SUSE-SU-2023:3006-1
Vulnerability from csaf_suse - Published: 2023-07-27 12:18 - Updated: 2023-07-27 12:18Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
- Get module prefix from kmod (bsc#1212835).
- USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
- USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration (bsc#1213022).
- btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133).
- dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git-fixes).
- dlm: NULL check before kmem_cache_destroy is not needed (git-fixes).
- dlm: fix invalid cluster name warning (git-fixes).
- dlm: fix missing idr_destroy for recover_idr (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- dlm: fix possible call to kfree() for non-initialized pointer (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fs: dlm: cancel work sync othercon (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix configfs memory leak (git-fixes).
- fs: dlm: fix debugfs dump (git-fixes).
- fs: dlm: fix memory leak when fenced (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042).
- fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213525).
- igb: revert rtnl_lock() that causes deadlock (git-fixes).
- include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- jbd2: Fix statistics for the number of logged blocks (bsc#1212988).
- jbd2: abort journal if free a async write error metadata buffer (bsc#1212989).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix data races at struct journal_head (bsc#1173438).
- jbd2: fix invalid descriptor block checksum (bsc#1212987).
- jbd2: fix race when writing superblock (bsc#1212986).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- lib/string: Add strscpy_pad() function (bsc#1213023).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023).
- net: mana: Add support for vlan tagging (bsc#1212301).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221).
- s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344).
- s390/perf: Return error when debug_register fails (git-fixes bsc#1212657).
- s390: limit brk randomization to 32MB (git-fixes bsc#1213346).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Drop unused arguments of udf_delete_aext() (bsc#1213033).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218).
- vfio-ccw: fence off transport mode (git-fixes bsc#1213215).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86/bugs: Enable STIBP for JMP2RET (git-fixes).
- x86/bugs: Remove apostrophe typo (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/cpu: Load microcode during restore_processor_state() (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
Patchnames: SUSE-2023-3006,SUSE-SLE-RT-12-SP5-2023-3006
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-20593: Fixed a ZenBleed issue in \u0027Zen 2\u0027 CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).\n- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).\n- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).\n\nThe following non-security bugs were fixed:\n\n- Get module prefix from kmod (bsc#1212835).\n- USB: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).\n- USB: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).\n- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).\n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).\n- USB: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).\n- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).\n- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).\n- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).\n- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).\n- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).\n- blkcg, writeback: dead memcgs shouldn\u0027t contribute to writeback ownership arbitration (bsc#1213022).\n- btrfs: fix resolving backrefs for inline extent followed by prealloc (bsc#1213133).\n- dlm: Delete an unnecessary variable initialisation in dlm_ls_start() (git-fixes).\n- dlm: NULL check before kmem_cache_destroy is not needed (git-fixes).\n- dlm: fix invalid cluster name warning (git-fixes).\n- dlm: fix missing idr_destroy for recover_idr (git-fixes).\n- dlm: fix missing lkb refcount handling (git-fixes).\n- dlm: fix plock invalid read (git-fixes).\n- dlm: fix possible call to kfree() for non-initialized pointer (git-fixes).\n- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).\n- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).\n- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).\n- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).\n- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).\n- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).\n- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).\n- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).\n- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).\n- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).\n- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).\n- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).\n- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).\n- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).\n- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).\n- ext4: init quota for \u0027old.inode\u0027 in \u0027ext4_rename\u0027 (bsc#1207629).\n- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).