Vulnerability-Lookup

CVE-2023-6531 (GCVE-0-2023-6531)

Vulnerability from cvelistv5 – Published: 2024-01-21 10:01 – Updated: 2025-11-06 19:47

Title

Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf

Summary

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

redhat

References

4 references

URL	Tags
https://access.redhat.com/errata/RHSA-2024:2394	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6531	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2253034	issue-trackingx_refsource_REDHAT
https://lore.kernel.org/all/c716c88321939156909cf…

Impacted products

8 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:5.14.0-427.13.1.el9_4 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::nfv cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::realtime cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Date Public ?

2023-12-06 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:21:58.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2394"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6531"
          },
          {
            "name": "RHBZ#2253034",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/"
          },
          {
            "url": "http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6531",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T16:22:59.245640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T11:04:02.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::nfv",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::realtime",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-427.13.1.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-12-06T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T19:47:01.071Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2394"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6531"
        },
        {
          "name": "RHBZ#2253034",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253034"
        },
        {
          "url": "https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-05T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-12-06T06:30:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Kernel: gc\u0027s deletion of an skb races with unix_stream_read_generic()  leading to uaf",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6531",
    "datePublished": "2024-01-21T10:01:07.215Z",
    "dateReserved": "2023-12-05T18:05:12.324Z",
    "dateUpdated": "2025-11-06T19:47:01.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-6531",
      "date": "2026-05-24",
      "epss": "0.00013",
      "percentile": "0.02467"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6531\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-01-21T10:15:07.967\",\"lastModified\":\"2025-11-04T19:16:24.303\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla de use-after-free en el kernel de Linux debido a un problema de ejecuci\u00f3n en la eliminaci\u00f3n de ejecuci\u00f3n de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB est\u00e1 en cola.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.7\",\"matchCriteriaId\":\"668F5607-E136-4E8E-86F2-316E9DC41ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A0038DE-E183-4958-A6E3-CE3821FEAFBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31AD4FC-436C-44AB-BCAB-3A0B37F69EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C56C6E04-4F04-44A3-8DB8-93899903CFCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C78EDA4-8BE6-42FC-9512-49032D525A55\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2394\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-6531\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2253034\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-6531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2253034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:2394\", \"name\": \"RHSA-2024:2394\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-6531\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2253034\", \"name\": \"RHBZ#2253034\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:21:58.920Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6531\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-23T16:22:59.245640Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T11:03:57.831Z\"}}], \"cna\": {\"title\": \"Kernel: gc\u0027s deletion of an skb races with unix_stream_read_generic()  leading to uaf\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::nfv\", \"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/a:redhat:enterprise_linux:9::realtime\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-427.13.1.el9_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::nfv\", \"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/a:redhat:enterprise_linux:9::realtime\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-427.13.1.el9_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-12-05T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2023-12-06T06:30:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2023-12-06T06:30:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:2394\", \"name\": \"RHSA-2024:2394\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-6531\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2253034\", \"name\": \"RHBZ#2253034\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-06T19:47:01.071Z\"}, \"x_redhatCweChain\": \"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-6531\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T19:47:01.071Z\", \"dateReserved\": \"2023-12-05T18:05:12.324Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-01-21T10:01:07.215Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

SUSE-SU-2024:0991-1

Vulnerability from csaf_suse - Published: 2024-03-26 08:06 - Updated: 2024-03-26 08:06

Summary

Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5)

Description of the patch: This update for the Linux Kernel 5.14.21-150500_13_27 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610). - Recommended fix for IO lock-ups on HBA355i with SLES 15SP5. (bsc#1219157)

Patchnames: SUSE-2024-991,SUSE-SLE-Module-Live-Patching-15-SP5-2024-991

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64		—	Vendor Fix

Threats

Impact important

References

19 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://bugzilla.suse.com/1219157	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_13_27 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n- Recommended fix for IO lock-ups on HBA355i with SLES 15SP5. (bsc#1219157)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-991,SUSE-SLE-Module-Live-Patching-15-SP5-2024-991",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0991-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0991-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240991-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0991-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018215.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219157",
        "url": "https://bugzilla.suse.com/1219157"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2024-03-26T08:06:13Z",
      "generator": {
        "date": "2024-03-26T08:06:13Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0991-1",
      "initial_release_date": "2024-03-26T08:06:13Z",
      "revision_history": [
        {
          "date": "2024-03-26T08:06:13Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-26T08:06:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_27-rt-4-150500.2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-26T08:06:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:0995-1

Vulnerability from csaf_suse - Published: 2024-03-26 09:33 - Updated: 2024-03-26 09:33

Summary

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)

Description of the patch: This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898). - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Patchnames: SUSE-2024-995,SUSE-SLE-Module-Live-Patching-15-SP5-2024-995

CVE-2023-39191

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2023-46813

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64		—	Vendor Fix

Threats

Impact important

References

28 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1215887	self
https://bugzilla.suse.com/1216898	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-39191/	self
https://www.suse.com/security/cve/CVE-2023-46813/	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-39191	external
https://bugzilla.suse.com/1215863	external
https://bugzilla.suse.com/1215887	external
https://www.suse.com/security/cve/CVE-2023-46813	external
https://bugzilla.suse.com/1212649	external
https://bugzilla.suse.com/1216896	external
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898).\n- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-995,SUSE-SLE-Module-Live-Patching-15-SP5-2024-995",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0995-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0995-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240995-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0995-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018214.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215887",
        "url": "https://bugzilla.suse.com/1215887"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216898",
        "url": "https://bugzilla.suse.com/1216898"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-39191 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-39191/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46813 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2024-03-26T09:33:27Z",
      "generator": {
        "date": "2024-03-26T09:33:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0995-1",
      "initial_release_date": "2024-03-26T09:33:27Z",
      "revision_history": [
        {
          "date": "2024-03-26T09:33:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39191",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-39191"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-39191",
          "url": "https://www.suse.com/security/cve/CVE-2023-39191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215863 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215887 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215887"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-26T09:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-39191"
    },
    {
      "cve": "CVE-2023-46813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46813",
          "url": "https://www.suse.com/security/cve/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212649 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1212649"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216896 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1216896"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-26T09:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46813"
    },
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-26T09:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_13_5-rt-8-150500.2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-26T09:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1017-1

Vulnerability from csaf_suse - Published: 2024-03-28 07:04 - Updated: 2024-03-28 07:04

Summary

Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)

Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Patchnames: SUSE-2024-1017,SUSE-2024-1020,SUSE-2024-1021,SUSE-2024-1022,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1017,SUSE-SLE-Module-Live-Patching-15-SP3-2024-1021

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1017,SUSE-2024-1020,SUSE-2024-1021,SUSE-2024-1022,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1017,SUSE-SLE-Module-Live-Patching-15-SP3-2024-1021",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1017-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1017-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241017-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1017-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018230.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2024-03-28T07:04:12Z",
      "generator": {
        "date": "2024-03-28T07:04:12Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1017-1",
      "initial_release_date": "2024-03-28T07:04:12Z",
      "revision_history": [
        {
          "date": "2024-03-28T07:04:12Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_160-preempt-7-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_160-preempt-7-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_160-preempt-7-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-default-12-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-preempt-12-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-preempt-12-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-preempt-12-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_124-preempt-9-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_124-preempt-9-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_124-preempt-9-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_141-default-5-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_141-preempt-5-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_141-preempt-5-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_141-preempt-5-150300.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T07:04:12Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_160-default-7-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-9-150300.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T07:04:12Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1023-1

Vulnerability from csaf_suse - Published: 2024-03-28 07:33 - Updated: 2024-03-28 07:33

Summary

Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5)

Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_12 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898). - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Patchnames: SUSE-2024-1023,SUSE-2024-1027,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1027

