Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-2002 (GCVE-0-2023-2002)
Vulnerability from cvelistv5 – Published: 2023-05-26 00:00 – Updated: 2024-08-02 06:05
VLAI
EPSS
Summary
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/16/3"
},
{
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240202-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kernel prior to Kernel 6.4-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T14:06:13.702Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/16/3"
},
{
"name": "[debian-lts-announce] 20230727 [SECURITY] [DLA 3508-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240202-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2002",
"datePublished": "2023-05-26T00:00:00.000Z",
"dateReserved": "2023-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T06:05:27.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-2002",
"date": "2026-05-30",
"epss": "0.00594",
"percentile": "0.69626"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-2002\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-05-26T17:15:14.113\",\"lastModified\":\"2024-11-21T07:57:44.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4\",\"matchCriteriaId\":\"18D12E25-2947-44E7-989D-24450E013A1F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240202-0004/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5480\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/04/16/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240202-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/04/16/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2023:3063-1
Vulnerability from csaf_suse - Published: 2023-07-31 12:34 - Updated: 2023-07-31 12:34Summary
Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3063,SUSE-2023-3064,SUSE-2023-3067,SUSE-2023-3070,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3064
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).\n- CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3063,SUSE-2023-3064,SUSE-2023-3067,SUSE-2023-3070,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3064",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3063-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3063-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233063-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3063-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015710.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1210987",
"url": "https://bugzilla.suse.com/1210987"
},
{
"category": "self",
"summary": "SUSE Bug 1212509",
"url": "https://bugzilla.suse.com/1212509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35788/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2023-07-31T12:34:06Z",
"generator": {
"date": "2023-07-31T12:34:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3063-1",
"initial_release_date": "2023-07-31T12:34:06Z",
"revision_history": [
{
"date": "2023-07-31T12:34:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_15_8-rt-7-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_15_8-rt-7-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_15_8-rt-7-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_46-default-6-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-9-150400.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T12:34:06Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-2235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2235"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event\u0027s siblings\u0027 attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2235",
"url": "https://www.suse.com/security/cve/CVE-2023-2235"
},
{
"category": "external",
"summary": "SUSE Bug 1210986 for CVE-2023-2235",
"url": "https://bugzilla.suse.com/1210986"
},
{
"category": "external",
"summary": "SUSE Bug 1210987 for CVE-2023-2235",
"url": "https://bugzilla.suse.com/1210987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T12:34:06Z",
"details": "important"
}
],
"title": "CVE-2023-2235"
},
{
"cve": "CVE-2023-35788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35788"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35788",
"url": "https://www.suse.com/security/cve/CVE-2023-35788"
},
{
"category": "external",
"summary": "SUSE Bug 1212504 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212504"
},
{
"category": "external",
"summary": "SUSE Bug 1212509 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-12-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T12:34:06Z",
"details": "important"
}
],
"title": "CVE-2023-35788"
}
]
}
SUSE-SU-2023:3069-1
Vulnerability from csaf_suse - Published: 2023-07-31 15:34 - Updated: 2023-07-31 15:34Summary
Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_144 fixes several issues.
The following security issues were fixed:
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3069,SUSE-SLE-Live-Patching-12-SP5-2023-3072
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_144 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3069,SUSE-SLE-Live-Patching-12-SP5-2023-3072",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3069-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3069-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233069-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3069-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015709.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2023-07-31T15:34:34Z",
"generator": {
"date": "2023-07-31T15:34:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3069-1",
"initial_release_date": "2023-07-31T15:34:34Z",
"revision_history": [
{
"date": "2023-07-31T15:34:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_133-default-10-2.3.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_133-default-10-2.3.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_133-default-10-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_133-default-10-2.3.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_133-default-10-2.3.s390x",
"product_id": "kgraft-patch-4_12_14-122_133-default-10-2.3.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"product_id": "kgraft-patch-4_12_14-122_144-default-7-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_133-default-10-2.3.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_133-default-10-2.3.x86_64",
"product_id": "kgraft-patch-4_12_14-122_133-default-10-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64",
"product_id": "kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T15:34:34Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_144-default-7-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T15:34:34Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
}
]
}
SUSE-SU-2023:3073-1
Vulnerability from csaf_suse - Published: 2023-07-31 16:04 - Updated: 2023-07-31 16:04Summary
Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_150 fixes several issues.