\n- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).\n- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).\n- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).\n- fs: dlm: cancel work sync othercon (git-fixes).\n- fs: dlm: filter user dlm messages for kernel locks (git-fixes).\n- fs: dlm: fix configfs memory leak (git-fixes).\n- fs: dlm: fix debugfs dump (git-fixes).\n- fs: dlm: fix memory leak when fenced (git-fixes).\n- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).\n- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).\n- fs: fix guard_bio_eod to check for real EOD errors (bsc#1213042).\n- fs: prevent BUG_ON in submit_bh_wbc() (bsc#1212990).\n- fuse: revalidate: do not invalidate if interrupted (bsc#1213525).\n- igb: revert rtnl_lock() that causes deadlock (git-fixes).\n- include/trace/events/writeback.h: fix -Wstringop-truncation warnings (bsc#1213023).\n- inotify: Avoid reporting event with invalid wd (bsc#1213025).\n- jbd2: Fix statistics for the number of logged blocks (bsc#1212988).\n- jbd2: abort journal if free a async write error metadata buffer (bsc#1212989).\n- jbd2: fix assertion \u0027jh-\u003eb_frozen_data == NULL\u0027 failure when journal aborted (bsc#1202716).\n- jbd2: fix data races at struct journal_head (bsc#1173438).\n- jbd2: fix invalid descriptor block checksum (bsc#1212987).\n- jbd2: fix race when writing superblock (bsc#1212986).\n- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).\n- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.\n- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).\n- lib/string: Add strscpy_pad() function (bsc#1213023).\n- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).\n- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).\n- memcg: fix a crash in wb_workfn when a device disappears (bsc#1213023).\n- net: mana: Add support for vlan tagging (bsc#1212301).\n- ocfs2: check new file size on fallocate call (git-fixes).\n- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).\n- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).\n- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.\n- s390/dasd: fix memleak in path handling error case (git-fixes bsc#1213221).\n- s390/perf: Change CPUM_CF return code in event init function (git-fixes bsc#1213344).\n- s390/perf: Return error when debug_register fails (git-fixes bsc#1212657).\n- s390: limit brk randomization to 32MB (git-fixes bsc#1213346).\n- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).\n- uas: ignore UAS for Thinkplus chips (git-fixes).\n- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).\n- ubi: ensure that VID header offset + VID header size \u0026lt;= alloc, size (bsc#1210584).\n- udf: Avoid double brelse() in udf_rename() (bsc#1213032).\n- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).\n- udf: Define EFSCORRUPTED error code (bsc#1213038).\n- udf: Discard preallocation before extending file with a hole (bsc#1213036).\n- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).\n- udf: Do not bother merging very long extents (bsc#1213040).\n- udf: Do not update file length for failed writes to inline files (bsc#1213041).\n- udf: Drop unused arguments of udf_delete_aext() (bsc#1213033).\n- udf: Fix extending file within last block (bsc#1213037).\n- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).\n- udf: Truncate added extents on failed expansion (bsc#1213039).\n- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).\n- usrmerge: Adjust module path in the kernel sources (bsc#1212835).\n- vfio-ccw: Do not call flush_workqueue while holding the spinlock (git-fixes bsc#1213218).\n- vfio-ccw: fence off transport mode (git-fixes bsc#1213215).\n- writeback: fix call of incorrect macro (bsc#1213024).\n- x86/bugs: Enable STIBP for JMP2RET (git-fixes).\n- x86/bugs: Remove apostrophe typo (git-fixes).\n- x86/bugs: Warn when \u0027ibrs\u0027 mitigation is selected on Enhanced IBRS parts (git-fixes).\n- x86/cpu: Load microcode during restore_processor_state() (git-fixes).\n- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).\n- x86/speculation/mmio: Print SMT warning (git-fixes).\n- x86: Fix return value of __setup handlers (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3006,SUSE-SLE-RT-12-SP5-2023-3006",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3006-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3006-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233006-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3006-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015680.html"
},
{
"category": "self",
"summary": "SUSE Bug 1150305",
"url": "https://bugzilla.suse.com/1150305"
},
{
"category": "self",
"summary": "SUSE Bug 1173438",
"url": "https://bugzilla.suse.com/1173438"
},
{
"category": "self",
"summary": "SUSE Bug 1202716",
"url": "https://bugzilla.suse.com/1202716"
},
{
"category": "self",
"summary": "SUSE Bug 1205496",
"url": "https://bugzilla.suse.com/1205496"
},
{
"category": "self",
"summary": "SUSE Bug 1207617",
"url": "https://bugzilla.suse.com/1207617"
},
{
"category": "self",
"summary": "SUSE Bug 1207620",
"url": "https://bugzilla.suse.com/1207620"
},
{
"category": "self",
"summary": "SUSE Bug 1207629",
"url": "https://bugzilla.suse.com/1207629"
},
{
"category": "self",
"summary": "SUSE Bug 1207630",