CVE-2023-39191

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46813

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

28 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1215887	self
https://bugzilla.suse.com/1216898	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-39191/	self
https://www.suse.com/security/cve/CVE-2023-46813/	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-39191	external
https://bugzilla.suse.com/1215863	external
https://bugzilla.suse.com/1215887	external
https://www.suse.com/security/cve/CVE-2023-46813	external
https://bugzilla.suse.com/1212649	external
https://bugzilla.suse.com/1216896	external
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_55_12 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898).\n- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1023,SUSE-2024-1027,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1027",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1023-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1023-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241023-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1023-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018229.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215887",
        "url": "https://bugzilla.suse.com/1215887"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216898",
        "url": "https://bugzilla.suse.com/1216898"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-39191 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-39191/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46813 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2024-03-28T07:33:40Z",
      "generator": {
        "date": "2024-03-28T07:33:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1023-1",
      "initial_release_date": "2024-03-28T07:33:40Z",
      "revision_history": [
        {
          "date": "2024-03-28T07:33:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_7-default-8-150500.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39191",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-39191"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-39191",
          "url": "https://www.suse.com/security/cve/CVE-2023-39191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215863 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215887 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215887"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T07:33:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-39191"
    },
    {
      "cve": "CVE-2023-46813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46813",
          "url": "https://www.suse.com/security/cve/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212649 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1212649"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216896 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1216896"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T07:33:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46813"
    },
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T07:33:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_12-default-8-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T07:33:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1033-1

Vulnerability from csaf_suse - Published: 2024-03-28 10:33 - Updated: 2024-03-28 10:33

Summary

Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)

Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_147 fixes one issue. The following security issue was fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).

Patchnames: SUSE-2024-1033,SUSE-2024-1044,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1033,SUSE-SLE-Module-Live-Patching-15-SP3-2024-1044

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

9 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218487	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_147 fixes one issue.\n\nThe following security issue was fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1033,SUSE-2024-1044,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1033,SUSE-SLE-Module-Live-Patching-15-SP3-2024-1044",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1033-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1033-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241033-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1033-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018235.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2024-03-28T10:33:48Z",
      "generator": {
        "date": "2024-03-28T10:33:48Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1033-1",
      "initial_release_date": "2024-03-28T10:33:48Z",
      "revision_history": [
        {
          "date": "2024-03-28T10:33:48Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_178-preempt-3-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_178-preempt-3-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_178-preempt-3-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_147-preempt-4-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_147-preempt-4-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_147-preempt-4-150300.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_178-default-3-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_147-default-4-150300.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:33:48Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1039-1

Vulnerability from csaf_suse - Published: 2024-03-28 10:04 - Updated: 2024-03-28 10:04

Summary

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)

Description of the patch: This update for the Linux Kernel 5.14.21-150500_53 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898). - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911).

Patchnames: SUSE-2024-1039,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1039

