SUSE-SU-2023:4733-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234733-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4733-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4733-1
Related
Published
2023-12-12T14:15:30Z
Modified
2023-12-12T14:15:30Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-39197: Fixed a out-of-bounds read in nfconntrackdccp_packet() (bsc#1216976).
  • CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
  • CVE-2023-45863: Fixed a out-of-bounds write in fillkobjpath() (bsc#1216058).
  • CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
  • CVE-2023-39198: Fixed a race condition leading to use-after-free in qxlmodedumb_create() (bsc#1216965).
  • CVE-2023-31083: Fixed race condition in hciuarttty_ioctl (bsc#1210780).
  • CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).

The following non-security bugs were fixed:

  • ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
  • Call flushdelayedfput() from nfsd main-loop (bsc#1217408).
  • net: mana: Configure hwc timeout from hardware (bsc#1214037).
  • net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
  • powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
References

Affected packages

SUSE:Linux Enterprise Micro 5.1 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.152.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.152.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt": "5.3.18-150300.152.1"
        }
    ]
}