"url": "https://bugzilla.suse.com/1207630"
},
{
"category": "self",
"summary": "SUSE Bug 1207633",
"url": "https://bugzilla.suse.com/1207633"
},
{
"category": "self",
"summary": "SUSE Bug 1207634",
"url": "https://bugzilla.suse.com/1207634"
},
{
"category": "self",
"summary": "SUSE Bug 1207653",
"url": "https://bugzilla.suse.com/1207653"
},
{
"category": "self",
"summary": "SUSE Bug 1208788",
"url": "https://bugzilla.suse.com/1208788"
},
{
"category": "self",
"summary": "SUSE Bug 1210584",
"url": "https://bugzilla.suse.com/1210584"
},
{
"category": "self",
"summary": "SUSE Bug 1210765",
"url": "https://bugzilla.suse.com/1210765"
},
{
"category": "self",
"summary": "SUSE Bug 1210766",
"url": "https://bugzilla.suse.com/1210766"
},
{
"category": "self",
"summary": "SUSE Bug 1210771",
"url": "https://bugzilla.suse.com/1210771"
},
{
"category": "self",
"summary": "SUSE Bug 1211867",
"url": "https://bugzilla.suse.com/1211867"
},
{
"category": "self",
"summary": "SUSE Bug 1212301",
"url": "https://bugzilla.suse.com/1212301"
},
{
"category": "self",
"summary": "SUSE Bug 1212657",
"url": "https://bugzilla.suse.com/1212657"
},
{
"category": "self",
"summary": "SUSE Bug 1212741",
"url": "https://bugzilla.suse.com/1212741"
},
{
"category": "self",
"summary": "SUSE Bug 1212835",
"url": "https://bugzilla.suse.com/1212835"
},
{
"category": "self",
"summary": "SUSE Bug 1212871",
"url": "https://bugzilla.suse.com/1212871"
},
{
"category": "self",
"summary": "SUSE Bug 1212905",
"url": "https://bugzilla.suse.com/1212905"
},
{
"category": "self",
"summary": "SUSE Bug 1212986",
"url": "https://bugzilla.suse.com/1212986"
},
{
"category": "self",
"summary": "SUSE Bug 1212987",
"url": "https://bugzilla.suse.com/1212987"
},
{
"category": "self",
"summary": "SUSE Bug 1212988",
"url": "https://bugzilla.suse.com/1212988"
},
{
"category": "self",
"summary": "SUSE Bug 1212989",
"url": "https://bugzilla.suse.com/1212989"
},
{
"category": "self",
"summary": "SUSE Bug 1212990",
"url": "https://bugzilla.suse.com/1212990"
},
{
"category": "self",
"summary": "SUSE Bug 1213010",
"url": "https://bugzilla.suse.com/1213010"
},
{
"category": "self",
"summary": "SUSE Bug 1213011",
"url": "https://bugzilla.suse.com/1213011"
},
{
"category": "self",
"summary": "SUSE Bug 1213012",
"url": "https://bugzilla.suse.com/1213012"
},
{
"category": "self",
"summary": "SUSE Bug 1213013",
"url": "https://bugzilla.suse.com/1213013"
},
{
"category": "self",
"summary": "SUSE Bug 1213014",
"url": "https://bugzilla.suse.com/1213014"
},
{
"category": "self",
"summary": "SUSE Bug 1213015",
"url": "https://bugzilla.suse.com/1213015"
},
{
"category": "self",
"summary": "SUSE Bug 1213017",
"url": "https://bugzilla.suse.com/1213017"
},
{
"category": "self",
"summary": "SUSE Bug 1213018",
"url": "https://bugzilla.suse.com/1213018"
},
{
"category": "self",
"summary": "SUSE Bug 1213019",
"url": "https://bugzilla.suse.com/1213019"
},
{
"category": "self",
"summary": "SUSE Bug 1213020",
"url": "https://bugzilla.suse.com/1213020"
},
{
"category": "self",
"summary": "SUSE Bug 1213021",
"url": "https://bugzilla.suse.com/1213021"
},
{
"category": "self",
"summary": "SUSE Bug 1213022",
"url": "https://bugzilla.suse.com/1213022"
},
{
"category": "self",
"summary": "SUSE Bug 1213023",
"url": "https://bugzilla.suse.com/1213023"
},
{
"category": "self",
"summary": "SUSE Bug 1213024",
"url": "https://bugzilla.suse.com/1213024"
},
{
"category": "self",
"summary": "SUSE Bug 1213025",
"url": "https://bugzilla.suse.com/1213025"
},
{
"category": "self",
"summary": "SUSE Bug 1213032",
"url": "https://bugzilla.suse.com/1213032"
},
{
"category": "self",
"summary": "SUSE Bug 1213033",
"url": "https://bugzilla.suse.com/1213033"
},
{
"category": "self",
"summary": "SUSE Bug 1213034",
"url": "https://bugzilla.suse.com/1213034"
},
{
"category": "self",
"summary": "SUSE Bug 1213035",
"url": "https://bugzilla.suse.com/1213035"
},
{
"category": "self",
"summary": "SUSE Bug 1213036",
"url": "https://bugzilla.suse.com/1213036"
},
{
"category": "self",
"summary": "SUSE Bug 1213037",
"url": "https://bugzilla.suse.com/1213037"
},
{
"category": "self",
"summary": "SUSE Bug 1213038",
"url": "https://bugzilla.suse.com/1213038"
},
{
"category": "self",
"summary": "SUSE Bug 1213039",
"url": "https://bugzilla.suse.com/1213039"
},
{
"category": "self",
"summary": "SUSE Bug 1213040",
"url": "https://bugzilla.suse.com/1213040"
},
{
"category": "self",
"summary": "SUSE Bug 1213041",
"url": "https://bugzilla.suse.com/1213041"
},
{
"category": "self",
"summary": "SUSE Bug 1213042",
"url": "https://bugzilla.suse.com/1213042"
},
{
"category": "self",
"summary": "SUSE Bug 1213059",
"url": "https://bugzilla.suse.com/1213059"
},
{
"category": "self",
"summary": "SUSE Bug 1213133",
"url": "https://bugzilla.suse.com/1213133"
},
{
"category": "self",
"summary": "SUSE Bug 1213215",
"url": "https://bugzilla.suse.com/1213215"
},
{
"category": "self",
"summary": "SUSE Bug 1213218",
"url": "https://bugzilla.suse.com/1213218"
},
{
"category": "self",
"summary": "SUSE Bug 1213221",
"url": "https://bugzilla.suse.com/1213221"
},
{
"category": "self",
"summary": "SUSE Bug 1213286",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "self",
"summary": "SUSE Bug 1213344",
"url": "https://bugzilla.suse.com/1213344"
},
{
"category": "self",
