{
"category": "self",
"summary": "SUSE Bug 1214037",
"url": "https://bugzilla.suse.com/1214037"
},
{
"category": "self",
"summary": "SUSE Bug 1214285",
"url": "https://bugzilla.suse.com/1214285"
},
{
"category": "self",
"summary": "SUSE Bug 1214408",
"url": "https://bugzilla.suse.com/1214408"
},
{
"category": "self",
"summary": "SUSE Bug 1214764",
"url": "https://bugzilla.suse.com/1214764"
},
{
"category": "self",
"summary": "SUSE Bug 1216031",
"url": "https://bugzilla.suse.com/1216031"
},
{
"category": "self",
"summary": "SUSE Bug 1216058",
"url": "https://bugzilla.suse.com/1216058"
},
{
"category": "self",
"summary": "SUSE Bug 1216259",
"url": "https://bugzilla.suse.com/1216259"
},
{
"category": "self",
"summary": "SUSE Bug 1216584",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "self",
"summary": "SUSE Bug 1216759",
"url": "https://bugzilla.suse.com/1216759"
},
{
"category": "self",
"summary": "SUSE Bug 1216965",
"url": "https://bugzilla.suse.com/1216965"
},
{
"category": "self",
"summary": "SUSE Bug 1216976",
"url": "https://bugzilla.suse.com/1216976"
},
{
"category": "self",
"summary": "SUSE Bug 1217036",
"url": "https://bugzilla.suse.com/1217036"
},
{
"category": "self",
"summary": "SUSE Bug 1217087",
"url": "https://bugzilla.suse.com/1217087"
},
{
"category": "self",
"summary": "SUSE Bug 1217206",
"url": "https://bugzilla.suse.com/1217206"
},
{
"category": "self",
"summary": "SUSE Bug 1217519",
"url": "https://bugzilla.suse.com/1217519"
},
{
"category": "self",
"summary": "SUSE Bug 1217525",
"url": "https://bugzilla.suse.com/1217525"
},
{
"category": "self",
"summary": "SUSE Bug 1217603",
"url": "https://bugzilla.suse.com/1217603"
},
{
"category": "self",
"summary": "SUSE Bug 1217604",
"url": "https://bugzilla.suse.com/1217604"
},
{
"category": "self",
"summary": "SUSE Bug 1217607",
"url": "https://bugzilla.suse.com/1217607"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0461 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31083 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39197 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39198 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45871 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2023-12-15T10:41:00Z",
"generator": {
"date": "2023-12-15T10:41:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4883-1",
"initial_release_date": "2023-12-15T10:41:00Z",
"revision_history": [
{
"date": "2023-12-15T10:41:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-4.12.14-16.160.1.noarch",
"product": {
"name": "kernel-devel-azure-4.12.14-16.160.1.noarch",
"product_id": "kernel-devel-azure-4.12.14-16.160.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-4.12.14-16.160.1.noarch",
"product": {
"name": "kernel-source-azure-4.12.14-16.160.1.noarch",
"product_id": "kernel-source-azure-4.12.14-16.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-4.12.14-16.160.1.x86_64",
"product_id": "cluster-md-kmp-azure-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "dlm-kmp-azure-4.12.14-16.160.1.x86_64",
"product_id": "dlm-kmp-azure-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-4.12.14-16.160.1.x86_64",
"product_id": "gfs2-kmp-azure-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "kernel-azure-4.12.14-16.160.1.x86_64",
"product_id": "kernel-azure-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-base-4.12.14-16.160.1.x86_64",
"product": {
"name": "kernel-azure-base-4.12.14-16.160.1.x86_64",
"product_id": "kernel-azure-base-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-4.12.14-16.160.1.x86_64",
"product": {
"name": "kernel-azure-devel-4.12.14-16.160.1.x86_64",
"product_id": "kernel-azure-devel-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-4.12.14-16.160.1.x86_64",
"product": {
"name": "kernel-azure-extra-4.12.14-16.160.1.x86_64",
"product_id": "kernel-azure-extra-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-kgraft-devel-4.12.14-16.160.1.x86_64",
"product": {
"name": "kernel-azure-kgraft-devel-4.12.14-16.160.1.x86_64",
"product_id": "kernel-azure-kgraft-devel-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "kernel-syms-azure-4.12.14-16.160.1.x86_64",
"product_id": "kernel-syms-azure-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-4.12.14-16.160.1.x86_64",
"product_id": "kselftests-kmp-azure-4.12.14-16.160.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-4.12.14-16.160.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-4.12.14-16.160.1.x86_64",
"product_id": "ocfs2-kmp-azure-4.12.14-16.160.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-16.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-16.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-16.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-16.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-16.160.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-16.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-16.160.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-16.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-16.160.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-16.160.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0461"
}
],
"notes": [
{
"category": "general",
"text": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.\n\nWhen CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt TCP_ULP operation does not require any privilege.\n\nWe recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0461",
"url": "https://www.suse.com/security/cve/CVE-2023-0461"
},
{
"category": "external",
"summary": "SUSE Bug 1208787 for CVE-2023-0461",
"url": "https://bugzilla.suse.com/1208787"
},
{
"category": "external",
"summary": "SUSE Bug 1208911 for CVE-2023-0461",
"url": "https://bugzilla.suse.com/1208911"
},
{
"category": "external",
"summary": "SUSE Bug 1211833 for CVE-2023-0461",
"url": "https://bugzilla.suse.com/1211833"
},
{
"category": "external",
"summary": "SUSE Bug 1217079 for CVE-2023-0461",
"url": "https://bugzilla.suse.com/1217079"
},
{
"category": "external",
"summary": "SUSE Bug 1218514 for CVE-2023-0461",
"url": "https://bugzilla.suse.com/1218514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "important"
}
],
"title": "CVE-2023-0461"
},
{
"cve": "CVE-2023-31083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31083"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu-\u003eproto is set. A NULL pointer dereference may occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31083",
