File _patchinfo of Package patchinfo.30028

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.30028

<patchinfo incident="30028">
  <issue id="1210566" tracker="bnc">VUL-0: CVE-2023-2002: kernel live patch: unauthorized management command execution</issue>
  <issue id="1210987" tracker="bnc">VUL-0: CVE-2023-2235: kernel live patch: use-after-free inside the Performance Events</issue>
  <issue id="1212509" tracker="bnc">VUL-0: CVE-2023-35788: kernel live patch: out-of-bounds write in net/sched/cls_flower.c</issue>
  <issue id="2023-2002" tracker="cve" />
  <issue id="2023-2235" tracker="cve" />
  <issue id="2023-35788" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues.

The following security issues were fixed:

- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
- CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).
</description>
<summary>Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4)</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.30028

Places