SUSE-SU-2023:4033-1
Vulnerability from csaf_suse - Published: 2023-10-10 12:21 - Updated: 2023-10-10 12:21Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).
- Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).
- arm64: insn: Fix ldadd instruction encoding (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).
- blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1214586).
- blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).
- btrfs: output extra information on failure (bsc#1215136).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380)
- direct-io: allow direct writes to empty inodes (bsc#1215164).
- drm/ast: Fix DRAM init on AST2200 (bsc#1152446)
- drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: * move changes to drm_fb_helper.c * context changes
- drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: * send hotplug event from drm_client_add() * remove drm_dbg_kms()
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)
- fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)
- fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).
- firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).
- firmware: raspberrypi: Keep count of all consumers (git-fixes).
- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
- fs: avoid softlockups in s_inodes iterators (bsc#1215165).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).
- media: cec: copy sequence field for the reply (git-fixes).
- media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).
- media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).
- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: s5p_cec: decrement usage count if disabled (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes).
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net: virtio_vsock: Enhance connection semantics (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: fix warning in dqgrab() (bsc#1214962).
- remoteproc: Add missing '\n' in log messages (git-fixes).
- remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).
- s390/dasd: fix hanging device after request requeue (bsc#1215121).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152).
- s390: add z16 elf platform (bsc#1215954).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- vhost/test: stop device before reset (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
- vhost: Do not call access_ok() when using IOTLB (git-fixes).
- vhost: Fix vhost_vq_reset() (git-fixes).
- vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vhost: introduce helpers to get the size of metadata area (git-fixes).
- vhost: missing __user tags (git-fixes).
- vhost: vsock: kick send_pkt worker once device is started (git-fixes).
- vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- virtio_balloon: prevent pfn array overflow (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: Remove BUG() to avoid machine dead (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device (git-fixes).
- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).
- virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: free queued packets when closing socket (git-fixes).
- vsock/virtio: update credit only if socket is not closed (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
Patchnames: SUSE-2023-4033,SUSE-SLE-RT-12-SP5-2023-4033
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).\n- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).\n- CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858).\n- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).\n- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).\n- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).\n- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).\n- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).\n- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).\n- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).\n- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).\n- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).\n\nThe following non-security bugs were fixed:\n\n- 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).\n- Drivers: hv: vmbus: Do not dereference ACPI root object handle (git-fixes).\n- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).\n- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).\n- Input: xpad - add constants for GIP interface numbers (git-fixes).\n- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).\n- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215897).\n- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215898).\n- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).\n- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).\n- USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).\n- USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).\n- VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).\n- arm64: insn: Fix ldadd instruction encoding (git-fixes)\n- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)\n- blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)\n- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).\n- blk-mq: In blk_mq_dispatch_rq_list() \u0027no budget\u0027 is a reason to kick (bsc#1214586).\n- blk-mq: Rerun dispatching in the case of budget contention (bsc#1214586).\n- btrfs: output extra information on failure (bsc#1215136).\n- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380)\n- direct-io: allow direct writes to empty inodes (bsc#1215164).\n- drm/ast: Fix DRAM init on AST2200 (bsc#1152446)\n- drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446) Backporting changes: \t* move changes to drm_fb_helper.c \t* context changes\n- drm/client: Send hotplug event after registering a client (bsc#1152446) Backporting changes: \t* send hotplug event from drm_client_add() \t* remove drm_dbg_kms()\n- drm/virtio: Fix GEM handle creation UAF (git-fixes).