The following security issues were fixed:
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3073,SUSE-SLE-Live-Patching-12-SP5-2023-3073
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_150 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3073,SUSE-SLE-Live-Patching-12-SP5-2023-3073",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3073-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3073-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233073-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3073-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015715.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2023-07-31T16:04:15Z",
"generator": {
"date": "2023-07-31T16:04:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3073-1",
"initial_release_date": "2023-07-31T16:04:15Z",
"revision_history": [
{
"date": "2023-07-31T16:04:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"product_id": "kgraft-patch-4_12_14-122_150-default-6-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64",
"product_id": "kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T16:04:15Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_150-default-6-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T16:04:15Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
}
]
}
SUSE-SU-2023:3075-1
Vulnerability from csaf_suse - Published: 2023-07-31 17:33 - Updated: 2023-07-31 17:33Summary
Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3075,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3075
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3075,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3075",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3075-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3075-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233075-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3075-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015714.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE Bug 1212509",
"url": "https://bugzilla.suse.com/1212509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35788/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2023-07-31T17:33:53Z",
"generator": {
"date": "2023-07-31T17:33:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3075-1",
"initial_release_date": "2023-07-31T17:33:53Z",
"revision_history": [
{
"date": "2023-07-31T17:33:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_126-preempt-13-150200.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_126-preempt-13-150200.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_126-preempt-13-150200.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T17:33:53Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T17:33:53Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
},
{
"cve": "CVE-2023-35788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35788"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35788",
"url": "https://www.suse.com/security/cve/CVE-2023-35788"
},
{
"category": "external",
"summary": "SUSE Bug 1212504 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212504"
},
{
"category": "external",
"summary": "SUSE Bug 1212509 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_126-default-13-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T17:33:53Z",
"details": "important"
}
],
"title": "CVE-2023-35788"
}
]
}
SUSE-SU-2023:3076-1
Vulnerability from csaf_suse - Published: 2023-07-31 18:33 - Updated: 2023-07-31 18:33Summary
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3076,SUSE-SLE-Module-Live-Patching-15-SP3-2023-3078
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_124 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3076,SUSE-SLE-Module-Live-Patching-15-SP3-2023-3078",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3076-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3076-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233076-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3076-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015713.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212509",
"url": "https://bugzilla.suse.com/1212509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35788/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2023-07-31T18:33:55Z",
"generator": {
"date": "2023-07-31T18:33:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3076-1",
"initial_release_date": "2023-07-31T18:33:55Z",
"revision_history": [
{
"date": "2023-07-31T18:33:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_118-default-4-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_118-preempt-4-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_118-preempt-4-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_118-preempt-4-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T18:33:55Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-35788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35788"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35788",
"url": "https://www.suse.com/security/cve/CVE-2023-35788"
},
{
"category": "external",
"summary": "SUSE Bug 1212504 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212504"
},
{
"category": "external",
"summary": "SUSE Bug 1212509 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_124-default-2-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T18:33:55Z",
"details": "important"
}
],
"title": "CVE-2023-35788"
}
]
}
SUSE-SU-2023:3079-1
Vulnerability from csaf_suse - Published: 2023-07-31 18:34 - Updated: 2023-07-31 18:34Summary
Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3079,SUSE-2023-3080,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).\n- CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3079,SUSE-2023-3080,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3079-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3079-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233079-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3079-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015712.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1210987",
"url": "https://bugzilla.suse.com/1210987"
},
{
"category": "self",
"summary": "SUSE Bug 1212509",
"url": "https://bugzilla.suse.com/1212509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35788/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2023-07-31T18:34:10Z",
"generator": {
"date": "2023-07-31T18:34:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3079-1",
"initial_release_date": "2023-07-31T18:34:10Z",
"revision_history": [
{
"date": "2023-07-31T18:34:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_38-default-8-150400.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T18:34:10Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-2235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2235"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event\u0027s siblings\u0027 attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2235",
"url": "https://www.suse.com/security/cve/CVE-2023-2235"
},
{
"category": "external",
"summary": "SUSE Bug 1210986 for CVE-2023-2235",
"url": "https://bugzilla.suse.com/1210986"
},
{
"category": "external",
"summary": "SUSE Bug 1210987 for CVE-2023-2235",
"url": "https://bugzilla.suse.com/1210987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T18:34:10Z",
"details": "important"
}
],
"title": "CVE-2023-2235"
},
{
"cve": "CVE-2023-35788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35788"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35788",
"url": "https://www.suse.com/security/cve/CVE-2023-35788"
},
{
"category": "external",
"summary": "SUSE Bug 1212504 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212504"
},
{
"category": "external",
"summary": "SUSE Bug 1212509 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_18-default-13-150400.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T18:34:10Z",
"details": "important"
}
],
"title": "CVE-2023-35788"
}
]
}
SUSE-SU-2023:3081-1
Vulnerability from csaf_suse - Published: 2023-07-31 20:02 - Updated: 2023-07-31 20:02Summary
Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-150200_24_151 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3081,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3081
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150200_24_151 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3081,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3081",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3081-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3081-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233081-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3081-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015717.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE Bug 1212509",
"url": "https://bugzilla.suse.com/1212509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35788/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2023-07-31T20:02:19Z",
"generator": {
"date": "2023-07-31T20:02:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3081-1",
"initial_release_date": "2023-07-31T20:02:19Z",
"revision_history": [
{
"date": "2023-07-31T20:02:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_151-preempt-4-150200.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_151-preempt-4-150200.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_151-preempt-4-150200.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T20:02:19Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T20:02:19Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
},
{
"cve": "CVE-2023-35788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35788"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35788",
"url": "https://www.suse.com/security/cve/CVE-2023-35788"
},
{
"category": "external",
"summary": "SUSE Bug 1212504 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212504"
},
{
"category": "external",
"summary": "SUSE Bug 1212509 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-31T20:02:19Z",
"details": "important"
}
],
"title": "CVE-2023-35788"
}
]
}
SUSE-SU-2023:3083-1
Vulnerability from csaf_suse - Published: 2023-08-01 01:34 - Updated: 2023-08-01 01:34Summary
Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_147 fixes several issues.
