Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-3812 (GCVE-0-2023-3812)
Vulnerability from cvelistv5 – Published: 2023-07-24 15:19 – Updated: 2026-02-26 20:27
VLAI
EPSS
Title
Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
Summary
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
26 references
Impacted products
31 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:4.18.0-513.9.1.rt7.311.el8_9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:4.18.0-513.9.1.el8_9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:8::baseos cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions |
cpe:/o:redhat:rhel_e4s:8.1::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions |
Unaffected:
0:4.18.0-147.94.1.el8_1 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.1::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:4.18.0-193.133.1.el8_2 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_tus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
0:4.18.0-193.133.1.rt13.184.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::realtime cpe:/a:redhat:rhel_tus:8.2::nfv |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
0:4.18.0-193.133.1.el8_2 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_tus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
cpe:/o:redhat:rhel_e4s:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
0:4.18.0-193.133.1.el8_2 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:8.2::baseos cpe:/o:redhat:rhel_aus:8.2::baseos cpe:/o:redhat:rhel_tus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:4.18.0-305.120.1.el8_4 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:4.18.0-305.120.1.rt7.196.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/a:redhat:rhel_tus:8.4::realtime |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:4.18.0-305.120.1.el8_4 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:4.18.0-305.120.1.el8_4 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
cpe:/o:redhat:rhel_eus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
0:4.18.0-372.87.1.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
cpe:/o:redhat:rhel_eus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:4.18.0-477.43.1.el8_8 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:5.14.0-362.18.1.el9_3 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::realtime cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::nfv |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
0:5.14.0-70.80.1.el9_0 , < *
(rpm)
cpe:/o:redhat:rhel_eus:9.0::baseos cpe:/a:redhat:rhel_eus:9.0::crb cpe:/a:redhat:rhel_eus:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
0:5.14.0-70.80.1.rt21.151.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.0::realtime cpe:/a:redhat:rhel_eus:9.0::nfv |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
cpe:/o:redhat:rhel_eus:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:5.14.0-284.40.1.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::crb cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:5.14.0-284.40.1.rt14.325.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::realtime cpe:/a:redhat:rhel_eus:9.2::nfv |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
cpe:/o:redhat:rhel_eus:9.2::baseos |
|
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 |
Unaffected:
0:4.18.0-372.87.1.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_eus:8.6::baseos cpe:/a:redhat:rhel_eus:8.6::crb cpe:/o:redhat:rhev_hypervisor:4.4::el8 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2022-10-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:6799",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6799"
},
{
"name": "RHSA-2023:6813",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6813"
},
{
"name": "RHSA-2023:7370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"name": "RHSA-2023:7379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"name": "RHSA-2023:7382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7382"
},
{
"name": "RHSA-2023:7389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7389"
},
{
"name": "RHSA-2023:7411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7411"
},
{
"name": "RHSA-2023:7418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"name": "RHSA-2023:7548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"name": "RHSA-2023:7549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"name": "RHSA-2023:7554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"name": "RHSA-2024:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0340"
},
{
"name": "RHSA-2024:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0461",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "RHSA-2024:0554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"name": "RHSA-2024:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0562"
},
{
"name": "RHSA-2024:0563",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0563"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0593"
},
{
"name": "RHSA-2024:1961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1961"
},
{
"name": "RHSA-2024:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"name": "RHSA-2024:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3812"
},
{
"name": "RHBZ#2224048",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:18.926997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:47:48.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.9.1.rt7.311.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.9.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.1::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.1::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-147.94.1.el8_1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::realtime",
"cpe:/a:redhat:rhel_tus:8.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.rt13.184.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.133.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.120.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::nfv",
"cpe:/a:redhat:rhel_tus:8.4::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.120.1.rt7.196.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.120.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.120.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.43.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos",
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.80.1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.80.1.rt21.151.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.40.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::realtime",
"cpe:/a:redhat:rhel_eus:9.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.40.1.rt14.325.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2022-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T20:27:31.255Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:6799",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6799"
},
{
"name": "RHSA-2023:6813",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6813"
},
{
"name": "RHSA-2023:7370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"name": "RHSA-2023:7379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"name": "RHSA-2023:7382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7382"
},
{
"name": "RHSA-2023:7389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7389"
},
{
"name": "RHSA-2023:7411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7411"
},
{
"name": "RHSA-2023:7418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"name": "RHSA-2023:7548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"name": "RHSA-2023:7549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"name": "RHSA-2023:7554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"name": "RHSA-2024:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0340"
},
{
"name": "RHSA-2024:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0461",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "RHSA-2024:0554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"name": "RHSA-2024:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0562"
},
{
"name": "RHSA-2024:0563",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0563"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0593"
},
{
"name": "RHSA-2024:1961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1961"
},
{
"name": "RHSA-2024:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"name": "RHSA-2024:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3812"
},
{
"name": "RHBZ#2224048",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-10-22T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3812",
"datePublished": "2023-07-24T15:19:21.817Z",
"dateReserved": "2023-07-20T13:02:44.826Z",
