Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
patchinfo.30938
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.30938
<patchinfo incident="30938"> <issue id="1207036" tracker="bnc">VUL-0: CVE-2023-23454: kernel: type-confusion in the CBQ network scheduler</issue> <issue id="1208995" tracker="bnc">VUL-0: CVE-2023-1192: kernel: use-after-free in smb2_is_status_io_timeout()</issue> <issue id="1210169" tracker="bnc">VUL-1: CVE-2023-1859: kernel-source,kernel-source-rt,kernel-source-azure: use after free in xen_9pfs_front_remove() due to race condition</issue> <issue id="1210643" tracker="bnc">VUL-0: CVE-2023-2177: kernel-source-rt,kernel-source,kernel-source-azure: NULL pointer dereference in sctp_sched_dequeue_common()</issue> <issue id="1212703" tracker="bnc">VUL-0: CVE-2023-1206: kernel-source-rt,kernel-source,kernel-source-azure: hash collisions in the IPv6 connection lookup table</issue> <issue id="1214233" tracker="bnc">VUL-0: CVE-2023-40283: kernel-source,kernel-source-azure,kernel-source-rt: use after free in l2cap_sock_ready_cb() due to insufficient cleanup</issue> <issue id="1214351" tracker="bnc">VUL-0: CVE-2023-4389: kernel-source,kernel-source-azure,kernel-source-rt: double free in btrfs_get_root_ref()</issue> <issue id="1214380" tracker="bnc">Incorrect CONFIG_BUILTIN_RETURN_ADDRESS_STRIPS_PAC for arm64 with 6.4 kernel and gcc7</issue> <issue id="1214386" tracker="bnc">Cannot build KMP subpackage as unsupported</issue> <issue id="1215115" tracker="bnc">VUL-0: CVE-2023-4623: kernel-source-azure,kernel-source,kernel-source-rt: net/sched UAF in sch_hfsc</issue> <issue id="1215117" tracker="bnc">VUL-0: CVE-2023-4622: kernel-source,kernel-source-azure,kernel-source-rt: af_unix UAF</issue> <issue id="1215150" tracker="bnc">VUL-0: CVE-2023-42753: kernel-source: slab-out-of-bound access in the Linux kernel (XSA-439)</issue> <issue id="1215221" tracker="bnc">VUL-0: CVE-2023-4881: kernel-source: stack out-of-bounds write in nft_exthdr ip/tcp/sctp functions</issue> <issue id="1215275" tracker="bnc">VUL-0: CVE-2023-4921: kernel: use-after-free in net/sched: sch_qfq component</issue> <issue id="1215299" tracker="bnc">VUL-0: CVE-2020-36766: kernel-source,kernel-source-azure,kernel-source-rt: kernel memory leak in cec_adap_g_log_addrs()</issue> <issue id="2023-4389" tracker="cve" /> <issue id="2023-42753" tracker="cve" /> <issue id="2023-1206" tracker="cve" /> <issue id="2023-4921" tracker="cve" /> <issue id="2023-23454" tracker="cve" /> <issue id="2023-4622" tracker="cve" /> <issue id="2023-4623" tracker="cve" /> <issue id="2020-36766" tracker="cve" /> <issue id="2023-1859" tracker="cve" /> <issue id="2023-2177" tracker="cve" /> <issue id="2023-4881" tracker="cve" /> <issue id="2023-40283" tracker="cve" /> <issue id="2023-1192" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jdelvare</packager> <reboot_needed/> <description> The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-4881: Fixed an out-of-bounds write flaw in the netfilter subsystem that could lead to information disclosure or denial of service (bsc#1215221). - CVE-2023-40283: Fixed a use-after-free issue in the Bluetooth subsystem (bsc#1214233). - CVE-2023-1192: Fixed a use-after-free in the CIFS subsystem (bsc#1208995). The following non-security bugs were fixed: - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). - mkspec: Allow unsupported KMPs (bsc#1214386) - rpm/mkspec-dtb: support for nested subdirs. - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor