SUSE-SU-2023:2506-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2506-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:2506-1
- Related
- Published
- 2023-06-14T07:24:44Z
- Modified
- 2023-06-14T07:24:44Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 11 SP4 LTSS EXTREME CORE kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2162: Fixed an use-after-free flaw in iscsiswtcpsessioncreate (bsc#1210647).
- CVE-2023-32269: Fixed a use-after-free in afnetrom.c, related to the fact that accept() was also allowed for a successfully connected AFNETROM socket (bsc#1211186).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488).
- CVE-2023-1118: Fixed a use-after-free bugs caused by enetxirqsim() in media/rc (bsc#1208837).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atmtcenqueue in net/sched/schatm.c because of type confusion (non-negative numbers can sometimes indicate a TCACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2022-3567: Fixed a to race condition in inet6streamops()/inet6dgramops() (bsc#1204414).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- do not fallthrough in cbqclassify and stop on TCACT_SHOT
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20232506-1/
- https://bugzilla.suse.com/1108488
- https://bugzilla.suse.com/1204414
- https://bugzilla.suse.com/1207036
- https://bugzilla.suse.com/1207051
- https://bugzilla.suse.com/1207125
- https://bugzilla.suse.com/1207795
- https://bugzilla.suse.com/1208837
- https://bugzilla.suse.com/1209008
- https://bugzilla.suse.com/1209256
- https://bugzilla.suse.com/1209291
- https://bugzilla.suse.com/1209532
- https://bugzilla.suse.com/1209871
- https://bugzilla.suse.com/1210336
- https://bugzilla.suse.com/1210647
- https://bugzilla.suse.com/1211186
- https://www.suse.com/security/cve/CVE-2017-5753
- https://www.suse.com/security/cve/CVE-2018-9517
- https://www.suse.com/security/cve/CVE-2022-3567
- https://www.suse.com/security/cve/CVE-2023-0590
- https://www.suse.com/security/cve/CVE-2023-1118
- https://www.suse.com/security/cve/CVE-2023-1513
- https://www.suse.com/security/cve/CVE-2023-1670
- https://www.suse.com/security/cve/CVE-2023-1989
- https://www.suse.com/security/cve/CVE-2023-2162
- https://www.suse.com/security/cve/CVE-2023-23454
- https://www.suse.com/security/cve/CVE-2023-23455
- https://www.suse.com/security/cve/CVE-2023-23559
- https://www.suse.com/security/cve/CVE-2023-28328
- https://www.suse.com/security/cve/CVE-2023-32269
Affected packages
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.141.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.141.1",
"kernel-ec2": "3.0.101-108.141.1",
"kernel-default": "3.0.101-108.141.1",
"kernel-source": "3.0.101-108.141.1",
"kernel-syms": "3.0.101-108.141.1",
"kernel-trace": "3.0.101-108.141.1",
"kernel-trace-devel": "3.0.101-108.141.1",
"kernel-ec2-devel": "3.0.101-108.141.1",
"kernel-ec2-base": "3.0.101-108.141.1",
"kernel-xen-devel": "3.0.101-108.141.1",
"kernel-xen-base": "3.0.101-108.141.1",
"kernel-trace-base": "3.0.101-108.141.1",
"kernel-xen": "3.0.101-108.141.1",
"kernel-default-devel": "3.0.101-108.141.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-ec2
Package
- Name
- kernel-ec2
- Purl
- purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.141.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.141.1",
"kernel-ec2": "3.0.101-108.141.1",
"kernel-default": "3.0.101-108.141.1",
"kernel-source": "3.0.101-108.141.1",
"kernel-syms": "3.0.101-108.141.1",
"kernel-trace": "3.0.101-108.141.1",
"kernel-trace-devel": "3.0.101-108.141.1",
"kernel-ec2-devel": "3.0.101-108.141.1",
"kernel-ec2-base": "3.0.101-108.141.1",
"kernel-xen-devel": "3.0.101-108.141.1",
"kernel-xen-base": "3.0.101-108.141.1",
"kernel-trace-base": "3.0.101-108.141.1",
"kernel-xen": "3.0.101-108.141.1",
"kernel-default-devel": "3.0.101-108.141.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.141.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.141.1",
"kernel-ec2": "3.0.101-108.141.1",
"kernel-default": "3.0.101-108.141.1",
"kernel-source": "3.0.101-108.141.1",
"kernel-syms": "3.0.101-108.141.1",
"kernel-trace": "3.0.101-108.141.1",
"kernel-trace-devel": "3.0.101-108.141.1",
"kernel-ec2-devel": "3.0.101-108.141.1",
"kernel-ec2-base": "3.0.101-108.141.1",
"kernel-xen-devel": "3.0.101-108.141.1",
"kernel-xen-base": "3.0.101-108.141.1",
"kernel-trace-base": "3.0.101-108.141.1",
"kernel-xen": "3.0.101-108.141.1",
"kernel-default-devel": "3.0.101-108.141.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.141.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.141.1",
"kernel-ec2": "3.0.101-108.141.1",
"kernel-default": "3.0.101-108.141.1",
"kernel-source": "3.0.101-108.141.1",
"kernel-syms": "3.0.101-108.141.1",
"kernel-trace": "3.0.101-108.141.1",
"kernel-trace-devel": "3.0.101-108.141.1",
"kernel-ec2-devel": "3.0.101-108.141.1",
"kernel-ec2-base": "3.0.101-108.141.1",
"kernel-xen-devel": "3.0.101-108.141.1",
"kernel-xen-base": "3.0.101-108.141.1",
"kernel-trace-base": "3.0.101-108.141.1",
"kernel-xen": "3.0.101-108.141.1",
"kernel-default-devel": "3.0.101-108.141.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-trace
Package
- Name
- kernel-trace
- Purl
- purl:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.141.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.141.1",
"kernel-ec2": "3.0.101-108.141.1",
"kernel-default": "3.0.101-108.141.1",
"kernel-source": "3.0.101-108.141.1",
"kernel-syms": "3.0.101-108.141.1",
"kernel-trace": "3.0.101-108.141.1",
"kernel-trace-devel": "3.0.101-108.141.1",
"kernel-ec2-devel": "3.0.101-108.141.1",
"kernel-ec2-base": "3.0.101-108.141.1",
"kernel-xen-devel": "3.0.101-108.141.1",
"kernel-xen-base": "3.0.101-108.141.1",
"kernel-trace-base": "3.0.101-108.141.1",
"kernel-xen": "3.0.101-108.141.1",
"kernel-default-devel": "3.0.101-108.141.1"
}
]
}
SUSE:Linux Enterprise Server 11 SP4 LTSS EXTREME CORE / kernel-xen
Package
- Name
- kernel-xen
- Purl
- purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.101-108.141.1
Ecosystem specific
{
"binaries": [
{
"kernel-default-base": "3.0.101-108.141.1",
"kernel-ec2": "3.0.101-108.141.1",
"kernel-default": "3.0.101-108.141.1",
"kernel-source": "3.0.101-108.141.1",
"kernel-syms": "3.0.101-108.141.1",
"kernel-trace": "3.0.101-108.141.1",
"kernel-trace-devel": "3.0.101-108.141.1",
"kernel-ec2-devel": "3.0.101-108.141.1",
"kernel-ec2-base": "3.0.101-108.141.1",
"kernel-xen-devel": "3.0.101-108.141.1",
"kernel-xen-base": "3.0.101-108.141.1",
"kernel-trace-base": "3.0.101-108.141.1",
"kernel-xen": "3.0.101-108.141.1",
"kernel-default-devel": "3.0.101-108.141.1"
}
]
}