"dateUpdated": "2026-02-26T20:27:31.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-3812",
"date": "2026-06-06",
"epss": "9e-05",
"percentile": "0.00884"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-3812\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-07-24T16:15:13.337\",\"lastModified\":\"2024-11-21T08:18:07.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out-of-bounds memory access flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.265\",\"matchCriteriaId\":\"ABED5D97-9B16-4CF6-86E3-D5F5C4358E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.224\",\"matchCriteriaId\":\"1D67A077-EB45-4ADE-94CD-F9A76F6C319C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.154\",\"matchCriteriaId\":\"475D097C-AB5A-4CF5-899F-413077854ABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.78\",\"matchCriteriaId\":\"AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.0.8\",\"matchCriteriaId\":\"EC9A754E-625D-42F3-87A7-960D643E2867\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6799\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6813\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7370\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7379\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7382\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7389\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7411\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7418\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7548\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7549\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7554\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0340\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0378\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0412\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0461\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0554\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0562\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0563\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0575\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0593\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1961\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2006\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2008\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-3812\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2224048\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:6813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7548\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0340\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-3812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2224048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:6799\", \"name\": \"RHSA-2023:6799\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6813\", \"name\": \"RHSA-2023:6813\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7370\", \"name\": \"RHSA-2023:7370\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7379\", \"name\": \"RHSA-2023:7379\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7382\", \"name\": \"RHSA-2023:7382\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7389\", \"name\": \"RHSA-2023:7389\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7411\", \"name\": \"RHSA-2023:7411\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7418\", \"name\": \"RHSA-2023:7418\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7548\", \"name\": \"RHSA-2023:7548\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7549\", \"name\": \"RHSA-2023:7549\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7554\", \"name\": \"RHSA-2023:7554\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0340\", \"name\": \"RHSA-2024:0340\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0378\", \"name\": \"RHSA-2024:0378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0412\", \"name\": \"RHSA-2024:0412\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0461\", \"name\": \"RHSA-2024:0461\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0554\", \"name\": \"RHSA-2024:0554\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0562\", \"name\": \"RHSA-2024:0562\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0563\", \"name\": \"RHSA-2024:0563\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0575\", \"name\": \"RHSA-2024:0575\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0593\", \"name\": \"RHSA-2024:0593\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1961\", \"name\": \"RHSA-2024:1961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2006\", \"name\": \"RHSA-2024:2006\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2008\", \"name\": \"RHSA-2024:2008\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-3812\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2224048\", \"name\": \"RHBZ#2224048\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.501Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3812\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-05T18:36:18.926997Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-05T18:36:20.489Z\"}}], \"cna\": {\"title\": \"Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::nfv\", \"cpe:/a:redhat:enterprise_linux:8::realtime\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-513.9.1.rt7.311.el8_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::crb\", \"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-513.9.1.el8_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.1::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.1::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-147.94.1.el8_1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\", \"cpe:/o:redhat:rhel_e4s:8.2::baseos\", \"cpe:/o:redhat:rhel_tus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-193.133.1.el8_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.2::realtime\", \"cpe:/a:redhat:rhel_tus:8.2::nfv\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-193.133.1.rt13.184.el8_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\", \"cpe:/o:redhat:rhel_e4s:8.2::baseos\", \"cpe:/o:redhat:rhel_tus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-193.133.1.el8_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\", \"cpe:/o:redhat:rhel_e4s:8.2::baseos\", \"cpe:/o:redhat:rhel_tus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-193.133.1.el8_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_e4s:8.4::baseos\", \"cpe:/o:redhat:rhel_tus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-305.120.1.el8_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.4::realtime\", \"cpe:/a:redhat:rhel_tus:8.4::nfv\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-305.120.1.rt7.196.el8_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_e4s:8.4::baseos\", \"cpe:/o:redhat:rhel_tus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-305.120.1.el8_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_e4s:8.4::baseos\", \"cpe:/o:redhat:rhel_tus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-305.120.1.el8_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.6::crb\", \"cpe:/o:redhat:rhel_eus:8.6::baseos\", \"cpe:/o:redhat:rhev_hypervisor:4.4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-372.87.1.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::crb\", \"cpe:/o:redhat:rhel_eus:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-477.43.1.el8_8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/o:redhat:enterprise_linux:9::baseos\", \"cpe:/a:redhat:enterprise_linux:9::nfv\", \"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/a:redhat:enterprise_linux:9::realtime\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-362.18.1.el9_3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/o:redhat:enterprise_linux:9::baseos\", \"cpe:/a:redhat:enterprise_linux:9::nfv\", \"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/a:redhat:enterprise_linux:9::realtime\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-362.18.1.el9_3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.0::baseos\", \"cpe:/a:redhat:rhel_eus:9.0::crb\", \"cpe:/a:redhat:rhel_eus:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-70.80.1.el9_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.0::realtime\", \"cpe:/a:redhat:rhel_eus:9.0::nfv\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-70.80.1.rt21.151.el9_0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Extended Update Support\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::appstream\", \"cpe:/a:redhat:rhel_eus:9.2::crb\", \"cpe:/o:redhat:rhel_eus:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-284.40.1.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::nfv\", \"cpe:/a:redhat:rhel_eus:9.2::realtime\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:5.14.0-284.40.1.rt14.325.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"packageName\": \"kpatch-patch\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.6::crb\", \"cpe:/o:redhat:rhel_eus:8.6::baseos\", \"cpe:/o:redhat:rhev_hypervisor:4.4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Virtualization 4 for Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.18.0-372.87.1.el8_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"kernel\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"kernel-rt\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-07-19T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2022-10-22T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2022-10-22T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2023:6799\", \"name\": \"RHSA-2023:6799\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:6813\", \"name\": \"RHSA-2023:6813\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7370\", \"name\": \"RHSA-2023:7370\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7379\", \"name\": \"RHSA-2023:7379\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7382\", \"name\": \"RHSA-2023:7382\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7389\", \"name\": \"RHSA-2023:7389\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7411\", \"name\": \"RHSA-2023:7411\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7418\", \"name\": \"RHSA-2023:7418\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7548\", \"name\": \"RHSA-2023:7548\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7549\", \"name\": \"RHSA-2023:7549\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7554\", \"name\": \"RHSA-2023:7554\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0340\", \"name\": \"RHSA-2024:0340\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0378\", \"name\": \"RHSA-2024:0378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0412\", \"name\": \"RHSA-2024:0412\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0461\", \"name\": \"RHSA-2024:0461\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0554\", \"name\": \"RHSA-2024:0554\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0562\", \"name\": \"RHSA-2024:0562\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0563\", \"name\": \"RHSA-2024:0563\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0575\", \"name\": \"RHSA-2024:0575\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0593\", \"name\": \"RHSA-2024:0593\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1961\", \"name\": \"RHSA-2024:1961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2006\", \"name\": \"RHSA-2024:2006\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2008\", \"name\": \"RHSA-2024:2008\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-3812\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2224048\", \"name\": \"RHBZ#2224048\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An out-of-bounds memory access flaw was found in the Linux kernel\\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-06T21:00:37.422Z\"}, \"x_redhatCweChain\": \"(CWE-416|CWE-787): Use After Free or Out-of-bounds Write\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-3812\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T21:00:37.422Z\", \"dateReserved\": \"2023-07-20T13:02:44.826Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-07-24T15:19:21.817Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2023:3889-1
Vulnerability from csaf_suse - Published: 2023-09-29 04:33 - Updated: 2023-09-29 04:33Summary
Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-150200_24_154 fixes several issues.
The following security issues were fixed:
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).
Patchnames: SUSE-2023-3889,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3889
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150200_24_154 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).\n- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).\n- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).\n- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3889,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3889",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3889-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3889-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233889-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3889-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016445.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210619",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "self",
"summary": "SUSE Bug 1213587",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "self",
"summary": "SUSE Bug 1213706",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "self",
"summary": "SUSE Bug 1214123",
"url": "https://bugzilla.suse.com/1214123"
},
{
"category": "self",
"summary": "SUSE Bug 1215119",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3609 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3776 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3812 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4273 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4273/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2023-09-29T04:33:49Z",
"generator": {
"date": "2023-09-29T04:33:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3889-1",
"initial_release_date": "2023-09-29T04:33:49Z",
"revision_history": [
{
"date": "2023-09-29T04:33:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_154-preempt-4-150200.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_154-preempt-4-150200.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_154-preempt-4-150200.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1829"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1829",
"url": "https://www.suse.com/security/cve/CVE-2023-1829"
},
{
"category": "external",
"summary": "SUSE Bug 1210335 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210335"
},
{
"category": "external",
"summary": "SUSE Bug 1210619 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1220886 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1220886"
},
{
"category": "external",
"summary": "SUSE Bug 1228311 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1228311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T04:33:49Z",
"details": "important"
}
],
"title": "CVE-2023-1829"
},
{
"cve": "CVE-2023-3609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3609"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3609",
"url": "https://www.suse.com/security/cve/CVE-2023-3609"
},
{
"category": "external",
"summary": "SUSE Bug 1213586 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213586"
},
{
"category": "external",
"summary": "SUSE Bug 1213587 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T04:33:49Z",
"details": "important"
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3776"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3776",
"url": "https://www.suse.com/security/cve/CVE-2023-3776"
},
{
"category": "external",
"summary": "SUSE Bug 1213588 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1213588"
},
{
"category": "external",
"summary": "SUSE Bug 1215119 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215674"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1223973 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T04:33:49Z",
"details": "important"
}
],
"title": "CVE-2023-3776"
},
{
"cve": "CVE-2023-3812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3812"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3812",
"url": "https://www.suse.com/security/cve/CVE-2023-3812"
},
{
"category": "external",
"summary": "SUSE Bug 1213543 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213543"
},
{
"category": "external",
"summary": "SUSE Bug 1213706 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T04:33:49Z",
"details": "important"
}
],
"title": "CVE-2023-3812"
},
{
"cve": "CVE-2023-4273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4273"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4273",
"url": "https://www.suse.com/security/cve/CVE-2023-4273"
},
{
"category": "external",
"summary": "SUSE Bug 1214120 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214120"
},
{
"category": "external",
"summary": "SUSE Bug 1214123 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_154-default-4-150200.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T04:33:49Z",
"details": "important"
}
],
"title": "CVE-2023-4273"
}
]
}
SUSE-SU-2023:3892-1
Vulnerability from csaf_suse - Published: 2023-09-29 06:03 - Updated: 2023-09-29 06:03Summary
Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues.
