SUSE-SU-2023:0420-1 -- SLES kernelID: oval:org.secpod.oval:def:89048275 | Date: (C)2023-03-01 (M)2024-05-22 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect . - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component . - CVE-2022-3643: Fixed reset/abort/crash via netback from VM guest . - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c"s l2cap_parse_conf_req which can be used to leak kernel pointers remotely . - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c"s l2cap_connect and l2cap_le_connect_req which may have allowed code execution and leaking kernel memory remotely via Bluetooth . - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system . - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem . - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler . - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion . The following non-security bugs were fixed: - HID: betop: check shape of output reports . - HID: betop: fix slab-out-of-bounds Write in betop_probe . - HID: check empty report_list in hid_validate_values . - sctp: fail if no bound addresses can be used for a given scope . Special Instructions and Notes: Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 12 SP2 |