Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
patchinfo.28548
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.28548
<patchinfo incident="28548"> <issue id="1207168" tracker="bnc">VUL-0: CVE-2023-0394: kernel: null pointer dereference in skb_transport_offset</issue> <issue id="1207560" tracker="bnc">VUL-0: CVE-2023-25012: kernel: hid: Use-After-Free in bigben_set_led()</issue> <issue id="1208137" tracker="bnc">L3: network communication stops with 'NETDEV WATCHDOG: eth1 (ena): transmit queue 7 timed out'</issue> <issue id="1208179" tracker="bnc">Uninstall of RPM fails in %preun section</issue> <issue id="1208598" tracker="bnc">VUL-0: CVE-2023-1075: kernel: Type Confusion in tls_is_tx_ready</issue> <issue id="1208599" tracker="bnc">VUL-0: CVE-2023-1076: kernel: incorrect UID assigned to tun/tap sockets</issue> <issue id="1208601" tracker="bnc">VUL-0: CVE-2023-1078: kernel: heap out-of-bounds write in rds_rm_zerocopy_callback</issue> <issue id="1208777" tracker="bnc">VUL-0: CVE-2023-1095: kernel: netfilter - NULL pointer dereference in nf_tables due to zeroed list head</issue> <issue id="1208787" tracker="bnc">VUL-0: CVE-2023-0461: kernel: use-after-free in icsk_ulp_data()</issue> <issue id="1208843" tracker="bnc">VUL-0: CVE-2023-23004: kernel-source-azure,kernel-source-rt,kernel-source: drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value</issue> <issue id="1209008" tracker="bnc">VUL-0: kernel-vanilla: signed by SUSE key not locked down</issue> <issue id="1209052" tracker="bnc">VUL-0: CVE-2023-28464: kernel-source: double free in hci_conn_cleanup()</issue> <issue id="1209256" tracker="bnc">prlimit: do_prlimit needs to have a speculation check</issue> <issue id="1209288" tracker="bnc">VUL-0: CVE-2023-1382: kernel: denial of service in tipc_conn_close</issue> <issue id="1209289" tracker="bnc">VUL-0: CVE-2023-1390: kernel: remote DoS in TIPC kernel module</issue> <issue id="1209290" tracker="bnc">VUL-0: CVE-2023-28327: kernel: denial of service problem in net/unix/diag.c</issue> <issue id="1209291" tracker="bnc">VUL-0: CVE-2023-28328: kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c</issue> <issue id="1209366" tracker="bnc">VUL-0: CVE-2023-28466: kernel: do_tls_getsockopt lacks a lock_sock call, leading to a race condition</issue> <issue id="1209532" tracker="bnc">VUL-0: CVE-2023-1513: kernel: kvm: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems</issue> <issue id="1209547" tracker="bnc">VUL-0: CVE-2017-5753: kernel-source,kernel-source-rt,kernel-source-azure: Upstream reports spectre V1 vulnerability on netlink</issue> <issue id="1209549" tracker="bnc">VUL-0: CVE-2023-28772: kernel-source,kernel-source-rt,kernel-souce-azure: Upstream reports buffer overflow in seq_buf_putmem_hex()</issue> <issue id="1209634" tracker="bnc">VUL-0: CVE-2023-1281: kernel: use-after-free vulnerability inside the traffic control index filter (tcindex) allows Privilege Escalation</issue> <issue id="1209635" tracker="bnc">VUL-0: CVE-2022-4744: kernel: tun: avoid double free in tun_free_netdev</issue> <issue id="1209636" tracker="bnc">VUL-0: CVE-2023-1582: kernel: Soft lockup occurred during __page_mapcount</issue> <issue id="1209672" tracker="bnc">VUL-0: CVE-2022-4744: kernel live patch: tun: avoid double free in tun_free_netdev</issue> <issue id="1209683" tracker="bnc">VUL-0: CVE-2023-1281: kernel live patch: use-after-free vulnerability inside the traffic control index filter (tcindex) allows Privilege Escalation</issue> <issue id="1209778" tracker="bnc">VUL-0: CVE-2021-3923: kernel: stack information leak in infiniband RDMA</issue> <issue id="1209785" tracker="bnc">L3: Servers rebooted again. - Crash dump analysis to confirm this is bug 1207185</issue> <issue id="2023-0461" tracker="cve" /> <issue id="2023-28772" tracker="cve" /> <issue id="2023-1513" tracker="cve" /> <issue id="2023-28464" tracker="cve" /> <issue id="2023-28466" tracker="cve" /> <issue id="2021-3923" tracker="cve" /> <issue id="2023-1390" tracker="cve" /> <issue id="2022-4744" tracker="cve" /> <issue id="2023-1281" tracker="cve" /> <issue id="2023-1582" tracker="cve" /> <issue id="2023-28327" tracker="cve" /> <issue id="2017-5753" tracker="cve" /> <issue id="2023-1382" tracker="cve" /> <issue id="2023-28328" tracker="cve" /> <issue id="2023-1078" tracker="cve" /> <issue id="2023-1075" tracker="cve" /> <issue id="2023-1076" tracker="cve" /> <issue id="2023-1095" tracker="cve" /> <issue id="2023-25012" tracker="cve" /> <issue id="2023-23004" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>alix82</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor