SUSE-SU-2023:2537-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2537-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:2537-1
- Related
- Published
- 2023-06-19T07:54:38Z
- Modified
- 2023-06-19T07:54:38Z
- Summary
- Security update for the Linux Kernel
- Details
-
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvbdeviceopen race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusbdec.c caused by the lack of a dvbfrontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvbcaen50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvbregisterdevice dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfqchangeclass() because lmax can exceed QFQMINLMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in afnetrom.c, related to the fact that accept() was also allowed for a successfully connected AFNETROM socket (bsc#1211186).
- CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmfgetassoc_ies(), that could lead to a denial of service (bsc#1209287).
- CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105).
- CVE-2023-2176: A vulnerability was found in comparenetdevand_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h (bsc#1206878).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20232537-1/
- https://bugzilla.suse.com/1204405
- https://bugzilla.suse.com/1205756
- https://bugzilla.suse.com/1205758
- https://bugzilla.suse.com/1205760
- https://bugzilla.suse.com/1205762
- https://bugzilla.suse.com/1205803
- https://bugzilla.suse.com/1206878
- https://bugzilla.suse.com/1209287
- https://bugzilla.suse.com/1210629
- https://bugzilla.suse.com/1210715
- https://bugzilla.suse.com/1210783
- https://bugzilla.suse.com/1210940
- https://bugzilla.suse.com/1211105
- https://bugzilla.suse.com/1211186
- https://bugzilla.suse.com/1211260
- https://bugzilla.suse.com/1211592
- https://www.suse.com/security/cve/CVE-2022-3566
- https://www.suse.com/security/cve/CVE-2022-45884
- https://www.suse.com/security/cve/CVE-2022-45885
- https://www.suse.com/security/cve/CVE-2022-45886
- https://www.suse.com/security/cve/CVE-2022-45887
- https://www.suse.com/security/cve/CVE-2022-45919
- https://www.suse.com/security/cve/CVE-2023-1380
- https://www.suse.com/security/cve/CVE-2023-2176
- https://www.suse.com/security/cve/CVE-2023-2194
- https://www.suse.com/security/cve/CVE-2023-2513
- https://www.suse.com/security/cve/CVE-2023-31084
- https://www.suse.com/security/cve/CVE-2023-31436
- https://www.suse.com/security/cve/CVE-2023-32269
Affected packages
SUSE:OpenStack Cloud 9 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:OpenStack Cloud 9 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:OpenStack Cloud 9 / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:OpenStack Cloud Crowbar 9 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:OpenStack Cloud Crowbar 9 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:OpenStack Cloud Crowbar 9 / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise High Availability Extension 12 SP4 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4
SUSE:Linux Enterprise Live Patching 12 SP4 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
SUSE:Linux Enterprise Live Patching 12 SP4 / kgraft-patch-SLE12-SP4_Update_36
Package
- Name
- kgraft-patch-SLE12-SP4_Update_36
- Purl
- purl:rpm/suse/kgraft-patch-SLE12-SP4_Update_36&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-ESPOS / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-ESPOS / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-ESPOS / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-default
Package
- Name
- kernel-default
- Purl
- purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default-man": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-source
Package
- Name
- kernel-source
- Purl
- purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default-man": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}
SUSE:Linux Enterprise Server 12 SP4-LTSS / kernel-syms
Package
- Name
- kernel-syms
- Purl
- purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.12.14-95.128.1
Ecosystem specific
{
"binaries": [
{
"kernel-macros": "4.12.14-95.128.1",
"kernel-devel": "4.12.14-95.128.1",
"kernel-default-base": "4.12.14-95.128.1",
"kernel-default-man": "4.12.14-95.128.1",
"kernel-default": "4.12.14-95.128.1",
"kernel-source": "4.12.14-95.128.1",
"kernel-syms": "4.12.14-95.128.1",
"kernel-default-devel": "4.12.14-95.128.1"
}
]
}