\n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).\n- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).\n- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).\n- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).\n- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).\n- fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048).\n- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)\n- fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)\n- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)\n- fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048).\n- firmware: raspberrypi: Introduce devm_rpi_firmware_get() (git-fixes).\n- firmware: raspberrypi: Keep count of all consumers (git-fixes).\n- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).\n- fs: avoid softlockups in s_inodes iterators (bsc#1215165).\n- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215607).\n- hv_utils: Fix passing zero to \u0027PTR_ERR\u0027 warning (git-fixes).\n- idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).\n- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).\n- jbd2: check \u0027jh-\u003eb_transaction\u0027 before removing it from checkpoint (bsc#1214953).\n- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).\n- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).\n- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).\n- jbd2: remove t_checkpoint_io_list (bsc#1214946).\n- jbd2: remove unused function \u0027__cp_buffer_busy\u0027 (bsc#1215162).\n- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).\n- jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).\n- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.\n- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.\n- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).\n- media: cec-notifier: clear cec_adap in cec_notifier_unregister (git-fixes).\n- media: cec: copy sequence field for the reply (git-fixes).\n- media: cec: integrate cec_validate_phys_addr() in cec-api.c (git-fixes).\n- media: cec: make cec_get_edid_spa_location() an inline function (git-fixes).\n- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() (git-fixes).\n- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).\n- media: s5p_cec: decrement usage count if disabled (git-fixes).\n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).\n- mkspec: Allow unsupported KMPs (bsc#1214386)\n- net/mlx5: Fix size field in bufferx_reg struct (git-fixes).\n- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).\n- net: check if protocol extracted by virtio_net_hdr_set_proto is correct (git-fixes).\n- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).\n- net: ensure mac header is set in virtio_net_hdr_to_skb() (git-fixes).\n- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-\u003edev is null (git-fixes).\n- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).\n- net: virtio_vsock: Enhance connection semantics (git-fixes).\n- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).\n- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.\n- powerpc/64s/exception: machine check use correct cfar for late handler (bsc#1065729).\n- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).\n- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).\n- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).\n- quota: fix warning in dqgrab() (bsc#1214962).\n- remoteproc: Add missing \u0027\\n\u0027 in log messages (git-fixes).\n- remoteproc: Fix NULL pointer dereference in rproc_virtio_notify (git-fixes).\n- s390/dasd: fix hanging device after request requeue (bsc#1215121).\n- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215152).\n- s390: add z16 elf platform (bsc#1215954).\n- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).\n- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).\n- scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (git-fixes bsc#1215149).\n- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).\n- tracing: Reverse the order of trace_types_lock and event_mutex (git-fixes bsc#1215634).\n- udf: Fix extension of the last extent in the file (bsc#1214964).\n- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).\n- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).\n- udf: Fix uninitialized array access for some pathnames (bsc#1214967).\n- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).\n- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).\n- vhost/net: Clear the pending messages when the backend is removed (git-fixes).\n- vhost/test: stop device before reset (git-fixes).\n- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).\n- vhost: Do not call access_ok() when using IOTLB (git-fixes).\n- vhost: Fix vhost_vq_reset() (git-fixes).\n- vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (git-fixes).\n- vhost: fix range used in translate_desc() (git-fixes).\n- vhost: introduce helpers to get the size of metadata area (git-fixes).\n- vhost: missing __user tags (git-fixes).\n- vhost: vsock: kick send_pkt worker once device is started (git-fixes).\n- vhost_net: fix ubuf refcount incorrectly when sendmsg fails (git-fixes).\n- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).\n- virtio-gpu: fix possible memory allocation failure (git-fixes).\n- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).\n- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).\n- virtio-net: fix race between set queues and probe (git-fixes).\n- virtio-net: fix the race between refill work and close (git-fixes).\n- virtio-net: set queues after driver_ok (git-fixes).\n- virtio-rng: make device ready before making request (git-fixes).\n- virtio: acknowledge all features before access (git-fixes).\n- virtio_balloon: prevent pfn array overflow (git-fixes).\n- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).\n- virtio_mmio: Restore guest page size on resume (git-fixes).