"url": "https://www.suse.com/security/cve/CVE-2023-31083"
},
{
"category": "external",
"summary": "SUSE Bug 1210780 for CVE-2023-31083",
"url": "https://bugzilla.suse.com/1210780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-31083"
},
{
"cve": "CVE-2023-39197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39197"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39197",
"url": "https://www.suse.com/security/cve/CVE-2023-39197"
},
{
"category": "external",
"summary": "SUSE Bug 1216976 for CVE-2023-39197",
"url": "https://bugzilla.suse.com/1216976"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39197",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-39197"
},
{
"cve": "CVE-2023-39198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39198"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39198",
"url": "https://www.suse.com/security/cve/CVE-2023-39198"
},
{
"category": "external",
"summary": "SUSE Bug 1216965 for CVE-2023-39198",
"url": "https://bugzilla.suse.com/1216965"
},
{
"category": "external",
"summary": "SUSE Bug 1217116 for CVE-2023-39198",
"url": "https://bugzilla.suse.com/1217116"
},
{
"category": "external",
"summary": "SUSE Bug 1219703 for CVE-2023-39198",
"url": "https://bugzilla.suse.com/1219703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "important"
}
],
"title": "CVE-2023-39198"
},
{
"cve": "CVE-2023-45863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45863"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45863",
"url": "https://www.suse.com/security/cve/CVE-2023-45863"
},
{
"category": "external",
"summary": "SUSE Bug 1216058 for CVE-2023-45863",
"url": "https://bugzilla.suse.com/1216058"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-45863",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45863"
},
{
"cve": "CVE-2023-45871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45871"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45871",
"url": "https://www.suse.com/security/cve/CVE-2023-45871"
},
{
"category": "external",
"summary": "SUSE Bug 1216259 for CVE-2023-45871",
"url": "https://bugzilla.suse.com/1216259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45871"
},
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.160.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.160.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.160.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-15T10:41:00Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
}
]
}
SUSE-SU-2024:1358-1
Vulnerability from csaf_suse - Published: 2024-04-20 05:33 - Updated: 2024-04-20 05:33Summary
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219079).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1356,SUSE-2024-1358,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1356
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219079).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1356,SUSE-2024-1358,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1356",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1358-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1358-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241358-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1358-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035040.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219079",
"url": "https://bugzilla.suse.com/1219079"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0775 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2024-04-20T05:33:27Z",
"generator": {
"date": "2024-04-20T05:33:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1358-1",
"initial_release_date": "2024-04-20T05:33:27Z",
"revision_history": [
{
"date": "2024-04-20T05:33:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_11-rt-11-150500.12.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_11-rt-11-150500.12.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_11-rt-11-150500.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T05:33:27Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-0775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0775"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0775",
"url": "https://www.suse.com/security/cve/CVE-2024-0775"
},
{
"category": "external",
"summary": "SUSE Bug 1219053 for CVE-2024-0775",
"url": "https://bugzilla.suse.com/1219053"
},
{
"category": "external",
"summary": "SUSE Bug 1219082 for CVE-2024-0775",
"url": "https://bugzilla.suse.com/1219082"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-0775",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-0775",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T05:33:27Z",
"details": "important"
}
],
"title": "CVE-2024-0775"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T05:33:27Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T05:33:27Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
SUSE-SU-2024:1359-1
Vulnerability from csaf_suse - Published: 2024-04-20 06:03 - Updated: 2024-04-20 06:03Summary
Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_13_24 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1357,SUSE-2024-1359,SUSE-2024-1361,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1361
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_13_24 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1357,SUSE-2024-1359,SUSE-2024-1361,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1361",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1359-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1359-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241359-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1359-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035039.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2024-04-20T06:03:49Z",
"generator": {
"date": "2024-04-20T06:03:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1359-1",
"initial_release_date": "2024-04-20T06:03:49Z",
"revision_history": [
{
"date": "2024-04-20T06:03:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_13_18-rt-8-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_13_18-rt-8-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_13_18-rt-8-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_13_11-rt-9-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_13_11-rt-9-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_13_11-rt-9-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T06:03:49Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T06:03:49Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_24-rt-7-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-20T06:03:49Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