"summary": "SUSE Bug 1213346",
"url": "https://bugzilla.suse.com/1213346"
},
{
"category": "self",
"summary": "SUSE Bug 1213525",
"url": "https://bugzilla.suse.com/1213525"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2985 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35001 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35001/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2023-07-27T12:18:33Z",
"generator": {
"date": "2023-07-27T12:18:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3006-1",
"initial_release_date": "2023-07-27T12:18:33Z",
"revision_history": [
{
"date": "2023-07-27T12:18:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-4.12.14-10.133.1.noarch",
"product": {
"name": "kernel-devel-rt-4.12.14-10.133.1.noarch",
"product_id": "kernel-devel-rt-4.12.14-10.133.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-4.12.14-10.133.1.noarch",
"product": {
"name": "kernel-source-rt-4.12.14-10.133.1.noarch",
"product_id": "kernel-source-rt-4.12.14-10.133.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"product_id": "cluster-md-kmp-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"product_id": "dlm-kmp-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product_id": "dlm-kmp-rt_debug-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"product_id": "gfs2-kmp-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt-base-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt-base-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt-devel-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt-devel-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt-extra-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt-extra-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-kgraft-devel-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt-kgraft-devel-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt-kgraft-devel-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt_debug-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt_debug-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-base-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt_debug-base-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt_debug-base-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt_debug-devel-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt_debug-extra-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-kgraft-devel-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-rt_debug-kgraft-devel-4.12.14-10.133.1.x86_64",
"product_id": "kernel-rt_debug-kgraft-devel-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "kernel-syms-rt-4.12.14-10.133.1.x86_64",
"product_id": "kernel-syms-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-4.12.14-10.133.1.x86_64",
"product_id": "kselftests-kmp-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"product_id": "ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-4.12.14-10.133.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64"
},
"product_reference": "dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-4.12.14-10.133.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch"
},
"product_reference": "kernel-devel-rt-4.12.14-10.133.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64"
},
"product_reference": "kernel-rt-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64"
},
"product_reference": "kernel-rt-base-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64"
},
"product_reference": "kernel-rt-devel-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64"
},
"product_reference": "kernel-rt_debug-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-4.12.14-10.133.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch"
},
"product_reference": "kernel-source-rt-4.12.14-10.133.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64"
},
"product_reference": "kernel-syms-rt-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-4.12.14-10.133.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-27T12:18:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-2985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2985"
}
],
"notes": [
{
"category": "general",
"text": "A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2985",
"url": "https://www.suse.com/security/cve/CVE-2023-2985"
},
{
"category": "external",
"summary": "SUSE Bug 1211867 for CVE-2023-2985",
"url": "https://bugzilla.suse.com/1211867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-27T12:18:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-2985"
},
{
"cve": "CVE-2023-35001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35001"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35001",
"url": "https://www.suse.com/security/cve/CVE-2023-35001"
},
{
"category": "external",
"summary": "SUSE Bug 1213059 for CVE-2023-35001",
"url": "https://bugzilla.suse.com/1213059"
},
{
"category": "external",
"summary": "SUSE Bug 1213063 for CVE-2023-35001",
"url": "https://bugzilla.suse.com/1213063"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-35001",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.133.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.133.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-27T12:18:33Z",
"details": "important"
}
],
"title": "CVE-2023-35001"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…