SUSE-SU-2023:2537-1 -- SLES kernelID: oval:org.secpod.oval:def:89048960 | Date: (C)2023-07-18 (M)2024-04-25 |
Class: PATCH | Family: unix |
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-3566: Fixed race condition in the TCP Handler . * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free . * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected . * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call . * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event . * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops . * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c . * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class because lmax can exceed QFQ_MIN_LMAX . * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver . * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept was also allowed for a successfully connected AF_NETROM socket . * CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies, that could lead to a denial of service . * CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes . * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege . The following non-security bugs were fixed: * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h . * ipv6: sr: fix out-of-bounds read when setting HMAC data . ## Special Instructions and Notes: * Please reboot the system after installing this update.
Platform: |
SUSE Linux Enterprise Server 12 SP4 |