SUSE-SU-2024:1380-1
Vulnerability from csaf_suse - Published: 2024-04-22 16:03 - Updated: 2024-04-22 16:03Summary
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1380,SUSE-2024-1381,SUSE-2024-1385,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1380,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1381
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1380,SUSE-2024-1381,SUSE-2024-1385,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1380,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1381",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1380-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1380-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241380-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1380-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035055.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2024-04-22T16:03:52Z",
"generator": {
"date": "2024-04-22T16:03:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1380-1",
"initial_release_date": "2024-04-22T16:03:52Z",
"revision_history": [
{
"date": "2024-04-22T16:03:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_97-default-6-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T16:03:52Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T16:03:52Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_81-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_7-default-10-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T16:03:52Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
SUSE-SU-2024:1382-1
Vulnerability from csaf_suse - Published: 2024-04-22 16:04 - Updated: 2024-04-22 16:04Summary
Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_176 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1382,SUSE-SLE-Live-Patching-12-SP5-2024-1382
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_176 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1382,SUSE-SLE-Live-Patching-12-SP5-2024-1382",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1382-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1382-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241382-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1382-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035056.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2024-04-22T16:04:00Z",
"generator": {
"date": "2024-04-22T16:04:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1382-1",
"initial_release_date": "2024-04-22T16:04:00Z",
"revision_history": [
{
"date": "2024-04-22T16:04:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_176-default-8-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T16:04:00Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_176-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T16:04:00Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
}
]
}
SUSE-SU-2024:1390-1
Vulnerability from csaf_suse - Published: 2024-04-22 21:06 - Updated: 2024-04-22 21:06Summary
Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1387,SUSE-2024-1389,SUSE-2024-1390,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1389
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1387,SUSE-2024-1389,SUSE-2024-1390,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1389",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1390-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1390-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241390-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1390-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035059.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2024-04-22T21:06:02Z",
"generator": {
"date": "2024-04-22T21:06:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1390-1",
"initial_release_date": "2024-04-22T21:06:02Z",
"revision_history": [
{
"date": "2024-04-22T21:06:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_36-default-6-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_12-default-10-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T21:06:02Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T21:06:02Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-8-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-22T21:06:02Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
SUSE-SU-2024:1400-1
Vulnerability from csaf_suse - Published: 2024-04-23 13:33 - Updated: 2024-04-23 13:33Summary
Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_173 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1400,SUSE-SLE-Live-Patching-12-SP5-2024-1400
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_173 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1400,SUSE-SLE-Live-Patching-12-SP5-2024-1400",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1400-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1400-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241400-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1400-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035068.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2024-04-23T13:33:28Z",
"generator": {
"date": "2024-04-23T13:33:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1400-1",
"initial_release_date": "2024-04-23T13:33:28Z",
"revision_history": [
{
"date": "2024-04-23T13:33:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_173-default-9-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T13:33:28Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_173-default-9-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T13:33:28Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
}
]
}
SUSE-SU-2024:1405-1
Vulnerability from csaf_suse - Published: 2024-04-23 15:33 - Updated: 2024-04-23 15:33Summary
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1405,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1405
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1405,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1405",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1405-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1405-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241405-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1405-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035066.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2024-04-23T15:33:26Z",