\n- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).\n- virtio_net: Remove BUG() to avoid machine dead (git-fixes).\n- virtio_net: add checking sq is full inside xdp xmit (git-fixes).\n- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).\n- virtio_net: reorder some funcs (git-fixes).\n- virtio_net: separate the logic of checking whether sq is full (git-fixes).\n- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).\n- virtio_pci: Support surprise removal of virtio pci device (git-fixes).\n- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).\n- virtio_ring: Avoid loop when vq is broken in virtqueue_poll (git-fixes).\n- vringh: Fix loop descriptors check in the indirect cases (git-fixes).\n- vsock/virtio: avoid potential deadlock when vsock device remove (git-fixes).\n- vsock/virtio: enable VQs early on probe (git-fixes).\n- vsock/virtio: free queued packets when closing socket (git-fixes).\n- vsock/virtio: update credit only if socket is not closed (git-fixes).\n- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).\n- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).\n- x86/srso: Do not probe microcode in a guest (git-fixes).\n- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).\n- x86/srso: Fix srso_show_state() side effect (git-fixes).\n- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).\n- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4033,SUSE-SLE-RT-12-SP5-2023-4033",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4033-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4033-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234033-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4033-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016620.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1109837",
"url": "https://bugzilla.suse.com/1109837"
},
{
"category": "self",
"summary": "SUSE Bug 1152446",
"url": "https://bugzilla.suse.com/1152446"
},
{
"category": "self",
"summary": "SUSE Bug 1154048",
"url": "https://bugzilla.suse.com/1154048"
},
{
"category": "self",
"summary": "SUSE Bug 1208995",
"url": "https://bugzilla.suse.com/1208995"
},
{
"category": "self",
"summary": "SUSE Bug 1210169",
"url": "https://bugzilla.suse.com/1210169"
},
{
"category": "self",
"summary": "SUSE Bug 1212703",
"url": "https://bugzilla.suse.com/1212703"
},
{
"category": "self",
"summary": "SUSE Bug 1213016",
"url": "https://bugzilla.suse.com/1213016"
},
{
"category": "self",
"summary": "SUSE Bug 1214157",
"url": "https://bugzilla.suse.com/1214157"
},
{
"category": "self",
"summary": "SUSE Bug 1214380",
"url": "https://bugzilla.suse.com/1214380"
},
{
"category": "self",
"summary": "SUSE Bug 1214386",
"url": "https://bugzilla.suse.com/1214386"
},
{
"category": "self",
"summary": "SUSE Bug 1214586",
"url": "https://bugzilla.suse.com/1214586"
},
{
"category": "self",
"summary": "SUSE Bug 1214940",
"url": "https://bugzilla.suse.com/1214940"
},
{
"category": "self",
"summary": "SUSE Bug 1214943",
"url": "https://bugzilla.suse.com/1214943"
},
{
"category": "self",
"summary": "SUSE Bug 1214945",
"url": "https://bugzilla.suse.com/1214945"
},
{
"category": "self",
"summary": "SUSE Bug 1214946",
"url": "https://bugzilla.suse.com/1214946"
},
{
"category": "self",
"summary": "SUSE Bug 1214948",
"url": "https://bugzilla.suse.com/1214948"
},
{
"category": "self",
"summary": "SUSE Bug 1214949",
"url": "https://bugzilla.suse.com/1214949"
},
{
"category": "self",
"summary": "SUSE Bug 1214950",
"url": "https://bugzilla.suse.com/1214950"
},
{
"category": "self",
"summary": "SUSE Bug 1214952",
"url": "https://bugzilla.suse.com/1214952"
},
{
"category": "self",
"summary": "SUSE Bug 1214953",
"url": "https://bugzilla.suse.com/1214953"
},
{
"category": "self",
"summary": "SUSE Bug 1214961",
"url": "https://bugzilla.suse.com/1214961"
},
{
"category": "self",
"summary": "SUSE Bug 1214962",
"url": "https://bugzilla.suse.com/1214962"
},
{
"category": "self",
"summary": "SUSE Bug 1214964",
"url": "https://bugzilla.suse.com/1214964"
},
{
"category": "self",
"summary": "SUSE Bug 1214965",
"url": "https://bugzilla.suse.com/1214965"
},
{
"category": "self",
"summary": "SUSE Bug 1214966",
"url": "https://bugzilla.suse.com/1214966"
},
{
"category": "self",
"summary": "SUSE Bug 1214967",
"url": "https://bugzilla.suse.com/1214967"
},
{
"category": "self",
"summary": "SUSE Bug 1215115",
"url": "https://bugzilla.suse.com/1215115"
},
{
"category": "self",
"summary": "SUSE Bug 1215117",
"url": "https://bugzilla.suse.com/1215117"
},
{
"category": "self",
"summary": "SUSE Bug 1215121",
"url": "https://bugzilla.suse.com/1215121"
},
{
"category": "self",
"summary": "SUSE Bug 1215122",
"url": "https://bugzilla.suse.com/1215122"
},
{
"category": "self",
"summary": "SUSE Bug 1215136",
"url": "https://bugzilla.suse.com/1215136"
},
{
"category": "self",
"summary": "SUSE Bug 1215149",
"url": "https://bugzilla.suse.com/1215149"
},
{
"category": "self",
"summary": "SUSE Bug 1215152",
"url": "https://bugzilla.suse.com/1215152"
},
{
"category": "self",
"summary": "SUSE Bug 1215162",
"url": "https://bugzilla.suse.com/1215162"
},
{
"category": "self",
"summary": "SUSE Bug 1215164",
"url": "https://bugzilla.suse.com/1215164"
},
{
"category": "self",
"summary": "SUSE Bug 1215165",
"url": "https://bugzilla.suse.com/1215165"
},
{
"category": "self",
"summary": "SUSE Bug 1215207",
"url": "https://bugzilla.suse.com/1215207"
},
{
"category": "self",
"summary": "SUSE Bug 1215221",
"url": "https://bugzilla.suse.com/1215221"
},
{
"category": "self",
"summary": "SUSE Bug 1215275",
"url": "https://bugzilla.suse.com/1215275"
},
{
"category": "self",
"summary": "SUSE Bug 1215299",
"url": "https://bugzilla.suse.com/1215299"
},
{
"category": "self",
"summary": "SUSE Bug 1215467",
"url": "https://bugzilla.suse.com/1215467"
},
{
"category": "self",
"summary": "SUSE Bug 1215607",
