SUSE-SU-2023:0420-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0420-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:0420-1
- Related
- Published
- 2023-02-15T11:01:11Z
- Modified
- 2023-02-15T11:01:11Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).
- CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest (bsc#1206113).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2capcore.c's l2capparseconfreq() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2capcore.c's l2capconnect() and l2capleconnect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bsc#1206664).
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atmtcenqueue in net/sched/schatm.c because of type confusion (non-negative numbers can sometimes indicate a TCACT_SHOT condition rather than valid classification results) (bsc#1207125).
The following non-security bugs were fixed:
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: check empty reportlist in hidvalidate_values() (git-fixes, bsc#1206784).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20230420-1/
- https://bugzilla.suse.com/1108488
- https://bugzilla.suse.com/1205705
- https://bugzilla.suse.com/1205709
- https://bugzilla.suse.com/1206073
- https://bugzilla.suse.com/1206113
- https://bugzilla.suse.com/1206664
- https://bugzilla.suse.com/1206677
- https://bugzilla.suse.com/1206784
- https://bugzilla.suse.com/1207036
- https://bugzilla.suse.com/1207125
- https://bugzilla.suse.com/1207186
- https://bugzilla.suse.com/1207237
- https://www.suse.com/security/cve/CVE-2018-9517
- https://www.suse.com/security/cve/CVE-2022-3564
- https://www.suse.com/security/cve/CVE-2022-3643
- https://www.suse.com/security/cve/CVE-2022-42895
- https://www.suse.com/security/cve/CVE-2022-42896
- https://www.suse.com/security/cve/CVE-2022-4662
- https://www.suse.com/security/cve/CVE-2022-47929
- https://www.suse.com/security/cve/CVE-2023-23454
- https://www.suse.com/security/cve/CVE-2023-23455
Affected packages
SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.121-92.199.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.4.121-92.199.1",
"kernel-devel": "4.4.121-92.199.1",
"kernel-default-base": "4.4.121-92.199.1",
"kernel-default": "4.4.121-92.199.1",
"kernel-source": "4.4.121-92.199.1",
"kernel-syms": "4.4.121-92.199.1",
"kernel-default-devel": "4.4.121-92.199.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.121-92.199.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.4.121-92.199.1",
"kernel-devel": "4.4.121-92.199.1",
"kernel-default-base": "4.4.121-92.199.1",
"kernel-default": "4.4.121-92.199.1",
"kernel-source": "4.4.121-92.199.1",
"kernel-syms": "4.4.121-92.199.1",
"kernel-default-devel": "4.4.121-92.199.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP2-BCL / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.4.121-92.199.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.4.121-92.199.1",
"kernel-devel": "4.4.121-92.199.1",
"kernel-default-base": "4.4.121-92.199.1",
"kernel-default": "4.4.121-92.199.1",
"kernel-source": "4.4.121-92.199.1",
"kernel-syms": "4.4.121-92.199.1",
"kernel-default-devel": "4.4.121-92.199.1"
}
]
}