The following security issues were fixed:
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064).
Patchnames: SUSE-2023-3892,SUSE-SLE-Module-Live-Patching-15-SP3-2023-3892
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).\n- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).\n- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).\n- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).\n- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3892,SUSE-SLE-Module-Live-Patching-15-SP3-2023-3892",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3892-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3892-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233892-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3892-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016443.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210619",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "self",
"summary": "SUSE Bug 1213064",
"url": "https://bugzilla.suse.com/1213064"
},
{
"category": "self",
"summary": "SUSE Bug 1213587",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "self",
"summary": "SUSE Bug 1213706",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "self",
"summary": "SUSE Bug 1214123",
"url": "https://bugzilla.suse.com/1214123"
},
{
"category": "self",
"summary": "SUSE Bug 1215119",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3609 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3776 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3812 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4273 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4273/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2023-09-29T06:03:59Z",
"generator": {
"date": "2023-09-29T06:03:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3892-1",
"initial_release_date": "2023-09-29T06:03:59Z",
"revision_history": [
{
"date": "2023-09-29T06:03:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_90-preempt-15-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_90-preempt-15-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_90-preempt-15-150300.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1829"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1829",
"url": "https://www.suse.com/security/cve/CVE-2023-1829"
},
{
"category": "external",
"summary": "SUSE Bug 1210335 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210335"
},
{
"category": "external",
"summary": "SUSE Bug 1210619 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1220886 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1220886"
},
{
"category": "external",
"summary": "SUSE Bug 1228311 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1228311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T06:03:59Z",
"details": "important"
}
],
"title": "CVE-2023-1829"
},
{
"cve": "CVE-2023-31248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31248"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31248",
"url": "https://www.suse.com/security/cve/CVE-2023-31248"
},
{
"category": "external",
"summary": "SUSE Bug 1213061 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "external",
"summary": "SUSE Bug 1213064 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T06:03:59Z",
"details": "important"
}
],
"title": "CVE-2023-31248"
},
{
"cve": "CVE-2023-3609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3609"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3609",
"url": "https://www.suse.com/security/cve/CVE-2023-3609"
},
{
"category": "external",
"summary": "SUSE Bug 1213586 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213586"
},
{
"category": "external",
"summary": "SUSE Bug 1213587 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T06:03:59Z",
"details": "important"
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3776"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3776",
"url": "https://www.suse.com/security/cve/CVE-2023-3776"
},
{
"category": "external",
"summary": "SUSE Bug 1213588 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1213588"
},
{
"category": "external",
"summary": "SUSE Bug 1215119 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215674"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1223973 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T06:03:59Z",
"details": "important"
}
],
"title": "CVE-2023-3776"
},
{
"cve": "CVE-2023-3812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3812"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3812",
"url": "https://www.suse.com/security/cve/CVE-2023-3812"
},
{
"category": "external",
"summary": "SUSE Bug 1213543 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213543"
},
{
"category": "external",
"summary": "SUSE Bug 1213706 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T06:03:59Z",
"details": "important"
}
],
"title": "CVE-2023-3812"
},
{
"cve": "CVE-2023-4273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4273"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4273",
"url": "https://www.suse.com/security/cve/CVE-2023-4273"
},
{
"category": "external",
"summary": "SUSE Bug 1214120 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214120"
},
{
"category": "external",
"summary": "SUSE Bug 1214123 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_90-default-15-150300.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T06:03:59Z",
"details": "important"
}
],
"title": "CVE-2023-4273"
}
]
}
SUSE-SU-2023:3893-1
Vulnerability from csaf_suse - Published: 2023-09-29 08:04 - Updated: 2023-09-29 08:04Summary
Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2)
Description of the patch: This update for the Linux Kernel 5.3.18-150200_24_139 fixes several issues.
The following security issues were fixed:
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).
Patchnames: SUSE-2023-3893,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3893
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150200_24_139 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).\n- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).\n- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).\n- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3893,SUSE-SLE-Module-Live-Patching-15-SP2-2023-3893",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3893-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3893-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233893-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3893-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016459.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210619",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "self",
"summary": "SUSE Bug 1213587",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "self",
"summary": "SUSE Bug 1213706",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "self",
"summary": "SUSE Bug 1214123",
"url": "https://bugzilla.suse.com/1214123"
},
{
"category": "self",
"summary": "SUSE Bug 1215119",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3609 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3776 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3812 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4273 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4273/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2)",
"tracking": {
"current_release_date": "2023-09-29T08:04:08Z",
"generator": {
"date": "2023-09-29T08:04:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3893-1",
"initial_release_date": "2023-09-29T08:04:08Z",
"revision_history": [
{
"date": "2023-09-29T08:04:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150200_24_139-preempt-9-150200.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150200_24_139-preempt-9-150200.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150200_24_139-preempt-9-150200.2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP2",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1829"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1829",
"url": "https://www.suse.com/security/cve/CVE-2023-1829"
},
{
"category": "external",
"summary": "SUSE Bug 1210335 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210335"
},
{
"category": "external",
"summary": "SUSE Bug 1210619 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1220886 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1220886"
},
{
"category": "external",
"summary": "SUSE Bug 1228311 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1228311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-1829"
},
{
"cve": "CVE-2023-3609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3609"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3609",
"url": "https://www.suse.com/security/cve/CVE-2023-3609"
},
{
"category": "external",
"summary": "SUSE Bug 1213586 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213586"
},
{
"category": "external",
"summary": "SUSE Bug 1213587 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3776"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3776",
"url": "https://www.suse.com/security/cve/CVE-2023-3776"
},
{
"category": "external",
"summary": "SUSE Bug 1213588 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1213588"
},
{
"category": "external",
"summary": "SUSE Bug 1215119 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215674"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1223973 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-3776"
},
{
"cve": "CVE-2023-3812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3812"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3812",
"url": "https://www.suse.com/security/cve/CVE-2023-3812"
},
{
"category": "external",
"summary": "SUSE Bug 1213543 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213543"
},
{
"category": "external",
"summary": "SUSE Bug 1213706 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-3812"
},
{
"cve": "CVE-2023-4273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4273"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4273",
"url": "https://www.suse.com/security/cve/CVE-2023-4273"
},
{
"category": "external",
"summary": "SUSE Bug 1214120 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214120"
},
{
"category": "external",
"summary": "SUSE Bug 1214123 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_139-default-9-150200.2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-29T08:04:08Z",
"details": "important"
}
],
"title": "CVE-2023-4273"
}
]
}
SUSE-SU-2023:3928-1
Vulnerability from csaf_suse - Published: 2023-09-30 15:34 - Updated: 2023-09-30 15:34Summary
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_53 fixes several issues.
The following security issues were fixed:
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064).
Patchnames: SUSE-2023-3913,SUSE-2023-3914,SUSE-2023-3915,SUSE-2023-3925,SUSE-2023-3928,SUSE-SLE-Module-Live-Patching-15-SP3-2023-3908,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3913,SUSE-SLE-Module-Live-Patching-15-SP5-2023-3925
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_53 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1215119).\n- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210619).\n- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214123).\n- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213587).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213706).\n- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213064).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3913,SUSE-2023-3914,SUSE-2023-3915,SUSE-2023-3925,SUSE-2023-3928,SUSE-SLE-Module-Live-Patching-15-SP3-2023-3908,SUSE-SLE-Module-Live-Patching-15-SP4-2023-3913,SUSE-SLE-Module-Live-Patching-15-SP5-2023-3925",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3928-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3928-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233928-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3928-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016475.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210619",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "self",
"summary": "SUSE Bug 1213064",
"url": "https://bugzilla.suse.com/1213064"
},
{
"category": "self",
"summary": "SUSE Bug 1213587",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "self",
"summary": "SUSE Bug 1213706",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "self",
"summary": "SUSE Bug 1214123",
"url": "https://bugzilla.suse.com/1214123"
},
{
"category": "self",
"summary": "SUSE Bug 1215119",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1829 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3609 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3776 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3812 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4273 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4273/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2023-09-30T15:34:03Z",
"generator": {
"date": "2023-09-30T15:34:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3928-1",
"initial_release_date": "2023-09-30T15:34:03Z",
"revision_history": [
{
"date": "2023-09-30T15:34:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_28-default-12-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_33-default-11-150400.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_93-default-14-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_93-preempt-14-150300.2.2.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_93-preempt-14-150300.2.2.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_93-preempt-14-150300.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1829"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1829",
"url": "https://www.suse.com/security/cve/CVE-2023-1829"
},
{
"category": "external",
"summary": "SUSE Bug 1210335 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210335"
},
{
"category": "external",
"summary": "SUSE Bug 1210619 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1210619"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1220886 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1220886"
},
{
"category": "external",
"summary": "SUSE Bug 1228311 for CVE-2023-1829",
"url": "https://bugzilla.suse.com/1228311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-30T15:34:03Z",
"details": "important"
}
],
"title": "CVE-2023-1829"
},
{
"cve": "CVE-2023-31248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31248"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31248",
"url": "https://www.suse.com/security/cve/CVE-2023-31248"
},
{
"category": "external",
"summary": "SUSE Bug 1213061 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "external",
"summary": "SUSE Bug 1213064 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-30T15:34:03Z",
"details": "important"
}
],
"title": "CVE-2023-31248"
},
{
"cve": "CVE-2023-3609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3609"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3609",
"url": "https://www.suse.com/security/cve/CVE-2023-3609"
},
{
"category": "external",
"summary": "SUSE Bug 1213586 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213586"
},
{
"category": "external",
"summary": "SUSE Bug 1213587 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-30T15:34:03Z",
"details": "important"
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3776"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3776",
"url": "https://www.suse.com/security/cve/CVE-2023-3776"
},
{
"category": "external",
"summary": "SUSE Bug 1213588 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1213588"
},
{
"category": "external",
"summary": "SUSE Bug 1215119 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215674"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1223973 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-30T15:34:03Z",
"details": "important"
}
],
"title": "CVE-2023-3776"
},
{
"cve": "CVE-2023-3812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3812"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3812",
"url": "https://www.suse.com/security/cve/CVE-2023-3812"
},
{
"category": "external",
"summary": "SUSE Bug 1213543 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213543"
},
{
"category": "external",
"summary": "SUSE Bug 1213706 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-30T15:34:03Z",
"details": "important"
}
],
"title": "CVE-2023-3812"
},
{
"cve": "CVE-2023-4273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4273"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4273",
"url": "https://www.suse.com/security/cve/CVE-2023-4273"
},
{
"category": "external",
"summary": "SUSE Bug 1214120 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214120"
},
{
"category": "external",
"summary": "SUSE Bug 1214123 for CVE-2023-4273",
"url": "https://bugzilla.suse.com/1214123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-7-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-14-150400.2.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_53-default-4-150500.9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-30T15:34:03Z",
"details": "important"
}
],
"title": "CVE-2023-4273"
}
]
}
WID-SEC-W-2023-1876
Vulnerability from csaf_certbund - Published: 2023-07-24 22:00 - Updated: 2024-04-23 22:00Summary
Linux Kernel: Schwachstelle ermöglicht Privilegieneskalation oder Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
Es existiert eine Schwachstelle im Linux Kernel. Diese besteht im TUN/TAP-Device Treiber und kann dazu führen, dass ein Nutzer ein schadhaftes Packet generieren kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker vProxy<19.9.0.4
Dell / NetWorker
|
vProxy<19.9.0.4 | ||
|
Dell NetWorker vProxy<19.10
Dell / NetWorker
|
vProxy<19.10 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
61 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1876 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1876.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1876 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1876"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0461 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0412 vom 2024-01-25",
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"category": "external",
"summary": "DELL Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12094 vom 2024-01-27",
"url": "http://linux.oracle.com/errata/ELSA-2024-12094.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0554 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0593 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0593"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0562 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0562"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0575 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0563 vom 2024-01-30",
"url": "https://access.redhat.com/errata/RHSA-2024:0563"
},
{
"category": "external",
"summary": "Github vom 2023-07-24",
"url": "https://github.com/advisories/GHSA-v4mv-7g6h-5vh8"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3171-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015772.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3172-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015771.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3180-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015780.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3182-1 vom 2023-08-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015778.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3302-1 vom 2023-08-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015894.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3318-1 vom 2023-08-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015905.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3391-1 vom 2023-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3390-1 vom 2023-08-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/015998.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3421-1 vom 2023-08-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-August/016021.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3601-1 vom 2023-09-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016153.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3681-1 vom 2023-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016214.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3680-1 vom 2023-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016208.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3705-1 vom 2023-09-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016233.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0461 vom 2024-03-07",
"url": "https://linux.oracle.com/errata/ELSA-2024-0461.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3748-1 vom 2023-09-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016315.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3749-1 vom 2023-09-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016316.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3772-1 vom 2023-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016321.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3768-1 vom 2023-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016322.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3788-1 vom 2023-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016329.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3786-1 vom 2023-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016325.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3783-1 vom 2023-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016324.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3838-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016350.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3844-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016349.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3809-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016343.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3811-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016342.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3812-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016341.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3846-1 vom 2023-09-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016378.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3889-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016445.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3892-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016443.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3893-1 vom 2023-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016459.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3928-1 vom 2023-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016475.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0340 vom 2024-01-23",