CVE-2023-0461

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-39191

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46813

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64	—	Vendor Fix

Threats

Impact important

References

36 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1208911	self
https://bugzilla.suse.com/1215887	self
https://bugzilla.suse.com/1216898	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-0461/	self
https://www.suse.com/security/cve/CVE-2023-39191/	self
https://www.suse.com/security/cve/CVE-2023-46813/	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-0461	external
https://bugzilla.suse.com/1208787	external
https://bugzilla.suse.com/1208911	external
https://bugzilla.suse.com/1211833	external
https://bugzilla.suse.com/1217079	external
https://bugzilla.suse.com/1218514	external
https://www.suse.com/security/cve/CVE-2023-39191	external
https://bugzilla.suse.com/1215863	external
https://bugzilla.suse.com/1215887	external
https://www.suse.com/security/cve/CVE-2023-46813	external
https://bugzilla.suse.com/1212649	external
https://bugzilla.suse.com/1216896	external
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_53 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898).\n- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1039,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1039",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1039-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1039-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241039-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1039-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018234.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208911",
        "url": "https://bugzilla.suse.com/1208911"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215887",
        "url": "https://bugzilla.suse.com/1215887"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216898",
        "url": "https://bugzilla.suse.com/1216898"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-0461 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-0461/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-39191 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-39191/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46813 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2024-03-28T10:04:44Z",
      "generator": {
        "date": "2024-03-28T10:04:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1039-1",
      "initial_release_date": "2024-03-28T10:04:44Z",
      "revision_history": [
        {
          "date": "2024-03-28T10:04:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-0461",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-0461"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS  or CONFIG_XFRM_ESPINTCP  has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data  of a struct inet_connection_sock.\n\nWhen CONFIG_TLS  is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt  TCP_ULP  operation does not require any privilege.\n\nWe recommend upgrading past commit  2c02d41d71f90a5168391b6a5f2954112ba2307c",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-0461",
          "url": "https://www.suse.com/security/cve/CVE-2023-0461"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208787 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1208787"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208911 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1208911"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211833 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1211833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217079 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1217079"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218514 for CVE-2023-0461",
          "url": "https://bugzilla.suse.com/1218514"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-0461"
    },
    {
      "cve": "CVE-2023-39191",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-39191"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-39191",
          "url": "https://www.suse.com/security/cve/CVE-2023-39191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215863 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215887 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215887"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-39191"
    },
    {
      "cve": "CVE-2023-46813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46813",
          "url": "https://www.suse.com/security/cve/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212649 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1212649"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216896 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1216896"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46813"
    },
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-9-150500.6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1040-1

Vulnerability from csaf_suse - Published: 2024-03-28 10:33 - Updated: 2024-03-28 10:33

Summary

Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)

Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_36 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610). - Recommended fix for IO lock-ups on HBA355i with SLES 15SP5. (bsc#1219157)

Patchnames: SUSE-2024-1040,SUSE-2024-1052,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1040

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

19 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://bugzilla.suse.com/1219157	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_55_36 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n- Recommended fix for IO lock-ups on HBA355i with SLES 15SP5. (bsc#1219157)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1040,SUSE-2024-1052,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1040",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1040-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1040-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241040-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1040-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018233.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219157",
        "url": "https://bugzilla.suse.com/1219157"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2024-03-28T10:33:25Z",
      "generator": {
        "date": "2024-03-28T10:33:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1040-1",
      "initial_release_date": "2024-03-28T10:33:25Z",
      "revision_history": [
        {
          "date": "2024-03-28T10:33:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_39-default-4-150500.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:33:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_36-default-4-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:33:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1045-1

Vulnerability from csaf_suse - Published: 2024-03-28 11:33 - Updated: 2024-03-28 11:33

Summary

Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)

Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898). - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Patchnames: SUSE-2024-1045,SUSE-2024-1050,SUSE-2024-1051,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1050

CVE-2023-39191

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46813

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

28 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1215887	self
https://bugzilla.suse.com/1216898	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-39191/	self
https://www.suse.com/security/cve/CVE-2023-46813/	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-39191	external
https://bugzilla.suse.com/1215863	external
https://bugzilla.suse.com/1215887	external
https://www.suse.com/security/cve/CVE-2023-46813	external
https://bugzilla.suse.com/1212649	external
https://bugzilla.suse.com/1216896	external
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_55_28 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898).\n- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1045,SUSE-2024-1050,SUSE-2024-1051,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1050",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1045-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1045-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241045-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1045-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018232.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215887",
        "url": "https://bugzilla.suse.com/1215887"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1216898",
        "url": "https://bugzilla.suse.com/1216898"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-39191 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-39191/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46813 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2024-03-28T11:33:27Z",
      "generator": {
        "date": "2024-03-28T11:33:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1045-1",
      "initial_release_date": "2024-03-28T11:33:27Z",
      "revision_history": [
        {
          "date": "2024-03-28T11:33:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_19-default-7-150500.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_31-default-5-150500.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39191",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-39191"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-39191",
          "url": "https://www.suse.com/security/cve/CVE-2023-39191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215863 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215887 for CVE-2023-39191",
          "url": "https://bugzilla.suse.com/1215887"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T11:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-39191"
    },
    {
      "cve": "CVE-2023-46813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46813",
          "url": "https://www.suse.com/security/cve/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212649 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1212649"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216896 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1216896"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T11:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46813"
    },
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T11:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_28-default-6-150500.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T11:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1047-1

Vulnerability from csaf_suse - Published: 2024-03-28 10:04 - Updated: 2024-03-28 10:04

Summary

Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP3)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP3)

Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_118 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Patchnames: SUSE-2024-1034,SUSE-2024-1038,SUSE-2024-1047,SUSE-2024-1048,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1047,SUSE-SLE-Module-Live-Patching-15-SP3-2024-1034

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_118 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1034,SUSE-2024-1038,SUSE-2024-1047,SUSE-2024-1048,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1047,SUSE-SLE-Module-Live-Patching-15-SP3-2024-1034",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1047-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1047-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241047-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1047-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018236.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2024-03-28T10:04:13Z",
      "generator": {
        "date": "2024-03-28T10:04:13Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1047-1",
      "initial_release_date": "2024-03-28T10:04:13Z",
      "revision_history": [
        {
          "date": "2024-03-28T10:04:13Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_118-preempt-11-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_118-preempt-11-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_118-preempt-11-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_133-default-6-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_133-preempt-6-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_133-preempt-6-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_133-preempt-6-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_148-preempt-11-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_148-preempt-11-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_148-preempt-11-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_138-default-6-150300.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_138-preempt-6-150300.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_138-preempt-6-150300.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_138-preempt-6-150300.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_148-default-11-150200.2.3.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_118-default-11-150300.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T10:04:13Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

SUSE-SU-2024:1053-1

Vulnerability from csaf_suse - Published: 2024-03-28 14:33 - Updated: 2024-03-28 14:33

Summary

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2)

Description of the patch: This update for the Linux Kernel 5.3.18-150200_24_183 fixes several issues. The following security issues were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).

Patchnames: SUSE-2024-1053,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1061

CVE-2023-51779

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6531

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64	—	Vendor Fix

Threats

Impact important

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218487	self
https://bugzilla.suse.com/1218610	self
https://www.suse.com/security/cve/CVE-2023-51779/	self
https://www.suse.com/security/cve/CVE-2023-6531/	self
https://www.suse.com/security/cve/CVE-2023-51779	external
https://bugzilla.suse.com/1218559	external
https://bugzilla.suse.com/1218610	external
https://bugzilla.suse.com/1220015	external
https://bugzilla.suse.com/1220191	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-6531	external
https://bugzilla.suse.com/1218447	external
https://bugzilla.suse.com/1218487	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150200_24_183 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487).\n- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1053,SUSE-SLE-Module-Live-Patching-15-SP2-2024-1061",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1053-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1053-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241053-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1053-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018239.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218487",
        "url": "https://bugzilla.suse.com/1218487"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218610",
        "url": "https://bugzilla.suse.com/1218610"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-51779 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-51779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6531 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6531/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP2)",
    "tracking": {
      "current_release_date": "2024-03-28T14:33:27Z",
      "generator": {
        "date": "2024-03-28T14:33:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1053-1",
      "initial_release_date": "2024-03-28T14:33:27Z",
      "revision_history": [
        {
          "date": "2024-03-28T14:33:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_145-default-12-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_145-preempt-12-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_145-preempt-12-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_145-preempt-12-150200.2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-51779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-51779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-51779",
          "url": "https://www.suse.com/security/cve/CVE-2023-51779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218559 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218559"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218610 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1218610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220191 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1220191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-51779",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T14:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-51779"
    },
    {
      "cve": "CVE-2023-6531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\u0027s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6531",
          "url": "https://www.suse.com/security/cve/CVE-2023-6531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218447 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218487 for CVE-2023-6531",
          "url": "https://bugzilla.suse.com/1218487"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_172-default-4-150200.2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-03-28T14:33:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-6531"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-6531 (GCVE-0-2023-6531)

Tags

Sightings

Nomenclature