Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4)
Details
This update for the Linux Kernel 5.14.21-1504002455 fixes several issues.
The following security issues were fixed:
CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets in flsetgeneveopt in net/sched/cls_flower.c (bsc#1212509).
CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987).
CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).