SUSE-SU-2024:0666-1

Import Source

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2024:0666-1

Related

Published

2024-02-28T18:03:43Z

Modified

2024-02-28T18:03:43Z

Summary

Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4)

Details

This update for the Linux Kernel 5.14.21-1504002463 fixes several issues.

The following security issues were fixed:

CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215300).
CVE-2023-39198: Fixed a race condition leading to a use-after-free in qxlmodedumb_create() (bsc#1217116).
CVE-2023-51780: Fixed a use-after-free in dovccioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218733).

References

Affected packages

Name: kgraft-patch-SLE12-SP5_Update_44
Purl: purl:rpm/suse/kgraft-patch-SLE12-SP5_Update_44&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8-2.1

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_162-default": "8-2.1"
        }
    ]
}

Name: kernel-livepatch-SLE15-SP2_Update_34
Purl: purl:rpm/suse/kernel-livepatch-SLE15-SP2_Update_34&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11-150200.2.1

{
    "binaries": [
        {
            "kernel-livepatch-5_3_18-150200_24_145-default": "11-150200.2.1"
        }
    ]
}

Name: kernel-livepatch-SLE15-SP4_Update_12
Purl: purl:rpm/suse/kernel-livepatch-SLE15-SP4_Update_12&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10-150400.2.1

{
    "binaries": [
        {
            "kernel-livepatch-5_14_21-150400_24_63-default": "10-150400.2.1"
        }
    ]
}