The following security issues were fixed:
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3083,SUSE-SLE-Live-Patching-12-SP5-2023-3085
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_147 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3083,SUSE-SLE-Live-Patching-12-SP5-2023-3085",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3083-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3083-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233083-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3083-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015716.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2023-08-01T01:34:21Z",
"generator": {
"date": "2023-08-01T01:34:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3083-1",
"initial_release_date": "2023-08-01T01:34:21Z",
"revision_history": [
{
"date": "2023-08-01T01:34:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_136-default-9-2.3.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_136-default-9-2.3.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_136-default-9-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_136-default-9-2.3.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_136-default-9-2.3.s390x",
"product_id": "kgraft-patch-4_12_14-122_136-default-9-2.3.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"product_id": "kgraft-patch-4_12_14-122_147-default-6-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_136-default-9-2.3.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_136-default-9-2.3.x86_64",
"product_id": "kgraft-patch-4_12_14-122_136-default-9-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64",
"product_id": "kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T01:34:21Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_147-default-6-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T01:34:21Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
}
]
}
SUSE-SU-2023:3104-1
Vulnerability from csaf_suse - Published: 2023-08-01 14:04 - Updated: 2023-08-01 14:04Summary
Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_130 fixes several issues.
The following security issues were fixed:
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3104,SUSE-SLE-Live-Patching-12-SP5-2023-3104
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_130 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3104,SUSE-SLE-Live-Patching-12-SP5-2023-3104",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3104-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3104-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233104-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3104-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015732.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2023-08-01T14:04:20Z",
"generator": {
"date": "2023-08-01T14:04:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3104-1",
"initial_release_date": "2023-08-01T14:04:20Z",
"revision_history": [
{
"date": "2023-08-01T14:04:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"product_id": "kgraft-patch-4_12_14-122_130-default-12-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64",
"product_id": "kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T14:04:20Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_130-default-12-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T14:04:20Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
}
]
}
SUSE-SU-2023:3107-1
Vulnerability from csaf_suse - Published: 2023-08-01 14:05 - Updated: 2023-08-01 14:05Summary
Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-150200_24_129 fixes several issues.
The following security issues were fixed:
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
Patchnames: SUSE-2023-3107,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3107
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150200_24_129 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).\n- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).\n- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3107,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3107",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3107-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3107-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233107-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3107-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015731.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210566",
"url": "https://bugzilla.suse.com/1210566"
},
{
"category": "self",
"summary": "SUSE Bug 1212347",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "self",
"summary": "SUSE Bug 1212509",
"url": "https://bugzilla.suse.com/1212509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2002 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35788 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35788/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2023-08-01T14:05:16Z",
"generator": {
"date": "2023-08-01T14:05:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3107-1",
"initial_release_date": "2023-08-01T14:05:16Z",
"revision_history": [
{
"date": "2023-08-01T14:05:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_129-preempt-10-150200.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_129-preempt-10-150200.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_129-preempt-10-150200.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2002"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2002",
"url": "https://www.suse.com/security/cve/CVE-2023-2002"
},
{
"category": "external",
"summary": "SUSE Bug 1210533 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210533"
},
{
"category": "external",
"summary": "SUSE Bug 1210566 for CVE-2023-2002",
"url": "https://bugzilla.suse.com/1210566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T14:05:16Z",
"details": "important"
}
],
"title": "CVE-2023-2002"
},
{
"cve": "CVE-2023-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3159"
}
],
"notes": [
{
"category": "general",
"text": "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3159",
"url": "https://www.suse.com/security/cve/CVE-2023-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1212128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212128"
},
{
"category": "external",
"summary": "SUSE Bug 1212347 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1212347"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3159",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T14:05:16Z",
"details": "important"
}
],
"title": "CVE-2023-3159"
},
{
"cve": "CVE-2023-35788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35788"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35788",
"url": "https://www.suse.com/security/cve/CVE-2023-35788"
},
{
"category": "external",
"summary": "SUSE Bug 1212504 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212504"
},
{
"category": "external",
"summary": "SUSE Bug 1212509 for CVE-2023-35788",
"url": "https://bugzilla.suse.com/1212509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_129-default-10-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-01T14:05:16Z",
"details": "important"
}
],
"title": "CVE-2023-35788"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…