"url": "https://bugzilla.suse.com/1215607"
},
{
"category": "self",
"summary": "SUSE Bug 1215634",
"url": "https://bugzilla.suse.com/1215634"
},
{
"category": "self",
"summary": "SUSE Bug 1215858",
"url": "https://bugzilla.suse.com/1215858"
},
{
"category": "self",
"summary": "SUSE Bug 1215860",
"url": "https://bugzilla.suse.com/1215860"
},
{
"category": "self",
"summary": "SUSE Bug 1215861",
"url": "https://bugzilla.suse.com/1215861"
},
{
"category": "self",
"summary": "SUSE Bug 1215877",
"url": "https://bugzilla.suse.com/1215877"
},
{
"category": "self",
"summary": "SUSE Bug 1215897",
"url": "https://bugzilla.suse.com/1215897"
},
{
"category": "self",
"summary": "SUSE Bug 1215898",
"url": "https://bugzilla.suse.com/1215898"
},
{
"category": "self",
"summary": "SUSE Bug 1215954",
"url": "https://bugzilla.suse.com/1215954"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36766 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1206 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1859 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39193 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39194 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42754 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4623 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4881 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4921 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4921/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2023-10-10T12:21:11Z",
"generator": {
"date": "2023-10-10T12:21:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4033-1",
"initial_release_date": "2023-10-10T12:21:11Z",
"revision_history": [
{
"date": "2023-10-10T12:21:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-4.12.14-10.144.1.noarch",
"product": {
"name": "kernel-devel-rt-4.12.14-10.144.1.noarch",
"product_id": "kernel-devel-rt-4.12.14-10.144.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-4.12.14-10.144.1.noarch",
"product": {
"name": "kernel-source-rt-4.12.14-10.144.1.noarch",
"product_id": "kernel-source-rt-4.12.14-10.144.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"product_id": "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"product_id": "dlm-kmp-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product_id": "dlm-kmp-rt_debug-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"product_id": "gfs2-kmp-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt-base-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt-base-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt-devel-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt-devel-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt-extra-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt-extra-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-kgraft-devel-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt-kgraft-devel-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt-kgraft-devel-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt_debug-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt_debug-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-base-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt_debug-base-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt_debug-base-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt_debug-extra-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-kgraft-devel-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-rt_debug-kgraft-devel-4.12.14-10.144.1.x86_64",
"product_id": "kernel-rt_debug-kgraft-devel-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "kernel-syms-rt-4.12.14-10.144.1.x86_64",
"product_id": "kernel-syms-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-4.12.14-10.144.1.x86_64",
"product_id": "kselftests-kmp-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"product_id": "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-4.12.14-10.144.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64"
},
"product_reference": "dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-4.12.14-10.144.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch"
},
"product_reference": "kernel-devel-rt-4.12.14-10.144.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64"
},
"product_reference": "kernel-rt-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64"
},
"product_reference": "kernel-rt-base-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64"
},
"product_reference": "kernel-rt-devel-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64"
},
"product_reference": "kernel-rt_debug-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-4.12.14-10.144.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch"
},
"product_reference": "kernel-source-rt-4.12.14-10.144.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64"
},
"product_reference": "kernel-syms-rt-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP5",
"product_id": "SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36766"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36766",
"url": "https://www.suse.com/security/cve/CVE-2020-36766"
},
{
"category": "external",
"summary": "SUSE Bug 1215299 for CVE-2020-36766",
"url": "https://bugzilla.suse.com/1215299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "low"
}
],
"title": "CVE-2020-36766"
},
{
"cve": "CVE-2023-1192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1192"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1192",
"url": "https://www.suse.com/security/cve/CVE-2023-1192"
},
{
"category": "external",
"summary": "SUSE Bug 1208995 for CVE-2023-1192",
"url": "https://bugzilla.suse.com/1208995"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-1192"
},
{
"cve": "CVE-2023-1206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1206"
}
],
"notes": [
{
"category": "general",
"text": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u0027s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1206",
"url": "https://www.suse.com/security/cve/CVE-2023-1206"
},
{
"category": "external",
"summary": "SUSE Bug 1212703 for CVE-2023-1206",
"url": "https://bugzilla.suse.com/1212703"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-1206",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-1206"
},
{
"cve": "CVE-2023-1859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1859"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1859",
"url": "https://www.suse.com/security/cve/CVE-2023-1859"
},
{
"category": "external",
"summary": "SUSE Bug 1210169 for CVE-2023-1859",
"url": "https://bugzilla.suse.com/1210169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-1859"
},
{
"cve": "CVE-2023-39192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39192"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39192",
"url": "https://www.suse.com/security/cve/CVE-2023-39192"
},
{
"category": "external",
"summary": "SUSE Bug 1215858 for CVE-2023-39192",
"url": "https://bugzilla.suse.com/1215858"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39192",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-39192"
},
{
"cve": "CVE-2023-39193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39193"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39193",
"url": "https://www.suse.com/security/cve/CVE-2023-39193"
},
{
"category": "external",
"summary": "SUSE Bug 1215860 for CVE-2023-39193",
"url": "https://bugzilla.suse.com/1215860"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39193",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-39193"
},
{
"cve": "CVE-2023-39194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39194"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39194",
"url": "https://www.suse.com/security/cve/CVE-2023-39194"
},
{
"category": "external",
"summary": "SUSE Bug 1215861 for CVE-2023-39194",
"url": "https://bugzilla.suse.com/1215861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-39194"
},
{
"cve": "CVE-2023-42754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42754"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42754",
"url": "https://www.suse.com/security/cve/CVE-2023-42754"
},
{
"category": "external",
"summary": "SUSE Bug 1215467 for CVE-2023-42754",
"url": "https://bugzilla.suse.com/1215467"
},
{
"category": "external",
"summary": "SUSE Bug 1222212 for CVE-2023-42754",
"url": "https://bugzilla.suse.com/1222212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-42754"
},
{
"cve": "CVE-2023-4622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4622"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer\u0027s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4622",
"url": "https://www.suse.com/security/cve/CVE-2023-4622"
},
{
"category": "external",
"summary": "SUSE Bug 1215117 for CVE-2023-4622",
"url": "https://bugzilla.suse.com/1215117"
},
{
"category": "external",
"summary": "SUSE Bug 1215442 for CVE-2023-4622",
"url": "https://bugzilla.suse.com/1215442"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-4622",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1219699 for CVE-2023-4622",
"url": "https://bugzilla.suse.com/1219699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "important"
}
],
"title": "CVE-2023-4622"
},
{
"cve": "CVE-2023-4623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4623"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4623",
"url": "https://www.suse.com/security/cve/CVE-2023-4623"
},
{
"category": "external",
"summary": "SUSE Bug 1215115 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1215115"
},
{
"category": "external",
"summary": "SUSE Bug 1215440 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1215440"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1219698 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1219698"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1221598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "important"
}
],
"title": "CVE-2023-4623"
},
{
"cve": "CVE-2023-4881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4881"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4881",
"url": "https://www.suse.com/security/cve/CVE-2023-4881"
},
{
"category": "external",
"summary": "SUSE Bug 1215221 for CVE-2023-4881",
"url": "https://bugzilla.suse.com/1215221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-4881"
},
{
"cve": "CVE-2023-4921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4921"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4921",
"url": "https://www.suse.com/security/cve/CVE-2023-4921"
},
{
"category": "external",
"summary": "SUSE Bug 1215275 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1215275"
},
{
"category": "external",
"summary": "SUSE Bug 1215300 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1215300"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1220906 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1220906"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1224418 for CVE-2023-4921",
"url": "https://bugzilla.suse.com/1224418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP5:cluster-md-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:dlm-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:gfs2-kmp-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-devel-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-base-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-rt_debug-devel-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-source-rt-4.12.14-10.144.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP5:kernel-syms-rt-4.12.14-10.144.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP5:ocfs2-kmp-rt-4.12.14-10.144.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-10T12:21:11Z",
"details": "important"
}
],
"title": "CVE-2023-4921"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…