"url": "https://www.cybersecurity-help.cz/vdb/SB2024012327"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6799 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6799"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6813 vom 2023-11-08",
"url": "https://access.redhat.com/errata/RHSA-2023:6813"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0378 vom 2024-01-24",
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7389 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7389"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7418 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7370 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7379 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7411 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7411"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7382 vom 2023-11-21",
"url": "https://access.redhat.com/errata/RHSA-2023:7382"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7548 vom 2023-11-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7554 vom 2023-11-29",
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7549 vom 2023-11-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7549 vom 2023-12-02",
"url": "https://linux.oracle.com/errata/ELSA-2023-7549.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7144861 vom 2024-03-20",
"url": "https://www.ibm.com/support/pages/node/7144861"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1961 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:1961"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2006 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2008 vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Schwachstelle erm\u00f6glicht Privilegieneskalation oder Denial of Service",
"tracking": {
"current_release_date": "2024-04-23T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:56:10.663+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1876",
"initial_release_date": "2023-07-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-08-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-15T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-08-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-20T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-25T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-26T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-28T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-01T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-08T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-21T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-28T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-03T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Dell und Oracle Linux aufgenommen"
},
{
"date": "2024-01-29T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-30T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-07T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy\u003c19.9.0.4",
"product": {
"name": "Dell NetWorker vProxy\u003c19.9.0.4",
"product_id": "T032377"
}
},
{
"category": "product_version_range",
"name": "vProxy\u003c19.10",
"product": {
"name": "Dell NetWorker vProxy\u003c19.10",
"product_id": "T032378"
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Plus 10.1",
"product": {
"name": "IBM Spectrum Protect Plus 10.1",
"product_id": "T015895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T006656",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3812",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel. Diese besteht im TUN/TAP-Device Treiber und kann dazu f\u00fchren, dass ein Nutzer ein schadhaftes Packet generieren kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T032377",
"T032378",
"T002207",
"T006656",
"67646",
"T015895",
"T004914"
]
},
"release_date": "2023-07-24T22:00:00.000+00:00",
"title": "CVE-2023-3812"
}
]
}
WID-SEC-W-2024-1086
Vulnerability from csaf_certbund - Published: 2024-05-09 22:00 - Updated: 2025-10-19 22:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting (XSS)-Angriff durchzuführen oder einen nicht spezifizierten Angriff auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM <7.5.0 UP8 IF02
IBM / QRadar SIEM
|
<7.5.0 UP8 IF02 |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, seine Privilegien zu erweitern, einen Cross-Site-Scripting (XSS)-Angriff durchzuf\u00fchren oder einen nicht spezifizierten Angriff auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1086 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1086.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1086 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1086"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150684 vom 2024-05-09",
"url": "https://www.ibm.com/support/pages/node/7150684"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7174015 vom 2024-10-24",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7183584 vom 2025-02-18",
"url": "https://www.ibm.com/support/pages/node/7183584"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03601-1 vom 2025-10-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022903.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03633-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022926.html"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-19T22:00:00.000+00:00",
"generator": {
"date": "2025-10-20T08:43:54.726+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1086",
"initial_release_date": "2024-05-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-24T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T023574",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP8 IF02",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP8 IF02",
"product_id": "T034673"
}
},
{
"category": "product_version",
"name": "7.5.0 UP8 IF02",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP8 IF02",
"product_id": "T034673-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up8_if02"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP11 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF01",
"product_id": "T041270"
}
},
{
"category": "product_version",
"name": "7.5.0 UP11 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP11 IF01",
"product_id": "T041270-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-4559",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2007-4559"
},
{
"cve": "CVE-2014-3146",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2014-3146"
},
{
"cve": "CVE-2018-19787",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2018-19787"
},
{
"cve": "CVE-2019-13224",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-13224"
},
{
"cve": "CVE-2019-16163",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-16163"
},
{
"cve": "CVE-2019-19012",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-19012"
},
{
"cve": "CVE-2019-19203",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-19203"
},
{
"cve": "CVE-2019-19204",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-19204"
},
{
"cve": "CVE-2019-8675",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-8675"
},
{
"cve": "CVE-2019-8696",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2019-8696"
},
{
"cve": "CVE-2020-10001",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2020-10001"
},
{
"cve": "CVE-2020-27783",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2020-27783"
},
{
"cve": "CVE-2020-3898",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2020-3898"
},
{
"cve": "CVE-2021-33631",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2021-33631"
},
{
"cve": "CVE-2021-43618",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2021-43618"
},
{
"cve": "CVE-2021-43818",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2021-43818"
},
{
"cve": "CVE-2021-43975",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2021-43975"
},
{
"cve": "CVE-2022-26691",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-26691"
},
{
"cve": "CVE-2022-28388",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-28388"
},
{
"cve": "CVE-2022-3545",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-3545"
},
{
"cve": "CVE-2022-3594",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-3594"
},
{
"cve": "CVE-2022-3640",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-3640"
},
{
"cve": "CVE-2022-36402",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-36402"
},
{
"cve": "CVE-2022-38096",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-38096"
},
{
"cve": "CVE-2022-38457",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-38457"
},
{
"cve": "CVE-2022-40133",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-40133"
},
{
"cve": "CVE-2022-40982",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2022-41858",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-41858"
