The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
CVE-2023-39192: Fixed a flaw in the u32matchit function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
CVE-2023-42754: Fixed a null pointer dereference in ipv4linkfailure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
CVE-2023-1192: Fixed use-after-free in cifsdemultiplexthread() (bsc#1208995).
The following non-security bugs were fixed:
9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).