"generator": {
"date": "2024-04-23T15:33:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1405-1",
"initial_release_date": "2024-04-23T15:33:26Z",
"revision_history": [
{
"date": "2024-04-23T15:33:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T15:33:26Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T15:33:26Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_19-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T15:33:26Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
SUSE-SU-2024:1406-1
Vulnerability from csaf_suse - Published: 2024-04-23 18:03 - Updated: 2024-04-23 18:03Summary
Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1406,SUSE-2024-1407,SUSE-2024-1408,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1407,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1408
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1406,SUSE-2024-1407,SUSE-2024-1408,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1407,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1408",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1406-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1406-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241406-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1406-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035075.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2024-04-23T18:03:32Z",
"generator": {
"date": "2024-04-23T18:03:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1406-1",
"initial_release_date": "2024-04-23T18:03:32Z",
"revision_history": [
{
"date": "2024-04-23T18:03:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_74-default-10-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T18:03:32Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T18:03:32Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_88-default-8-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_31-default-7-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-23T18:03:32Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
SUSE-SU-2024:1418-1
Vulnerability from csaf_suse - Published: 2024-04-24 09:03 - Updated: 2024-04-24 09:03Summary
Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_92 fixes several issues.
The following security issues were fixed:
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).
Patchnames: SUSE-2024-1418,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1418
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_92 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216644).\n- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220828).\n- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219435).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1418,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1418",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1418-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1418-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241418-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1418-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018416.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216644",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "self",
"summary": "SUSE Bug 1219435",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "self",
"summary": "SUSE Bug 1220828",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26622 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26622/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2024-04-24T09:03:40Z",
"generator": {
"date": "2024-04-24T09:03:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1418-1",
"initial_release_date": "2024-04-24T09:03:40Z",
"revision_history": [
{
"date": "2024-04-24T09:03:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5717"
}
],
"notes": [
{
"category": "general",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5717",
"url": "https://www.suse.com/security/cve/CVE-2023-5717"
},
{
"category": "external",
"summary": "SUSE Bug 1216584 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216584"
},
{
"category": "external",
"summary": "SUSE Bug 1216644 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1216644"
},
{
"category": "external",
"summary": "SUSE Bug 1217557 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1217557"
},
{
"category": "external",
"summary": "SUSE Bug 1219697 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1219697"
},
{
"category": "external",
"summary": "SUSE Bug 1220191 for CVE-2023-5717",
"url": "https://bugzilla.suse.com/1220191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-24T09:03:40Z",
"details": "important"
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2024-1086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1086"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1086",
"url": "https://www.suse.com/security/cve/CVE-2024-1086"
},
{
"category": "external",
"summary": "SUSE Bug 1219434 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219434"
},
{
"category": "external",
"summary": "SUSE Bug 1219435 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1219435"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1224878"
},
{
"category": "external",
"summary": "SUSE Bug 1226066 for CVE-2024-1086",
"url": "https://bugzilla.suse.com/1226066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-24T09:03:40Z",
"details": "important"
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head-\u003ewrite_buf when write()\nof long lines is requested, we need to fetch head-\u003ewrite_buf after\nhead-\u003eio_sem is held. Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26622",
"url": "https://www.suse.com/security/cve/CVE-2024-26622"
},
{
"category": "external",
"summary": "SUSE Bug 1220825 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220825"
},
{
"category": "external",
"summary": "SUSE Bug 1220828 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1220828"
},
{
"category": "external",
"summary": "SUSE Bug 1224298 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224298"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2024-26622",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_92-default-7-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-24T09:03:40Z",
"details": "important"
}
],
"title": "CVE-2024-26622"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…