},
{
"cve": "CVE-2022-42895",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-42895"
},
{
"cve": "CVE-2022-45869",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-45869"
},
{
"cve": "CVE-2022-45884",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-45884"
},
{
"cve": "CVE-2022-45887",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-45887"
},
{
"cve": "CVE-2022-45919",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-45919"
},
{
"cve": "CVE-2022-4744",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-4744"
},
{
"cve": "CVE-2022-48560",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-48560"
},
{
"cve": "CVE-2022-48564",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-48564"
},
{
"cve": "CVE-2022-48624",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2022-48624"
},
{
"cve": "CVE-2023-0458",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-0458"
},
{
"cve": "CVE-2023-0590",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-0590"
},
{
"cve": "CVE-2023-0597",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-0597"
},
{
"cve": "CVE-2023-1073",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1073"
},
{
"cve": "CVE-2023-1074",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1074"
},
{
"cve": "CVE-2023-1075",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1075"
},
{
"cve": "CVE-2023-1079",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1079"
},
{
"cve": "CVE-2023-1118",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1118"
},
{
"cve": "CVE-2023-1192",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1192"
},
{
"cve": "CVE-2023-1206",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1206"
},
{
"cve": "CVE-2023-1252",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1252"
},
{
"cve": "CVE-2023-1382",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1382"
},
{
"cve": "CVE-2023-1786",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1786"
},
{
"cve": "CVE-2023-1838",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1838"
},
{
"cve": "CVE-2023-1855",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1855"
},
{
"cve": "CVE-2023-1989",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1989"
},
{
"cve": "CVE-2023-1998",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1998"
},
{
"cve": "CVE-2023-20569",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-2162",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-2162"
},
{
"cve": "CVE-2023-2163",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-2163"
},
{
"cve": "CVE-2023-2166",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-2166"
},
{
"cve": "CVE-2023-2176",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-2176"
},
{
"cve": "CVE-2023-23455",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-23455"
},
{
"cve": "CVE-2023-2513",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-2513"
},
{
"cve": "CVE-2023-26545",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-26545"
},
{
"cve": "CVE-2023-27043",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-28322",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28322"
},
{
"cve": "CVE-2023-28328",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28328"
},
{
"cve": "CVE-2023-28772",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28772"
},
{
"cve": "CVE-2023-30456",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-30456"
},
{
"cve": "CVE-2023-31084",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-31084"
},
{
"cve": "CVE-2023-3138",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3138"
},
{
"cve": "CVE-2023-3141",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3141"
},
{
"cve": "CVE-2023-31436",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-31436"
},
{
"cve": "CVE-2023-3161",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3161"
},
{
"cve": "CVE-2023-3212",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3212"
},
{
"cve": "CVE-2023-32324",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-32324"
},
{
"cve": "CVE-2023-32360",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-32360"
},
{
"cve": "CVE-2023-3268",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3268"
},
{
"cve": "CVE-2023-33203",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-33203"
},
{
"cve": "CVE-2023-33951",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-33951"
},
{
"cve": "CVE-2023-33952",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-33952"
},
{
"cve": "CVE-2023-34241",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-34241"
},
{
"cve": "CVE-2023-35823",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-35823"
},
{
"cve": "CVE-2023-35824",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-35824"
},
{
"cve": "CVE-2023-3609",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3611",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3611"
},
{
"cve": "CVE-2023-3772",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3772"
},
{
"cve": "CVE-2023-3812",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-3812"
},
{
"cve": "CVE-2023-38546",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-40283",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-40283"
},
{
"cve": "CVE-2023-4128",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4128"
},
{
"cve": "CVE-2023-4132",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4132"
},
{
"cve": "CVE-2023-4155",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4155"
},
{
"cve": "CVE-2023-4206",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4206"
},
{
"cve": "CVE-2023-4207",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4207"
},
{
"cve": "CVE-2023-4208",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4208"
},
{
"cve": "CVE-2023-42753",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-42753"
},
{
"cve": "CVE-2023-45862",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-45862"
},
{
"cve": "CVE-2023-45871",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-45871"
},
{
"cve": "CVE-2023-46218",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-4622",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4622"
},
{
"cve": "CVE-2023-4623",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4623"
},
{
"cve": "CVE-2023-46813",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-46813"
},
{
"cve": "CVE-2023-4732",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4732"
},
{
"cve": "CVE-2023-4921",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4921"
},
{
"cve": "CVE-2023-50387",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-50387"
},
{
"cve": "CVE-2023-50868",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-50868"
},
{
"cve": "CVE-2023-51042",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-51042"
},
{
"cve": "CVE-2023-51043",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-51043"
},
{
"cve": "CVE-2023-5178",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-5178"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-5633",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-5633"
},
{
"cve": "CVE-2023-5717",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2023-6356",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6356"
},
{
"cve": "CVE-2023-6535",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6535"
},
{
"cve": "CVE-2023-6536",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6536"
},
{
"cve": "CVE-2023-6546",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6546"
},
{
"cve": "CVE-2023-6606",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6606"
},
{
"cve": "CVE-2023-6610",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6610"
},
{
"cve": "CVE-2023-6817",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6817"
},
{
"cve": "CVE-2023-6931",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6931"
},
{
"cve": "CVE-2023-6932",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-6932"
},
{
"cve": "CVE-2023-7192",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-7192"
},
{
"cve": "CVE-2024-0565",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-0565"
},
{
"cve": "CVE-2024-0646",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-0646"
},
{
"cve": "CVE-2024-1086",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-1488",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-1488"
},
{
"cve": "CVE-2024-27269",
"product_status": {
"known_affected": [
"T002207",
"T041270",
"T023574",
"T034673"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-27269"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…